← Back to home

Privacy Policy

Last updated: 18 December 2025

This Privacy Policy explains how Rabbit Food (the “Platform”) collects, uses, shares, and protects personal data when you use our customer-facing website, place an order with a Restaurant, or otherwise interact with the Platform.

1. Who is responsible for your data?

The Platform is operated by Rabbit Foods trading as Rabbit Food (“we”, “us”, “our”). We are the data controller for personal data we collect and use for operating the Platform.

Address: 7 Church Lane, Felixstowe, IP11 9DJ, United Kingdom

Restaurants you order from will typically be separate data controllers for personal data they process to prepare and fulfil your order (for example, your name, order items, and delivery/collection details). They will have their own privacy practices.

Contact: support@tryrabbit.food

2. The personal data we collect

Depending on how you use the Platform, we may collect:

  • Contact details (such as name, email address, phone number).
  • Order details (such as items ordered, special instructions, delivery/collection choice, delivery address).
  • Payment information: payments are handled by Stripe. We receive limited payment-related information (such as payment status, last 4 digits, and transaction identifiers) but not full card details.
  • Location data you provide (such as addresses you type). We may use map and geocoding services to help validate/format addresses.
  • Device and usage data (such as IP address, device identifiers, browser type, pages viewed, and diagnostic logs).
  • Communications (messages you send to us or to Restaurants via the Platform, and customer support interactions).

We do not intentionally collect special category data (such as health data). However, allergen/dietary information may be included in your order notes. Please only share what is necessary.

3. How we use your data

We use personal data to:

  • Provide the Platform, including browsing Restaurants and placing orders.
  • Send order confirmations and service messages.
  • Share your order with the relevant Restaurant to prepare and fulfil it.
  • Process payments and prevent fraud and abuse.
  • Provide customer support and handle complaints.
  • Maintain security, troubleshoot, and improve the Platform.
  • Comply with legal obligations and respond to lawful requests.

4. Legal bases (UK GDPR)

Under the UK GDPR and Data Protection Act 2018, we rely on the following legal bases when processing your personal data:

  • Contract (to provide the Platform and process your order-related actions).
  • Legitimate interests (to operate, secure, and improve the Platform, prevent fraud, and support customers), balanced against your rights.
  • Legal obligation (for example, accounting, tax, and responding to lawful requests).
  • Consent (where required, such as certain marketing messages and non-essential cookies/similar technologies).

5. Who we share data with

We may share personal data with:

  • Restaurants you order from (to prepare and fulfil your order and to handle issues with your order).
  • Payment processor: Stripe (to process payments and help prevent fraud).
  • Infrastructure providers (for example, hosting and database providers such as Supabase, and email delivery providers where used for order messages).
  • Map providers (for example, Mapbox) to support address search/geocoding and map display.
  • Professional advisers (lawyers, accountants, insurers) and authorities where required by law.

We do not sell your personal data. If we ever use advertising or additional analytics tools, we will update this policy and, where required, request consent.

6. International transfers

Some of our service providers (such as Stripe and Mapbox) may process personal data outside the UK. Where we transfer personal data internationally, we use appropriate safeguards required by UK data protection law (such as adequacy regulations or standard contractual clauses with the UK addendum).

7. Data retention

We keep personal data only as long as necessary for the purposes described in this policy, including to provide the Platform, maintain records, resolve disputes, enforce agreements, and comply with legal obligations (for example, tax and accounting requirements).

8. Your rights

Subject to conditions and exemptions under UK GDPR, you may have rights to request: access, rectification, erasure, restriction, portability, and to object to certain processing (including direct marketing). You may also withdraw consent where we rely on consent.

To exercise your rights, contact support@tryrabbit.food.

You also have the right to complain to the Information Commissioner’s Office (ICO). See ico.org.uk.

9. Security

We use reasonable technical and organisational measures designed to protect personal data. However, no system is completely secure, and you use the Platform at your own risk.

10. Cookies and similar technologies

We use cookies and similar technologies (including local storage and service worker caching) for essential Platform functionality and, where enabled, to improve performance. See our Cookie Policy for details.

11. Children

The Platform is not intended for children under 13. If you believe a child has provided us with personal data, please contact us so we can take appropriate steps.

12. Changes to this policy

We may update this Privacy Policy from time to time. The updated version will be posted on this page with a revised “Last updated” date.