rec'd Limited ("rec'd," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our mobile application, website (recd.co), and any related services, tools, or features (collectively, the "Service").

By creating an account, logging in, or otherwise accessing or using the Service, you acknowledge that you have read, understood, and consent to the data practices described in this Privacy Policy. If you do not agree with this Privacy Policy, you must not access or use the Service.

rec'd Limited is a private company limited by shares registered in England and Wales with company number 16691456 and registered office at 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ. We are the data controller for the purposes of the UK General Data Protection Regulation ("UK GDPR"), the Data Protection Act 2018 ("DPA 2018"), and the Data (Use and Access) Act 2025 ("DUAA"), as applicable.

For data protection inquiries, please contact our Data Protection Officer at: data@recd.co

We collect several categories of information to provide, maintain, improve, and develop the Service. The categories and types of information we collect may evolve as we introduce new features, services, and integrations.

Account Information

When you create an account, we may collect:

Profile and Preference Information

You may choose to provide additional information, including:

User-Generated Content

Content you create, post, share, or store through the Service, including:

Social and Network Data

Information about your connections and interactions on the Service:

Communications

When you contact us or communicate through the Service:

When you access or use the Service, we may automatically collect certain information, including:

Device and Technical Information

Usage and Behavioural Information

Location Information

We use geolocation data to provide core functionality of the Service, including verifying venue visits, delivering location-based recommendations, and powering proximity-based discovery features. You may control location permissions through your device settings, although disabling location services may limit certain features of the Service.

We may collect information about you from third-party sources, including:

Social Media and Connected Platforms

When you choose to connect third-party accounts or import data from external platforms (such as Google Maps, Instagram, or other services), we may receive:

Publicly Available Information

We may collect publicly available content from social media platforms, websites, and other online sources, including content posted by food creators, influencers, and other public figures relating to venues, restaurants, and hospitality businesses.

Third-Party Services and Partners

We may receive information from:

Other Users

Other users of the Service may provide information about you, for example by tagging you in content, sharing recommendations with you, or connecting with you on the Service.

We may generate new information about you by analysing the data we collect, including:

We use the information we collect for a range of purposes, including but not limited to the following. As we develop new features and services, additional uses may arise, and we will update this Privacy Policy accordingly.

Under the UK GDPR, we process your personal data on the following legal bases:

Where you have given us clear, informed consent to process your personal data for specific purposes, such as:

You may withdraw consent at any time by contacting us at data@recd.co or through the relevant settings in the Service. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.

Processing that is necessary for the performance of our contract with you (the Terms of Service), including:

Processing that is necessary for our legitimate interests or those of a third party, provided those interests are not overridden by your rights and freedoms. Our legitimate interests include:

In accordance with the Data (Use and Access) Act 2025, certain processing activities are recognised as legitimate interests that do not require a balancing test, including processing necessary for the prevention or detection of crime and the safeguarding of individuals.

Processing that is necessary for compliance with a legal obligation to which we are subject, such as responding to lawful requests from public authorities or retaining records as required by law.

We may share your information in the following circumstances:

Information you share through the Service, such as your profile, recommendations, reviews, and lists, may be visible to other users in accordance with your privacy settings and the nature of the feature. Social features are inherent to the Service, and certain information (such as your display name, profile photo, and public activity) is visible to other users by default.

We may share relevant information with creators and venues featured on the Service, including:

We engage third-party service providers to perform functions on our behalf, including:

These providers process your data only on our instructions and in accordance with data processing agreements that require appropriate security measures.

We may share aggregated, anonymised, de-identified, or pseudonymised data and insights with business partners, commercial clients, and other third parties for purposes including:

We will not share individually identifiable personal data with commercial partners without your consent, except as otherwise described in this Privacy Policy.

We may disclose your information where we believe in good faith that disclosure is necessary to:

In the event of a merger, acquisition, reorganisation, sale of assets, bankruptcy, or similar transaction, your personal data may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your personal data.

We may share your information with other parties where you have given your explicit consent to do so.

Cookies are small text files placed on your device when you visit a website or use an application. We also use similar technologies such as pixels, web beacons, local storage, and software development kits (SDKs).

We use the following categories of cookies and similar technologies:

Strictly Necessary Cookies: These are essential for the operation of the Service. They enable core functionality such as authentication, security, and session management. These cookies do not require your consent.

Analytics and Performance Cookies: These help us understand how the Service is used, measure performance, and identify areas for improvement. In accordance with the Data (Use and Access) Act 2025, these first-party analytics cookies may be deployed without prior opt-in consent, provided that we give you clear information about their use and an easy way to opt out.

Functional Cookies: These enable enhanced functionality and personalisation, such as remembering your preferences and settings. Under the DUAA, certain functional cookies that adapt the Service to your device or preferences may be deployed without prior opt-in consent, subject to clear information and an opt-out mechanism.

Advertising and Marketing Cookies: These are used to deliver relevant advertising and measure the effectiveness of marketing campaigns. These cookies require your prior consent before being placed on your device.

You can manage your cookie preferences at any time through:

Please note that disabling certain cookies may affect the functionality of the Service.

Some cookies may be placed by third-party services integrated into the Service, such as analytics providers, advertising networks, and social media platforms. These third parties have their own privacy policies governing the use of cookies they set.

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, unless a longer retention period is required or permitted by law. The specific retention period depends on the nature of the data and the purpose of processing.

Account data: Retained for the duration of your account and for a reasonable period thereafter to comply with legal obligations, resolve disputes, and enforce our agreements.

Usage and behavioural data: Retained in identifiable form for a period appropriate to the purposes of analytics, improvement, and personalisation, after which it may be anonymised or aggregated for longer-term retention.

Communications and support data: Retained for a reasonable period to resolve issues and improve our services.

Anonymised and aggregated data: May be retained indefinitely, as it does not constitute personal data.

We periodically review our retention practices and delete or anonymise personal data that is no longer necessary for the purposes described in this Privacy Policy.

rec'd is based in the United Kingdom. Your personal data may be transferred to, stored, or processed in countries outside the United Kingdom and the European Economic Area ("EEA"), including countries that may not provide the same level of data protection.

Where we transfer personal data internationally, we ensure that appropriate safeguards are in place, including:

The European Commission renewed the UK's adequacy decision in December 2025, extending it until December 2031, facilitating data flows between the UK and EEA.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage. These measures include, but are not limited to:

While we take reasonable steps to protect your personal data, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee absolute security.

The Service is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you are under 13, you must not use the Service or provide any personal data to us.

If you are between the ages of 13 and 15 (inclusive), you may only use the Service with the consent of a parent or legal guardian. By permitting a child aged 13 to 15 to use the Service, the parent or guardian agrees to this Privacy Policy on the child's behalf and accepts responsibility for the child's use of the Service.

Users aged 16 and over may use the Service and consent to the processing of their personal data independently.

In accordance with the ICO's Age Appropriate Design Code (the "Children's Code") and the Data (Use and Access) Act 2025, where the Service is likely to be accessed by users under 18, we take steps to ensure that:

If we become aware that we have collected personal data from a child under 13 without appropriate consent, we will take steps to delete that information as soon as practicable. If you believe we have inadvertently collected data from a child under 13, please contact us at data@recd.co.

Under the UK GDPR, DPA 2018, and the Data (Use and Access) Act 2025, you have the following rights in relation to your personal data:

Right of Access: You have the right to request a copy of the personal data we hold about you. We will respond to your request within one month, subject to any lawful extensions. In accordance with the DUAA, we will conduct a reasonable and proportionate search to locate your data.

Right to Rectification: You have the right to request correction of inaccurate personal data or completion of incomplete personal data.

Right to Erasure ("Right to Be Forgotten"): You have the right to request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.

Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances.

Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

Right to Object: You have the right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes.

Rights Relating to Automated Decision-Making: Where we make decisions based solely on automated processing (including profiling) that produce legal or similarly significant effects on you, you have the right to obtain human intervention, express your point of view, and contest the decision. In accordance with the DUAA, we ensure transparency and provide accessible mechanisms to challenge such decisions.

Right to Withdraw Consent: Where processing is based on your consent, you may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

Right to Complain: In accordance with the DUAA, we maintain a formal complaints mechanism for data protection concerns. You may submit a complaint to us at data@recd.co or through the electronic complaints form available in the Service. We will acknowledge your complaint within 30 days and take appropriate steps to investigate and respond.

You also have the right to lodge a complaint with:

To exercise any of your rights, please contact us at data@recd.co. We may need to verify your identity before processing your request.

The Service uses proprietary algorithms and automated systems to provide personalised recommendations, curate content, and enhance your experience. These systems may analyse your preferences, behaviour, social connections, and other data to deliver relevant suggestions.

This processing does not produce decisions with legal or similarly significant effects on you. You have the right to request information about the logic involved in our automated processing and, where applicable, to request human review of decisions made through automated means.

The Service may contain links to third-party websites, applications, or services that are not operated or controlled by us. This Privacy Policy does not apply to third-party services, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you access through the Service.

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. If we make material changes, we will notify you through the Service, by email, or by other appropriate means. Your continued use of the Service after notification of changes constitutes your acceptance of the updated Privacy Policy. If you do not agree with the changes, you should stop using the Service.

We encourage you to review this Privacy Policy periodically for the latest information on our privacy practices.

This Privacy Policy is governed by and construed in accordance with the laws of England and Wales. Any disputes arising out of or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the courts of England and Wales.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Data Protection Officer: data@recd.co

General Enquiries: hello@recd.co

Postal Address: rec'd Limited 71-75 Shelton Street Covent Garden London, WC2H 9JQ United Kingdom

By using the Service, you acknowledge that you have read, understood, and consent to this Privacy Policy.