Tastipi ("we", "us", or "our") operates a multi-channel personalised restaurant deals service delivered via chat apps including WhatsApp, Telegram, SMS, and others. This Privacy Policy explains how we collect, use, disclose, and protect information about you when you interact with Tastipi via any supported chat channel or visit tastipi.com.
By messaging Tastipi on any supported chat channel or using our website, you agree to the practices described in this policy. If you do not agree, please discontinue use of our service.
Short version: We collect only what's necessary to deliver your personalised deals. We never sell your data. You can delete everything by messaging us anytime.
This policy applies to all users in the United Kingdom and complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Where users access the service from the European Economic Area (EEA), we also comply with EU GDPR Regulation (EU) 2016/679.
We collect information in two ways: directly from you through your WhatsApp interactions, and automatically when you visit our website.
| Category |
Examples |
Source |
Required? |
| Identity |
Display name |
Chat platform API |
Yes |
| Contact |
Phone number |
Chat platform |
Yes |
| Preferences |
Cuisine types, dietary needs, budget range |
You (chat messages) |
Yes — for personalisation |
| Location |
City or postcode area (not precise GPS) |
You (chat messages) |
Yes — to show nearby deals |
| Usage |
Messages sent, deals viewed, deals claimed, timestamps |
Automatically |
Yes — for service improvement |
| Technical |
Browser type, OS, IP address (website only) |
Automatically (website) |
No — anonymised analytics only |
We do not collect: passwords, payment details, precise GPS coordinates, biometric data, or any sensitive special-category data as defined by UK GDPR Article 9.
We process your personal data on the following lawful bases under UK GDPR Article 6:
- Performance of a contract (Art. 6(1)(b)): To deliver personalised restaurant deals to you via your chosen chat channel — the core service you requested.
- Legitimate interests (Art. 6(1)(f)): To improve our AI matching algorithms, detect and prevent fraud, ensure platform security, and conduct anonymised analytics.
- Consent (Art. 6(1)(a)): To send you marketing messages about new features or promotions. You may withdraw consent at any time by replying "STOP" in the chat.
- Legal obligation (Art. 6(1)(c)): Where required by applicable law, regulation, or court order.
Specifically, we use your data to:
- Match your stated preferences against live restaurant deals using AI
- Send you relevant deal notifications at your chosen frequency
- Allow you to claim deals and notify partner restaurants
- Improve the quality and relevance of deals over time
- Resolve disputes and investigate misuse
- Comply with legal obligations and enforce our terms
You are always in control. Message "STOP" to pause all deals. Message "DELETE ME" to permanently erase your account and all associated data.
Tastipi delivers deals through multiple chat channels, including WhatsApp, Telegram, SMS, and others. When you message us through any of these platforms, your messages are processed by both Tastipi and the respective platform provider under their own terms and privacy policies.
Each messaging platform has its own privacy policy and data practices. We encourage you to review the privacy policy of your chosen platform. Tastipi is an independent data controller for the data we hold and is not affiliated with, endorsed by, or a subsidiary of any messaging platform provider.
Opt-out: You can stop all communication from Tastipi at any time by sending STOP in the chat. We will cease all outbound messages immediately. You can restart by sending HI.
All messages received by Tastipi are stored on our secure servers for the purpose of delivering the service. We receive only the content you send to us and basic identifiers (your phone number and display name) — we do not have access to your other conversations, contacts, or profile data on the messaging platform.
Tastipi complies with the usage policies of all supported messaging platforms, including prohibitions on sending unsolicited messages and requirements to honour opt-outs promptly.
We do not sell, rent, or trade your personal data. We may share limited data in the following circumstances only:
| Recipient |
What is shared |
Why |
Safeguard |
| Partner Restaurants |
Anonymised "deal claimed" confirmation only |
To honour your claimed deal at the venue |
No personal contact details shared |
| Cloud Infrastructure |
Encrypted data stored on our servers |
Hosting & data processing |
UK/EEA servers, DPA in place |
| Messaging platform providers |
Message content (in transit) |
Required to deliver messages via your chosen chat platform |
Subject to each platform's own privacy policy |
| Legal Authorities |
Data as required by law |
Legal obligation or court order |
Only when legally compelled |
| Analytics Providers |
Anonymised, aggregated usage data only |
Service improvement |
No personally identifiable data |
In the event of a merger, acquisition, or sale of all or part of our assets, your data may be transferred to the successor entity. We will notify you via WhatsApp before any such transfer and your rights under this policy will be maintained.
We retain your personal data for no longer than necessary to fulfil the purposes described in this policy:
| Data Type |
Retention Period |
Reason |
| Account & preference data |
Duration of active account + 90 days |
Service delivery |
| Chat message history |
12 months rolling |
Personalisation & dispute resolution |
| Deal claimed records |
24 months |
Fraud prevention & analytics |
| Website logs (IP, browser) |
90 days |
Security monitoring |
| Anonymised analytics |
Indefinitely (no personal data) |
Service improvement |
| Legal/compliance records |
7 years |
Statutory requirement |
Upon account deletion (triggered by messaging "DELETE ME"), all personally identifiable data is permanently erased within 30 days, except where retention is legally required.
We implement industry-standard technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or destruction:
- All data is transmitted over encrypted connections (TLS 1.2+); individual platform encryption applies per platform
- Data at rest is encrypted using AES-256 encryption on our cloud servers
- Access to personal data is restricted to authorised personnel on a need-to-know basis
- All staff with data access are subject to confidentiality obligations
- We conduct regular security reviews and penetration testing
- Our servers are hosted in ISO 27001-certified data centres in the UK/EEA
Data breach notification: In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the UK Information Commissioner's Office (ICO) within 72 hours and affected users without undue delay, as required by UK GDPR Article 33–34.
No method of data transmission over the internet is 100% secure. While we use commercially reasonable means to protect your data, we cannot guarantee absolute security. If you discover a security vulnerability, please contact us at security@tastipi.com before public disclosure.
Under UK GDPR, you have the following rights with respect to your personal data. You may exercise any of these rights at any time by contacting us at privacy@tastipi.com or by messaging "RIGHTS" on any supported chat channel:
👁
Right to Access
✏️
Right to Rectification
🗑
Right to Erasure
⏸
Right to Restrict Processing
📦
Right to Portability
🚫
Right to Object
We will respond to all rights requests within 30 days. In complex cases, we may extend this to 90 days; we will inform you if this extension is needed.
You also have the right to lodge a complaint with the UK's supervisory authority:
Information Commissioner's Office (ICO)
Website: ico.org.uk | Phone: 0303 123 1113 | Address: Wycliffe House, Water Lane, Wilmslow, SK9 5AF
Our website (tastipi.com) uses minimal cookies. The chat service itself does not use website cookies — only each platform's own mechanisms apply there.
| Cookie Type |
Purpose |
Duration |
Can be disabled? |
| Strictly Necessary |
Ensure basic website functionality |
Session |
No (essential) |
| Performance |
Anonymised page view analytics |
12 months |
Yes |
| Preference |
Remember your cookie consent choice |
12 months |
No (required to honour opt-out) |
We do not use advertising cookies, social media tracking pixels, or third-party behavioural tracking on our website. You may manage cookie preferences through your browser settings. Disabling performance cookies will not affect your ability to use our service.
Our service is not directed at children under 13. We do not knowingly collect personal data from anyone under 13 years of age.
Users must meet the minimum age requirement of their chosen messaging platform (typically 13+). In regions where higher age requirements apply (e.g., 16 in certain EEA countries), we defer to those local requirements.
If you are a parent or guardian and believe your child has provided us with personal data without your consent, please contact us immediately at privacy@tastipi.com. We will take prompt steps to delete any such data.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will:
- Update the "Last updated" date at the top of this policy
- For material changes: notify active users via a chat message at least 14 days before changes take effect
- For minor changes: update the policy on this page without individual notice
Your continued use of Tastipi after the effective date of any changes constitutes your acceptance of the updated policy. If you do not agree with the changes, you may stop using the service and request data deletion at any time.
Previous versions of this policy are available on request. Email privacy@tastipi.com to request a prior version.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out via any of the following channels:
We aim to resolve all privacy-related queries promptly and to your satisfaction. If we are unable to resolve your concern, you retain the right to escalate to the ICO at any time.