Legal
Privacy Policy
Last updated 2 June 2026
This policy explains what personal data frunt handles, why, who we share it with, how long we keep it, and the rights you have over it. It covers both the manager web dashboard and the staff mobile app — both run on the same backend.
Who we are
frunt is a service operated by MGKCodes Ltd (the “service”, “we”, “us”), a company registered in England and Wales (company number 17035502) with registered office at 96 High Street, Reigate, RH2 9AP.
We provide a preparation system for restaurant teams — onboarding, training, compliance documentation, operational briefs, scheduling, and a chat surface where staff can ask questions about their workplace's documents.
If you have questions, write to us at privacy@frunthospitality.com (or our postal address above).
Our role: who controls your data
The short version. For almost everything about your restaurant — your staff list, the documents you upload, training results, rotas, briefs — your employer (the restaurant) is the data controller. They decide what to collect and why. frunt is their data processor: we hold and process that data on their instructions, for their benefit.
We are the controller only for a narrow set of things we decide ourselves: your account credentials, billing data (for the account holder), and any support correspondence you send us.
This matters for your rights (below). Where your employer is the controller, the fastest route for access, correction, or deletion is usually through them — they can action most of it directly in the product. We help fulfil those requests on their behalf.
What personal data we handle
Data you give us directly:
| What | When | Our role |
|---|---|---|
| Email address | Account creation, invitation acceptance | Controller (auth) / Processor (tenant membership) |
| Password (hashed — we never see the plain text) | Account creation | Controller |
| Display name | Profile setup | Processor (on behalf of your employer) |
| Role within the restaurant (owner, manager, floor, kitchen, etc.) | Assigned by your employer on invitation | Processor |
| Documents you upload, briefs you post, messages you send, questions you ask | Whenever you use the product | Processor |
| Billing details (account holders only) | Paid-plan checkout | Controller (held by Stripe — see below) |
| Support tickets and correspondence | When you contact us | Controller |
Staff operational data your employer asks us to hold:
| What | Why |
|---|---|
| Pay rate and pay type | Payroll export and rota costing — visible to managers, never to other staff |
| Contracted / min / max hours, availability, leave and holiday dates | Building and publishing the rota |
| Shifts assigned to you | Showing you your schedule; shift-cover requests |
| Capabilities / stations (e.g. barista, floor) | Matching you to shifts |
| Training records — attestations, quiz attempts, course completions and expiry dates | Proving the team is trained on safety-critical documents (a legal duty of your employer) |
| Acknowledgements, replies and reactions on briefs | Confirming staff have seen operational updates |
| Ask questions and chat history | Answering your questions and helping managers see where the team needs clearer documentation |
Compliance evidence (special handling):
Your employer may store right-to-work evidence and certificates (food hygiene, allergen, personal/alcohol licence, first aid) against your record. These files are kept in a private, encrypted store, segregated per restaurant. They are never sent to any AI model and are never read by our chat or retrieval systems. A manager labels them by hand; we store them and track their expiry, nothing more.
Data we generate automatically:
- Activity timestamps (last sign-in, when you acknowledged a brief, when you completed a course) — for service operation and to help your employer manage the team.
- Mobile push-notification token — so the app can deliver alerts about briefs, shift changes, and training due. Stored against your device; stale tokens are removed automatically.
- IP address and basic device/request information — short-lived, for security and to operate the service.
- Session cookies — essential only, to keep you signed in.
- Product-analytics events in the signed-in dashboard (which pages and features you use, tied to your account id) — to understand what's useful and improve the product. Our public website uses only cookieless, aggregate visitor counts; neither includes your name or your message content.
What we do NOT do:
- We do not use advertising, marketing, or cross-site tracking cookies. Our public website sets no analytics cookies at all (visitor analytics there are cookieless); the signed-in dashboard stores a product-analytics identifier, disclosed above and covered by this policy.
- We do not sell your data, ever.
- We do not use your restaurant's content to train AI models. AI processing happens only to serve that same restaurant, within its own data.
- We do not collect your date of birth, national insurance number, or home address.
How we use AI, and what it never sees
frunt uses AI (large language models) as infrastructure, not as a place your data is exposed. Specifically:
- Document content you upload is sent to our AI providers to extract, structure, and classify it, to power the Ask surface, and to generate personalised training from your own menus and policies.
- Document text is sent to an embeddings provider to build the private search index used to answer questions.
- Operational briefs are deliberately kept out of the AI knowledge base — they are short-lived comms, not queryable knowledge.
- Staff personal data (names, pay, schedules) and compliance evidence (certificates, right-to-work) are never sent to any AI model.
AI helps managers prepare their team. Final decisions about training, employment, or compliance are always made by people — we do not make decisions about you that have legal or similarly significant effects based solely on automated processing.
Why we handle this data (lawful basis)
| Purpose | Lawful basis |
|---|---|
| Operating your account (auth, sign-in, password reset) | Contract (Art 6(1)(b)) — providing the service you signed up for |
| Storing documents and serving them to your team | Contract; legitimate interest (Art 6(1)(f)) of your employer in operational continuity |
| Recording attestations and training to compliance documents | Legal obligation of your employer (Art 6(1)(c)) — food safety, allergen, employment law |
| Essential service emails (security, invites, account changes) | Contract |
| Billing and tax records | Legal obligation (HMRC retention) |
| Security monitoring | Legitimate interest |
| Product analytics in the signed-in app (which features are used) | Legitimate interest (Art 6(1)(f)) — understanding usage to improve the service |
| Error monitoring and service-usage / AI-cost metering | Legitimate interest — reliability, security, and operating/budgeting the service |
We do not process personal data for marketing without your separate consent.
Who we share data with
We use the sub-processors below. Each is contractually bound to data-protection terms at least as protective as ours and only processes data on our instructions. We notify account-holding restaurants before adding or replacing a production sub-processor.
| Sub-processor | What they process | Where | Transfer |
|---|---|---|---|
| Supabase | Database, file storage, and authentication for all restaurant content and account records | EU region | UK adequacy |
| Vercel | Web hosting and edge compute (IPs and request metadata, transient); cookieless, aggregate website traffic analytics | Global edge | SCCs in DPA |
| Anthropic (Claude) | Document extraction, classification, chat answers, training generation | United States | UK IDTA / EU SCCs |
| OpenAI | Document text sent for vector embedding (search index) | United States | UK IDTA / EU SCCs |
| Inngest | Background-job metadata (IDs, status) — no document content | United States | UK IDTA / EU SCCs |
| Stripe | Payment and billing details (account holders only) | US / EU | Stripe SCCs |
| Resend | Outbound transactional emails (invites, password reset, account changes) | United States | Resend DPA / SCCs |
| Google (Firebase Cloud Messaging) | Mobile push delivery — device token plus a minimal notification payload | Google Cloud | Google SCCs |
| PostHog | Product analytics — which pages and features are used in the signed-in dashboard (tied to your account id, never names or message content); cookieless visitor counts on the public website | EU region | UK adequacy |
| Sentry | Error and performance diagnostics (stack traces, request metadata) to keep the service reliable | EU region (Frankfurt) | SCCs in DPA |
We do not share your personal data with any other third party, except when required by law, to protect rights or safety, or in connection with a corporate transaction (we would notify affected restaurants beforehand).
International transfers
Some sub-processors (Anthropic, OpenAI, Inngest, Stripe, Resend, Google) are based in or route through the United States. Those transfers rely on the UK International Data Transfer Agreement (IDTA) and EU Standard Contractual Clauses, with data encrypted in transit and at rest.
How long we keep your data
| Category | Retention |
|---|---|
| Active account data | While your account with a restaurant is active |
| Document content and version history | While the restaurant remains a customer; removed after offboarding |
| Attestation, training, and audit records | Retained for the compliance period set by your employer (a manager record proving who was trained on what), then pseudonymised — your identity is replaced with a one-way hash while the event survives |
| Right-to-work evidence | Retained for the legal window after employment ends, then deleted |
| Billing and tax records | As required by HMRC |
| Security and request logs | Short-lived |
| Backups | Rolling window — deleted data may persist briefly in backups |
When you leave a restaurant, your access is revoked immediately. Your records are archived, not deleted — they remain in that restaurant's compliance history per the schedule above, until full erasure is requested.
Your rights
You have the following rights under UK GDPR. Because your employer is usually the controller of your work data, the quickest route is often to ask them — they can action most requests directly in the product. You can also contact us and we will help fulfil the request.
| Right | How to exercise |
|---|---|
| Access — a copy of your personal data | Ask your employer, or email us |
| Rectification — correct inaccurate data | Update your profile, ask your employer, or email us |
| Erasure (right to be forgotten) | Request via your employer or us. Some records may be retained in pseudonymised form where there is a legal obligation |
| Restriction of processing | Email us |
| Portability — your data in a machine-readable format | Email us or ask your employer |
| Objection to legitimate-interest processing | Email us, naming the processing |
| Complaint to the ICO | ico.org.uk — though we'd appreciate the chance to fix it first |
We respond to verified requests within one calendar month (extendable by two months for complex requests, and we'll tell you). There is no fee unless a request is manifestly unfounded or excessive.
How we keep your data secure
- All data in transit is encrypted (TLS 1.2+).
- All data at rest is encrypted at the database and storage layers.
- Each restaurant's data is isolated by row-level security on every table, so one restaurant can never see another's.
- Compliance evidence and staff PII sit in a private store that AI systems never read.
- Access to production systems is restricted and logged.
If a personal-data breach occurs, we will notify affected restaurants without undue delay and within 72 hours where Article 33 requires it.
Children
frunt is a workplace service for adults. We do not knowingly collect data from anyone under 16. If you believe a child has provided us data, contact us.
Changes to this policy
We update this policy when our practices change; the “last updated” date above shows when. Material changes are notified to account-holding restaurants by email and in the product.
Contact
Privacy questions: privacy@frunthospitality.com. You can also contact the UK Information Commissioner's Office at ico.org.uk or 0303 123 1113.
See also our Terms & Conditions.