Legal & Trust

Privacy Policy

This page is structured for a multi-tenant SaaS product and is intended as a polished working draft. Replace each placeholder with your legal, operational, and technical details before publishing.

Overview UK Business SaaS

1. Overview

SUMS ("we", "our", "us") is a restaurant and operations management platform designed for multi-site hospitality businesses.

We operate as a sole trader based in the United Kingdom and provide software services to business customers.

We are committed to protecting personal data and handling it securely and transparently. This Privacy Policy explains how we collect, use, and protect data when you use our platform, website, and related services.

2. Scope & Roles

SUMS primarily acts as a data processor.

  • Our customers, meaning the businesses using SUMS, act as the data controllers and determine what data is collected and how it is used within their organisation.
  • We act as a data controller only for limited purposes such as account management, platform access, support, and website interactions.

3. Data We Collect

We may process the following categories of data:

Account Data

Name, email address, role, and login credentials.

Operational Data

Sales data, transactions, inventory, menu items, and financial metrics.

Workforce Data

Staff names, roles, schedules, pay rates, and related workforce information, as configured by the customer.

Uploaded Content

Invoices, delivery notes, documents, images, and other files uploaded to the platform.

System & Usage Data

User actions, audit logs, timestamps, and system activity.

Technical Data

IP address, browser type, device information, and session data.

Important: Sensitive workforce data is encrypted at rest and is not accessible in plain form, including by SUMS.

4. How We Use Data

We use data to:

  • Provide and operate the SUMS platform.
  • Enable reporting, analytics, and forecasting.
  • Support operational workflows including inventory, workforce, and finance.
  • Maintain audit trails and system integrity.
  • Provide customer support.
  • Improve platform performance and features.
  • Ensure platform security and prevent misuse.

6. Data Sharing

We do not sell personal data.

Data may be processed by trusted third-party providers, including:

  • Cloud hosting infrastructure, currently Render in the EU region.
  • File storage, including Amazon S3.
  • AI processing services, such as OpenAI and Anthropic Claude.
  • POS and other third-party integrations, as configured by the customer.
  • Monitoring and logging services, where applicable.
Note: All third parties are required to meet appropriate security and data protection standards.

7. Data Retention

We retain data only for as long as necessary to provide the service and meet contractual obligations.

Customers have control over their data and may request:

  • Data export.
  • Data deletion.
  • Full tenant-level data removal.

Upon request, we can perform a complete tenant data wipe, subject to any legal or operational retention requirements.

8. Security

We implement appropriate technical and organisational measures, including:

  • Encryption of sensitive data at rest.
  • Secure data transmission over HTTPS.
  • Role-based access controls.
  • Audit logging and activity tracking.
  • Infrastructure-level security via managed hosting providers.
Important: Certain sensitive data is encrypted in a way that prevents direct access, including by SUMS.

9. International Data Transfers

Data is primarily hosted within the European region.

Where third-party providers process data outside the UK or EEA, appropriate safeguards, including contractual protections where required, are in place.

10. Your Rights

Depending on location and the role in which data is processed, individuals may have rights relating to access, correction, deletion, restriction, portability, objection, and complaint.

  • Access personal data.
  • Correct inaccurate data.
  • Request deletion.
  • Restrict or object to processing.
  • Request data portability.

Requests should generally be directed to the organisation using SUMS, as that organisation is usually the data controller.

We will assist our customers in fulfilling these requests where required.

11. Cookies & Tracking

We may use cookies and similar technologies for:

  • Authentication and session management.
  • Performance monitoring.
  • Improving user experience.

A separate Cookie Policy may be provided where required.

12. Contact

For privacy-related queries, contact us using the details below.

Email

support@my-sums.com

Business

Saif Patel, Sole Trader

Location: United Kingdom