Last updated: 8 July 2026
Yum is currently a demo build. This policy is a realistic starting point, not a substitute for legal advice — have it reviewed by a lawyer familiar with the Data Protection (Jersey) Law 2018 before handling any real customer data.
Yum (“we”, “us”) operates a food ordering platform connecting customers in Jersey with local restaurants. This policy explains what personal data we collect, why, and what rights you have over it.
We use your data only to:
We do not sell your personal data, and we do not use it for third-party advertising.
We share the minimum necessary information with: the restaurant fulfilling your order (name, order contents, delivery address, contact details), our payment processor (Stripe), and our hosting/database providers, all solely to operate the service. We do not sell or rent your data to anyone else.
We keep order records for as long as your account is active, and for a reasonable period afterwards to meet accounting and tax obligations. You can request deletion of your account at any time (see Section 6) — order records tied to a restaurant’s own accounting requirements may be retained by them separately.
Under Jersey and UK data protection law, you have the right to:
To exercise any of these rights, contact us at privacy@yum.je.
We use essential cookies to keep you logged in and remember your cart and theme preference — see our Cookies Policy for full details.
Passwords are hashed (never stored or logged in plain text), session cookies are encrypted and httpOnly, and access to restaurant and admin data is scoped so no one can see data outside their own account.
If we make material changes to this policy, we’ll update the “last updated” date above and, where appropriate, notify you directly.
Questions about this policy or your data? Email privacy@yum.je.