CompliChef by Nicholas Richards (“CompliChef”, “we”, “us”) provides tools for food-safety compliance and restaurant operations. We act as a data controller for account, billing and referral data, and as a processor for some restaurant records where we host data on your behalf.
1. Who we are & contact
Controller: Nicholas Richards t/a CompliChef (United Kingdom)
Operational records: HACCP logs, temperatures, cleaning, deliveries, audits, incidents, training progress, attachments you upload.
Subscription & billing: plan, invoices, payment references (e.g. PayPal subscription ID). We do not store full card numbers on our servers.
Referral/partner attribution: referral codes, referrer user ID, IP address, user-agent, landing URL, timestamps, and first-party cookies (e.g. cc_ref_code, cc_partner_code) to attribute sign-ups, prevent fraud/self-referrals and administer rewards.
Legal obligation (Art. 6(1)(c)): tax/accounting records for invoices and payments.
Consent (Art. 6(1)(a)): optional cookies/metrics and marketing. You can withdraw consent anytime.
4. How we use it
Operate your account and maintain audit-ready records for inspections.
Issue invoices, manage subscriptions, and process payments.
Run the Referral & Partner Programmes (track clicks & sign-ups, award free-time/commissions, detect abuse).
Provide support, notify you about tasks/expiries, and improve the service.
Protect the platform and enforce our Terms.
5. Cookies & similar tech
We use strictly-necessary cookies (login/session, referral attribution) and optional analytics cookies. On first visit we present a banner to accept or manage non-essential cookies. Key cookies:
PHPSESSID — session (strictly necessary)
cc_ref_code, cc_partner_code — first-party referral attribution (strictly necessary for programme administration and fraud prevention)
Analytics cookie(s) from analytics.localwebscoder.co.uk (optional)
6. Data sharing & processors
We use vetted providers (hosting, email, analytics, payment) under Data Processing Agreements:
UK/EU cloud hosting & backups
Email delivery (transactional support and notifications)
Payments (e.g. PayPal/Stripe) — we receive tokens/IDs, not full card numbers
Bug/error monitoring and security logging
We do not sell data or allow third-party advertising trackers.
7. International transfers
Where data leaves the UK/EEA, we use appropriate safeguards (UK IDTA/EU SCCs, adequacy decisions, or equivalent measures).
8. Security
Encryption in transit, role-based access, least-privilege.
Passwords are one-way hashed; 2FA available.
Audit and security logs retained for a limited period.
9. Retention
Account & restaurant data: for the life of the account.
Invoices & billing records: 6–7 years (legal requirement).
Referral logs (IP/user-agent): typically 90 days for click attribution, then minimised/aggregated; sign-up attribution records retained as part of your account history.
Support tickets & security logs: typically 12–24 months unless required longer for disputes/abuse prevention.
10. Your rights
You can request access/portability, rectification, erasure, restriction, or object to processing (including legitimate-interest processing such as referral IP logging). To exercise your rights, email privacy@complichef.co.uk. You can withdraw analytics/marketing consent at any time via cookie preferences or unsubscribe links.
11. Children
Our services are business-focused and not directed to children under 16.
12. Changes
We may update this policy. We will post the new version and adjust the “Effective” date above. Material changes may be notified in-app or by email.