Last updated: 02/03/2026
Privacy Policy
Last updated: 30 November 2025
Wisecoda Ltd (Company No. 15711637), trading as Check and Log ("we", "us", "our"), is the data controller and is committed to protecting your privacy.
This policy explains how we collect, use, store and protect your personal data when you use checkandlog.com and the Check and Log digital food-safety platform.
We are registered with the UK Information Commissioner’s Office (ICO) under reference ZB783002.
Wisecoda Ltd (Company No. 15711637), trading as Check and Log ("we", "us", "our"), is the data controller and is committed to protecting your privacy.
This policy explains how we collect, use, store and protect your personal data when you use checkandlog.com and the Check and Log digital food-safety platform.
We are registered with the UK Information Commissioner’s Office (ICO) under reference ZB783002.
1. Data Controller
Wisecoda Ltd
Email: info@checkandlog.com
Email: info@checkandlog.com
2. Types of Personal Data We Collect
We may collect the following categories of personal data:
- Account & Identity Data: Name, email address, phone number, password, job title.
- Business Data: Business name, address, FSA registration/rating number (optional), VAT number (optional).
- Food Safety & Compliance Records: Temperature logs, cleaning schedules, delivery records, opening/closing checklists, probe calibration records, photos, corrective actions, staff sickness/allergen records, notes and any files you upload.
- Financial Data: Billing name and email. Full payment card details are processed exclusively by Stripe – we never store them.
- Technical & Usage Data: IP address, browser type/version, operating system, device information, crash reports, anonymised analytics (Vercel Analytics & PostHog EU).
- Communication Data: Emails, support tickets, feedback and survey responses.
3. How We Collect Your Data
• Directly from you when you register, create records or contact us.
• Automatically via cookies and analytics when you use the Service.
• From Stripe (payment confirmation only).
• Automatically via cookies and analytics when you use the Service.
• From Stripe (payment confirmation only).
4. Legal Bases for Processing
We only process your data where we have a lawful basis (UK GDPR Article 6):
- Contract – to deliver the Check and Log service and store your compliance records.
- Legal obligation – food safety law requires certain records to be retained for inspection.
- Legitimate interests – fraud prevention, service improvement, analytics, sending important reminders and (opt-out) marketing to existing customers.
- Consent – optional newsletters, non-essential cookies and push notifications.
5. How We Use Your Data
We use your personal data to:
- Create and manage your account
- Provide and maintain the food-safety platform
- Store and display your compliance records
- Send critical alerts (e.g. overdue checks)
- Process payments and send invoices
- Provide customer support
- Improve the Service through anonymised analytics
- Detect and prevent fraud or abuse
- Comply with legal and regulatory requests
6. Data Retention
We keep personal data only as long as necessary:
Food safety & compliance records are retained for a minimum of 2 years after your last activity (UK FSA guideline), even if you cancel your subscription.
Other retention periods:
Food safety & compliance records are retained for a minimum of 2 years after your last activity (UK FSA guideline), even if you cancel your subscription.
Other retention periods:
- Account data – until deletion + 90 days
- Invoices & payment records – 7 years (HMRC requirement)
- Support correspondence – 3 years
- Anonymised analytics – max 14 months
7. Who We Share Your Data With
We use the following trusted processors (all under strict data-processing agreements):
• Supabase – database & storage (EU/UK region)
• Stripe – payments (PCI-DSS compliant)
• Vercel – hosting with EU traffic routing
• PostHog – anonymised product analytics (self-hosted in EU)
• Resend – transactional emails
• Cloudflare – security & CDN
We do not sell your data and we never share your food-safety records except when legally required.
• Supabase – database & storage (EU/UK region)
• Stripe – payments (PCI-DSS compliant)
• Vercel – hosting with EU traffic routing
• PostHog – anonymised product analytics (self-hosted in EU)
• Resend – transactional emails
• Cloudflare – security & CDN
We do not sell your data and we never share your food-safety records except when legally required.
8. International Data Transfers
Most data is stored in the UK or EU. Where transfers occur outside (e.g. Resend in the USA) we use the UK International Data Transfer Agreement (IDTA) or EU Standard Contractual Clauses with the UK Addendum, plus encryption and access controls.
9. Data Security
We protect your data with:
• Encryption in transit (TLS 1.3) and at rest (AES-256)
• Regular penetration testing
• Strict internal access controls
• Incident response plan and mandatory breach notification
• Regular penetration testing
• Strict internal access controls
• Incident response plan and mandatory breach notification
10. Your Rights
You have the right to:
• Access your data
• Rectify inaccurate data
• Request erasure (subject to legal retention rules)
• Restrict or object to processing
• Data portability
• Withdraw consent
• Lodge a complaint with the ICO
Contact us at info@checkandlog.com to exercise any right. We respond within one month.
• Access your data
• Rectify inaccurate data
• Request erasure (subject to legal retention rules)
• Restrict or object to processing
• Data portability
• Withdraw consent
• Lodge a complaint with the ICO
Contact us at info@checkandlog.com to exercise any right. We respond within one month.
11. Cookies & Tracking
We use only necessary and anonymised analytics cookies (Vercel Analytics & PostHog EU). You can manage preferences via the cookie banner at any time.
12. Push Notifications
We may send push notifications for critical compliance reminders. You can disable them in your device or browser settings.
13. Children
Our service is not directed at children under 18. We do not knowingly collect data from minors.
14. Changes to this Policy
We may update this policy. Significant changes will be communicated by email or in-app notice.