Aftertaste Reward Club

Privacy Notice

Last updated: 19 May 2026

1. Who We Are

Aftertaste Reward Club is a trading name of Hottest Deal Digital Marketing and Consulting Limited ("we", "us", or "our"). We are the data controller for personal data collected through the aftertaste.club platform.

Contact: info@aftertaste.club

2. Data We Collect

2.1 Information You Provide

•       Account information: name, email address, password

•       Dining receipts: restaurant name, date, itemised order, total amount paid

•       Reviews: written comments, star ratings, food photographs

•       Contact details provided voluntarily for restaurant follow-up (low-rating consent)

•       Payment information processed via Stripe (we do not store card details)

2.2 Information Collected Automatically

•       Usage data: pages visited, features used, timestamps

•       Device and browser information

•       Authentication tokens and session data

3. How We Use Your Data

We use your personal data for the following purposes:

•       To operate and manage your account and membership

•       To verify cashback claims and receipt uploads, and process rewards

•       To publish verified reviews on restaurant profile pages

•       To send transactional communications (claim approvals, reward notifications)

•       To detect and prevent fraud

•       To comply with our legal obligations

We will only send you marketing communications where you have provided explicit consent, which you may withdraw at any time.

4. Legal Basis for Processing

We process your personal data on the following legal bases under UK GDPR:

•       Contract performance: to deliver the membership and reward services you have subscribed to

•       Legitimate interests: fraud detection, platform security, and improving our services

•       Legal obligation: compliance with applicable UK law

•       Consent: where you have explicitly opted in (e.g. marketing emails, restaurant contact consent)

5. Data Storage and Security

Your data is stored on Google Firebase (Firestore and Cloud Storage), hosted in Google Cloud's European region (europe-west2, London). Google Cloud is ISO 27001 certified and complies with UK GDPR requirements.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. Access to personal data is restricted to authorised personnel on a need-to-know basis.

6. Data Sharing

We do not sell your personal data. We may share your data with:

•       Google Firebase / Google Cloud: infrastructure and storage provider

•       Stripe: payment processing (subject to Stripe's own privacy policy)

•       Participating restaurants: only where you have explicitly consented (e.g. low-rating follow-up contact)

•       Law enforcement or regulatory authorities: where required by law

All third-party processors are required to handle your data in compliance with UK GDPR.

7. Data Retention

We retain your personal data for as long as your account is active or as necessary to fulfil the purposes described in this policy. Upon account deletion, we will delete or anonymise your personal data within 30 days, except where retention is required by law (e.g. financial records, which may be retained for up to 7 years).

Receipt data may be retained for fraud prevention and audit purposes for up to 2 years following the relevant transaction.

8. Your Rights

Under UK GDPR, you have the following rights:

•       Right of access: to obtain a copy of the personal data we hold about you

•       Right to rectification: to correct inaccurate or incomplete data

•       Right to erasure: to request deletion of your personal data in certain circumstances

•       Right to restriction: to restrict processing of your data in certain circumstances

•       Right to data portability: to receive your data in a structured, machine-readable format

•       Right to object: to object to processing based on legitimate interests

•       Right to withdraw consent: at any time, where processing is based on consent

To exercise any of these rights, please contact us at info@aftertaste.club. We will respond within one calendar month. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

9. Cookies

Our platform uses cookies and similar technologies to maintain your session and provide core functionality. By using the platform, you consent to the use of these essential cookies. We do not use cookies for advertising or third-party tracking purposes.

10. Children

Our platform is not intended for persons under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by displaying a notice on the platform. Continued use of the platform following notification constitutes acceptance of the updated policy.

12. Contact and Complaints

For any privacy-related queries or to exercise your rights, contact us at: info@aftertaste.club

If you are not satisfied with our response, you may escalate your complaint to the Information Commissioner's Office (ICO): www.ico.org.uk | 0303 123 1113

Registered in England Company Number 14488400. Hottest Deal Digital Marketing and Consulting Limited. 86-90 Paul Street, London, England, EC2A 4NE. Trading as Aftertaste Reward Club. © 2026. All rights reserved