Privacy Policy

Effective: 27 April 2026· Livora Limited, registered in England & Wales, 20 Wenlock Road, London N1 7GU.

This Privacy Policy explains how Livora Limited (“Livora”, “we”, “us”) collects, uses, shares, and protects personal data when you use our websites, mobile experiences, and services — including the Cook4Me chef marketplace (collectively, the “Services”).

We are the data controller for the personal data we collect about you. If you have questions, contact us at contactus@livoralimited.com.

1. Data we collect

We collect the following categories of personal data:

  • Account data — name, email, phone, password (hashed), role (customer/chef/admin).
  • Profile data (chefs) — bio, service area, cuisines, photos, identity and food-safety documents (passport / right-to-work, food hygiene certificate, public liability insurance, council registration, DBS where relevant).
  • Booking data — event date, address, guest count, menu choices, dietary notes.
  • Payment data — handled by Stripe; we store only the last four digits of the card and Stripe customer/payment-intent identifiers.
  • Communication data — in-app chat messages between customers and chefs; complaint and dispute submissions.
  • Technical data — IP address, browser type, device identifiers, pages visited, referral source.

2. How we use your data

We process personal data to:

  • Provide the Services — match customers with chefs, take payments, hold funds in escrow, release payouts.
  • Verify chef compliance — review identity documents, food-safety certificates, and insurance.
  • Enable in-platform communication and moderate it for safety (we apply automated and human review to detect off-platform contact attempts, harassment, and policy violations).
  • Send transactional emails — booking confirmations, payout receipts, refund updates, password resets.
  • Detect fraud and enforce our Terms of Service.
  • Meet legal and tax obligations (e.g. VAT, accounting, anti-money-laundering).
  • Improve the Services through aggregated, anonymised analytics.

3. Lawful bases (UK GDPR)

  • Contract — to provide the Services you have signed up for.
  • Legal obligation — tax records, AML checks, response to lawful requests.
  • Legitimate interests — fraud prevention, platform safety, and service improvement (we balance these against your rights).
  • Consent — for any marketing emails (you can withdraw consent at any time).

4. Sharing your data

We share data only with:

  • Service providers — Stripe (payments), Resend (email), Cloudinary (file storage), Supabase & Vercel (hosting and database), Anthropic (AI moderation and analytics on aggregated data).
  • Other users on the platform — your name, photo, public profile, ratings, and reviews are visible to other users when relevant (e.g. a customer sees the chef they have booked).
  • Legal authorities — when required by law or to protect rights, property, or safety.

We do not sell your personal data.

5. International transfers

Some of our service providers process data outside the UK/EEA (notably the United States). Where we transfer personal data internationally, we rely on the UK International Data Transfer Agreement, EU Standard Contractual Clauses, or an adequacy decision.

6. How long we keep your data

  • Account data — for as long as your account is active, plus 12 months after closure.
  • Booking and payment records — 7 years (UK tax/accounting requirement).
  • Compliance documents (chefs) — 6 years after a chef leaves the platform.
  • Chat messages — 24 months from the date of the conversation.
  • Audit logs — 6 years (financial-record retention).

7. Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion (“right to be forgotten”), subject to our legal retention obligations.
  • Restrict or object to processing.
  • Receive your data in a portable format.
  • Withdraw consent for any consent-based processing at any time.
  • Lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

To exercise these rights, email us at contactus@livoralimited.com. We respond within one calendar month.

8. Cookies and tracking

We use a minimal set of strictly-necessary cookies for authentication and session management. We do not currently use third-party advertising or tracking cookies. If this changes, we will update this policy and request consent where required.

9. Children

The Services are not intended for users under 18. We do not knowingly collect data from children. If you believe a child has registered, contact us and we will remove the account.

10. Changes to this policy

We may update this policy. Material changes will be notified by email and posted at the top of this page. Continued use of the Services after changes take effect means you accept the updated policy.

Privacy PolicyTerms of ServiceRefund & Cancellation PolicyContact us