Privacy Policy

Last updated: 20 April 2026

1. Who we are

TableFox is a trading name of Hospitality Online Ltd, a company registered in England and Wales (Company No. 17049167).

Registered office: Suite 18 Peel House, 30 The Downs, Altrincham, England, WA14 2PX
Privacy contact: privacy@tablefox.co.uk
General contact: hello@tablefox.co.uk

2. Who this policy applies to

TableFox processes personal data in two distinct capacities, and your rights work slightly differently depending on which group you belong to:

• Restaurant clients and their staff — businesses that subscribe to TableFox, and the individual users (owners, managers, front-of-house staff) who log into the platform. For this data, Hospitality Online Ltd is the data controller.
• Diners booking a table — guests who make a reservation through a TableFox-powered booking widget, AI phone agent, or a booking entered by restaurant staff. For this data, the restaurant is the data controller and TableFox is the data processor acting on the restaurant's instructions. Diners with questions about their booking data should contact the restaurant directly in the first instance; we will help facilitate where required.
• Website visitors — anyone visiting tablefox.co.uk, including people who fill in our demo, contact, or quote forms. We are the controller for this data.

3. What data we collect

3.1 Restaurant clients and staff

• Account and contact information needed to set up and use the platform
• Business information about the venue (such as branding, operational settings, and menus)
• Billing information needed to manage your subscription. Card payments are handled by Stripe and we do not store full card numbers.
• Usage data generated as you interact with the platform, including activity logs and security records
• Any communications you send us (for example, support requests or feedback)

3.2 Diners (processed on behalf of restaurants)

• Reservation and contact information needed to manage your booking with the restaurant
• Optional information you choose to share with the restaurant, which may include dietary requirements, allergies, accessibility needs, special occasions, and other preferences
• Booking history and any notes the restaurant adds to your record
• Payment information where the restaurant requires a card hold or deposit (handled by Stripe)
• Information from any phone call handled by our AI phone agent on the restaurant's behalf, which is passed to the restaurant

3.3 Website visitors

• Information you submit through our website forms (for example, when requesting a demo, quote, or general enquiry)
• Limited technical data such as IP address, browser type, device, and pages viewed. This data is anonymised where possible by our analytics provider and is not used to identify individuals.
• Cookies and similar technologies (see Section 9)

4. Lawful basis for processing

Under UK GDPR we rely on the following lawful bases:

• Contract — to provide and administer the TableFox service to restaurant clients, and to fulfil bookings for diners
• Legitimate interests — to keep the platform secure, prevent fraud and abuse, improve our service, and contact business prospects who request information
• Consent — for marketing communications, optional cookies, and any processing where consent is the appropriate basis. You can withdraw consent at any time
• Legal obligation — for tax, accounting, and other regulatory record-keeping

5. How we use your data

• To create, operate, and bill your TableFox account
• To deliver booking confirmations, reminders, cancellation notices, payment requests, and feedback requests on behalf of restaurants
• To allow restaurants to manage their reservations, floor plans, and customer relationships
• To respond to enquiries submitted through our website forms or by email
• To send service updates, product news, and marketing communications to restaurant clients (you can opt out at any time)
• To monitor performance, troubleshoot issues, and improve our service
• To detect and prevent fraud, abuse, spam, or unauthorised access
• To comply with legal and regulatory obligations

6. Who we share data with (sub-processors)

We use a small number of trusted third-party services to deliver TableFox. Each sub-processor is bound by a data processing agreement and only processes data on our instructions. We share data with the following categories of recipients:

• Payment processors — to handle card payments, card holds, and subscription billing securely (we do not store full card numbers ourselves)
• Cloud hosting and storage providers — to host the TableFox platform and store the data needed to run it
• Email and SMS delivery services — to send booking confirmations, reminders, password resets, and other transactional messages
• Security, anti-spam, and content delivery services — to protect the platform from abuse and deliver pages reliably
• Privacy-friendly website analytics — to understand aggregate usage of our website (cookieless, no individual tracking)
• AI voice / phone answering services — only where a restaurant has chosen to enable AI call handling for their venue

An up-to-date list of the specific sub-processors we use, including their locations and the safeguards in place, is available to restaurant clients on request and is included in our Data Processing Agreement. Email privacy@tablefox.co.uk for a copy.

We do not sell personal data to anyone. We will only disclose personal data to other third parties if required by law (e.g., a valid court order or law-enforcement request) or as part of a business transfer (e.g., merger or acquisition), in which case we will notify affected parties in advance.

7. International transfers

Some of our sub-processors operate outside the UK or EEA. Where personal data is transferred internationally we rely on appropriate safeguards approved under UK GDPR — typically the UK International Data Transfer Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses, or an adequacy decision. You can request a copy of the relevant safeguards by contacting privacy@tablefox.co.uk.

8. How long we keep your data

We only retain personal data for as long as it is needed for the purposes set out in this policy. The actual retention period depends on the type of data and the reason it was collected. We use the following criteria to decide how long data is kept:

• Restaurant accounts: for as long as you have an active TableFox subscription, plus a reasonable period afterwards to handle re-activation, billing reconciliation, and any disputes. Billing and tax records are kept for the period required by UK tax law (currently six years under HMRC rules).
• Diner booking data: retained on behalf of the restaurant for as long as the restaurant reasonably requires it. When a restaurant deletes a booking or customer record, we remove it from our active systems within a reasonable timeframe.
• Website form submissions and enquiries: retained for as long as needed to respond to your request and follow up on any active interest, then deleted unless you become a customer.
• Analytics data: kept in aggregate, non-identifying form only.
• Server logs and audit trails: retained for a limited period for security, troubleshooting, and abuse prevention.

Where we are required to retain data for longer to meet a legal, regulatory, or contractual obligation, we will do so. Once data is no longer required, it is securely deleted or anonymised.

9. Cookies and similar technologies

We use a minimal set of cookies, falling into the following categories:

• Essential cookies (always on): used to keep you logged in, secure your session, and protect against forgery attacks. These are strictly necessary for the site to function and do not require consent under applicable law.
• Privacy-friendly analytics: we use a cookieless analytics tool that does not track individuals across sites and does not collect personal data.
• Security and anti-spam: short-lived cookies may be set by our spam protection tool to verify you are not a bot when submitting forms.

We do not use advertising cookies or third-party tracking pixels.

10. Marketing communications

If you are a restaurant client or have explicitly opted in, we may occasionally email you about TableFox features, product updates, and tips. Every marketing email contains an unsubscribe link, or you can email privacy@tablefox.co.uk to opt out. Transactional emails (booking confirmations, password resets, billing receipts, etc.) are required to deliver the service and are not subject to marketing opt-outs.

11. Your rights

Under UK GDPR you have the right to:

• Access the personal data we hold about you
• Rectify inaccurate or incomplete data
• Erasure ("right to be forgotten") in certain circumstances
• Restrict processing in certain circumstances
• Data portability — receive your data in a machine-readable format
• Object to processing based on legitimate interests, including direct marketing
• Withdraw consent at any time, where processing is based on consent
• Lodge a complaint with the Information Commissioner's Office (see Section 14)

To exercise any of these rights, email privacy@tablefox.co.uk. We will respond within one month. Where we act as a data processor (for example, your booking history with a particular restaurant), the restaurant is the data controller and we will forward your request and assist them in responding in accordance with our contractual obligations under Article 28 of the UK GDPR.

12. Security

We take security seriously and apply appropriate technical and organisational measures to protect personal data, including:

• Encryption of data in transit
• Secure storage of credentials and sensitive data
• Role-based access controls and audit logging
• Regular updates, patching, and vulnerability monitoring
• Sub-processors selected for their security posture and certifications
• Industry-standard protection against bots, abuse, and common attacks

Security is an ongoing commitment, and we continually review and improve our practices. If you believe you've identified a vulnerability, please email privacy@tablefox.co.uk and we will investigate promptly.

In the event of a personal data breach, we will notify affected customers and, where required, the Information Commissioner's Office (ICO) within 72 hours of becoming aware, in accordance with Articles 33 and 34 of the UK GDPR. Where we act as a processor on behalf of a restaurant, we will inform the restaurant without undue delay so they can fulfil their own notification obligations.

13. Children

Our services are intended for hospitality professionals and are not directed at children. The TableFox account, marketing, and direct-booking interfaces are designed for use by adults.

However, diners may provide information relating to minors as part of a booking — for example, the number of children in a party, a child's name on a family reservation, dietary or allergy information, or a high-chair request. In these cases the restaurant is the data controller for that information, and is responsible for collecting, retaining, and securing it lawfully under UK GDPR. TableFox processes this data only on the restaurant's behalf in accordance with Section 2 of this policy.

If you believe we hold data about a child that has been collected unlawfully, please contact privacy@tablefox.co.uk and we will work with the relevant restaurant to investigate and, where appropriate, delete it.

14. Complaints

If you have a concern about how we handle your personal data, please contact us first at privacy@tablefox.co.uk so we can try to resolve it. You also have the right to lodge a complaint with the UK supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
ico.org.uk · 0303 123 1113

15. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes to our service, the law, or industry best practice. The "last updated" date at the top of this page will always show when the policy was most recently revised. Material changes will be notified to restaurant clients by email.

16. Contact us

Questions, requests, or feedback about this policy? Email privacy@tablefox.co.uk or write to us at the registered office above.