Vol. III · Issue 7 Friday, 29 May 2026
ORDR

A point-of-sale, in print and on the floor

Privacy Policy.

Effective 29 May 2026 Current version

Draft — provisional, pending review. This notice is a working draft. It sets out how ORDR approaches personal data, but the specifics are still being finalised and it is not yet a binding statement. For any data-protection question in the meantime, email help@ordr.menu.

Who we are

ORDR is operated by Soho Technologies Ltd (the “Company”, “we”, “us”), a company registered in England and Wales. We are registered with the Information Commissioner’s Office (ICO) under registration number A8697902.

This notice explains what personal data we handle when you use ORDR — the cloud ePOS platform at ordr.menu — and what we do with it.

Controller and processor

ORDR is used by hospitality venues to take orders and payments from their own customers. Under the UK GDPR there are two distinct relationships:

  • For data about a venue and its staff (the account holder), ORDR is the data controller.
  • For data about a venue’s own diners, the venue is the data controller and ORDR acts as the data processor on the venue’s behalf — we process that data only to provide the service.

Information we collect

  • Account and staff information — names, email addresses, and the details needed to set up and run a venue’s account.
  • Order and payment information — items ordered, bill totals, and the payment records needed to take and reconcile payments. Card details are handled by our payment provider and are not stored by us.
  • Diner information — where a diner provides it (for example a phone number for an SMS payment link, or a marketing opt-in), processed on behalf of the venue.
  • Technical information — logs, device and usage data generated as you use the platform, used to keep the service secure and reliable.

How we use it

We use personal data to provide and operate ORDR: to run venue accounts, take and reconcile orders and payments, send transactional messages such as payment links and receipts, provide support, and keep the platform secure. We rely on the lawful bases of contract, legitimate interests, and — where required, such as marketing — consent.

Who we share it with

We use trusted third parties to operate ORDR. They process personal data only to provide their part of the service, and include: Stripe (payments), Twilio (SMS), Amazon Web Services (hosting and email), SendGrid (email delivery), Google (translation and maps), and Sentry and New Relic (error monitoring and performance). We do not sell personal data.

How long we keep it

We do not retain personal information for longer than necessary. We keep data for as long as an account is active and as required to provide the service, and retain financial and payment records for as long as the law requires (for example for tax purposes). When data is no longer needed it is deleted.

Your rights

Under data-protection law you have rights over your personal data, including the rights to access it, to have it corrected or erased, and to object to or restrict certain processing. If ORDR processes data about you as a diner of a venue, that venue is the controller — we will pass your request to them or help them respond.

Contact us

For any privacy or data-protection enquiry, or to exercise your rights, email help@ordr.menu.

← Current version All documents →