Legal
Privacy Policy
StockChef ("we", "us", "our") is operated by StockChef, registered in Malta. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights under the General Data Protection Regulation (GDPR) and applicable Maltese law.
If you have any questions, contact us at [email protected].
1. What data we collect
Account data
- Name and email address when you register
- Password (stored securely — we never store your plain-text password)
- Role and permission assignments within your organisation
Business data
- Inventory items, stock levels and transaction history
- Supplier names, contact emails and phone numbers
- Purchase orders, delivery records and supplier invoices
- Menu items and recipe configurations
Usage data
- IP address and browser/device type when you access the service
- Pages visited and features used
Documents
- Invoice images uploaded for AI scanning are processed and stored on our servers
- If you enable Google Drive Cloud Backup, copies are sent to your connected Google Drive account
2. Legal basis for processing (GDPR Art. 6)
| Processing activity | Legal basis |
|---|---|
| Providing the StockChef service | Performance of a contract (Art. 6(1)(b)) |
| Sending transactional emails (password reset, alerts) | Performance of a contract (Art. 6(1)(b)) |
| Security logging and fraud prevention | Legitimate interests (Art. 6(1)(f)) |
| Compliance with legal obligations | Legal obligation (Art. 6(1)(c)) |
3. How we use your data
- To create and manage your account
- To provide inventory management, ordering and reporting features
- To send operational emails (alerts, password resets, supplier messages)
- To process AI invoice scanning via our document processing service
- To detect and prevent abuse or unauthorised access
We do not sell your data to third parties. We do not use your data for advertising.
4. Data retention
- Account data — retained for the lifetime of your account, then deleted within 30 days of account closure
- Business data — retained for the lifetime of your subscription; contact us to request export or deletion
5. Third-party processors
We use the following sub-processors, all operating under GDPR-compliant terms:
| Processor | Purpose | Location |
|---|---|---|
| Cloud infrastructure provider (EU) | Hosting, database, file storage | EU |
| Email delivery provider | Transactional emails | EU |
6. Your rights under GDPR
As a data subject you have the following rights. To exercise any of them, email [email protected]. We will respond within 30 days.
- Right of access — request a copy of the personal data we hold about you
- Right to rectification — correct inaccurate or incomplete data
- Right to erasure ("right to be forgotten") — request deletion of your personal data
- Right to restriction — ask us to limit processing of your data
- Right to object — object to processing based on legitimate interests
- Right not to be subject to automated decision-making — we do not make automated decisions with legal or significant effects
You also have the right to lodge a complaint with the Information and Data Protection Commissioner (IDPC), Malta's supervisory authority: idpc.org.mt.
7. Data security
- All data in transit is encrypted via HTTPS/TLS
- Passwords are securely hashed — we never store plain-text passwords
- Authentication tokens are short-lived and rotated on every use
- All data is hosted within the EU
8. Children's data
StockChef is a business-to-business service. We do not knowingly collect data from anyone under the age of 16. If you believe a minor has created an account, contact us and we will delete it immediately.
9. Changes to this policy
We may update this policy from time to time. When we do, we will update the "last updated" date above and notify active users by email for material changes.
10. Contact
For any privacy-related queries: [email protected]