Privacy policy

1. Data controller

The controller of your personal data is the legal entity operating Igloo Plate at the domains we publish (including iglooplate.co.uk). Your privacy notice should identify that entity by its registered legal name, company number (if applicable), and postal address.

2. What we collect

We may process:

• Account data: name, email address, auth identifiers, profile details you provide, and security-related logs.
• Billing data: if you subscribe or pay, payment-related identifiers and transaction metadata processed by our payment provider (we do not store full card numbers on our servers).
• Service and project data: content you upload or generate (for example restaurant details, menus, images, configuration, chat messages, code, and previews) and metadata needed to run projects, builds, and integrations you enable.
• Technical data: IP address, device and browser type, approximate location derived from IP, cookies or similar technologies, diagnostics, and performance metrics.
• Support communications: what you send us by email or in-product channels.

3. How and why we use data (legal bases)

Under UK GDPR we rely on:

• Contract — to provide the Service, authenticate you, manage your workspace, process payments you request, and give support.
• Legitimate interests — to secure the Service, prevent abuse, improve features, analyse aggregated usage, communicate service updates, and defend legal claims, where balanced against your rights.
• Consent — where required (for example certain cookies or marketing); you may withdraw consent without affecting processing that rests on other bases.
• Legal obligation — where we must retain or disclose information to comply with law.

4. Automated processing and AI

Parts of the Service use automated systems, including large language models and other AI tools, to assist with generation and editing. Inputs you provide may be sent to model providers under their terms. Outputs are produced automatically and may be inaccurate; you should review before publication. We do not use your content to train third-party models unless we tell you otherwise in product settings or a separate agreement.

5. Sharing and subprocessors

We use trusted service providers to host infrastructure, databases, authentication, analytics, email, payments, source control, mobile build and distribution pipelines, and AI inference. They process data on our instructions and under appropriate safeguards. We may also share information if required by law, to enforce our terms, or to protect rights and safety.

6. International transfers

Your data may be processed in the United Kingdom, the European Economic Area, the United States, or other countries where providers operate. Where data leaves the UK/EEA, we use approved mechanisms (such as the UK IDTA / Addendum or EU Standard Contractual Clauses as applicable) unless an adequacy decision applies.

7. Retention

We keep personal data only as long as needed for the purposes above, including legal, accounting, and dispute resolution. Account data is retained while your account is active and for a reasonable period afterwards. Project and chat content may be retained according to backup and product policies unless you delete it where deletion is supported.

8. Your rights

Depending on your situation, you may have rights to access, rectify, erase, restrict, or object to certain processing, and to data portability where applicable. You may lodge a complaint with the UK Information Commissioner’s Office (ICO) or your local supervisory authority. To exercise rights, contact us using the details on our website.

9. Cookies

We use cookies and similar technologies for session security, preferences, and analytics. Where consent is required, we will obtain it through a banner or settings consistent with the Privacy and Electronic Communications Regulations (PECR).

10. Children

The Service is not directed at children under 16 (or the digital age of consent in your country). We do not knowingly collect personal data from children.

11. Changes

We may update this policy from time to time. We will post the new version and update the version identifier. Material changes may be communicated by email or in-product notice.

12. Contact

For privacy questions or requests, contact us through the support or privacy contact details published on our website.