Legal Identity

Privacy
Policy.

Your privacy is important to us. This Privacy Policy explains how Digitsflow LTD ("we", "our", "us") collects, uses and protects your data when you use Freshmate.

Revision: February 2026

1. Who We Are

Digitsflow LTD is the data controller for personal information processed through Freshmate. We are a private limited company registered in England & Wales (Company No. 16330711) with our registered office at 3rd Floor, 86‑90 Paul Street, London, EC2A 4NE, United Kingdom.

2. Information We Collect

We collect and process the following categories of personal data:

  • Account Information: name, email address, telephone number, country, currency preference, password (encrypted).
  • Inventory Data: food items, expiration dates, quantities, locations, categories, waste records, shopping lists.
  • Organization Data: organization names, team member details, roles, multi-location information.
  • Payment & Billing: processed securely by Stripe; we store subscription status, plan details, billing history. Full card details are never stored by us.
  • Communication Data: email correspondence, support messages, contact form submissions, feedback, notification preferences.
  • Usage & Analytics: IP address, device type, browser information, pages visited, features used, session recordings (via Microsoft Clarity), heatmaps, click patterns.
  • Marketing Data: newsletter subscriptions, marketing preferences, campaign engagement.

3. How We Use Your Data

We process your personal data only where we have a lawful basis under UK GDPR:

Contract Performance

Account creation and authentication • Service delivery • Inventory management • Expiration notifications (email, SMS, app) • Multi-location support • Team collaboration • Payment processing • Subscription management • Customer support.

Legitimate Interests

Service improvement and optimization • Fraud prevention and security • Analytics and aggregated usage statistics • Debugging and error tracking • Product development • Business operations.

Legal Obligation

Accounting and tax compliance • Regulatory requirements • Stripe payment records • PCI-DSS compliance • Data breach notifications • Law enforcement requests.

Consent

Marketing emails and newsletters • Non-essential cookies (analytics, advertising) • Microsoft Clarity session recordings • Optional SMS notifications. You may withdraw consent at any time.

4. SMS Notifications

If you opt-in to SMS notifications, we will send text messages to your provided phone number to alert you about expiring inventory items. Message and data rates may apply. You can opt-out at any time by updating your notification preferences or replying STOP to any message. SMS data is processed by our third-party SMS provider in compliance with UK GDPR.

5. Third‑Party Processors

We work with trusted third-party processors who help us deliver Freshmate. All processors are bound by GDPR-compliant data processing agreements:

Stripe

Payment processing, subscription billing, fraud prevention. PCI-DSS Level 1 certified.

Cloud Hosting

AWS, DigitalOcean, Hetzner for secure data storage and infrastructure.

Google Analytics 4

Website analytics with IP anonymization enabled. Consent-based tracking.

Microsoft Clarity

Session recordings, heatmaps, behavioral analytics (consent required).

Cloudflare

DDoS protection, CDN, security, SSL/TLS encryption.

Email Service

Transactional emails, notifications, password resets, welcome messages.

Microsoft Clarity & Advertising

We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies. For more information, visit Microsoft's Privacy Statement.

We may also disclose data when required by law, to protect our legal rights, prevent fraud, or in connection with business transfers (e.g., merger, acquisition). We do not sell, rent, or trade your personal data to third parties for their marketing purposes.

6. International Data Transfers

Some of our third-party processors (e.g., Stripe, Google, Microsoft) may transfer your data outside the UK and EEA. We ensure such transfers comply with UK GDPR through adequacy decisions, Standard Contractual Clauses (SCCs), or equivalent safeguards. Your data is protected to the same standard regardless of where it is processed.

7. Data Retention

We retain your personal data only as long as necessary:

Account Data: Retained while your account is active, plus 30 days after deletion for recovery purposes.

Billing Records: Retained for 7 years to comply with UK tax and accounting requirements.

Analytics Data: Aggregated and anonymized after 26 months (Google Analytics 4 default).

Marketing Data: Deleted within 30 days of unsubscription, except where required by law.

8. Security Measures

We implement industry-standard security measures to protect your data:

Encryption: TLS 1.2+ for data in transit, AES-256 for data at rest

Authentication: Bcrypt password hashing, email verification

Infrastructure: Regular security updates, firewall protection, DDoS mitigation

Access Control: Role-based permissions, audit logs, limited employee access

In the event of a data breach affecting your rights and freedoms, we will notify you and the ICO within 72 hours as required by UK GDPR.

9. Your Data Protection Rights

Under UK GDPR, you have the following rights:

01
Right of AccessRequest a copy of your personal data we hold.
02
Right to RectificationCorrect inaccurate or incomplete data.
03
Right to ErasureRequest deletion of your data (subject to legal obligations).
04
Right to ObjectObject to processing based on legitimate interests or for direct marketing.
05
Right to RestrictionRestrict processing in certain circumstances.
06
Right to Data PortabilityReceive your data in a structured, machine-readable format.
07
Right to Withdraw ConsentWithdraw consent for marketing or non-essential processing at any time.

To exercise any of these rights, email our privacy team at privacy@digitsflow.co.uk. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

10. Children's Privacy

Freshmate is not intended for children under 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately at privacy@digitsflow.co.uk.

11. Automated Decision-Making

We use automated processes to send expiration notifications and generate shopping lists based on your inventory data. These processes do not involve profiling or decisions that produce legal effects. Payment fraud detection by Stripe may use automated risk assessment, subject to Stripe's privacy policy.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via email or prominent notice on our website. Continued use of Freshmate after changes constitutes acceptance of the updated policy. Last updated: February 2026.

Contact Our
Privacy Team.

Questions, requests, or concerns about your personal data? Reach out to us:

privacy@digitsflow.co.uk

Digitsflow LTD – Freshmate Product
3rd Floor, 86‑90 Paul Street, London EC2A 4NE
United Kingdom

Company No. 16330711
ICO Registration: (pending if applicable)

© 2025 Digitsflow LTD.