kore

← Back to sign in

Privacy Policy

Last updated: 6 July 2026

1. Introduction

kore (“the Platform”) is operated by The K Restaurant to manage kitchen operations, inventory, recipes, purchasing, and integrations. This Privacy Policy explains what personal data we process, why, and your rights.

The Platform is intended for authorised staff and contractors of the organisation. It is not a consumer-facing application.

2. Data controller

Data controller: The K Restaurant.

Privacy enquiries: privacy@thekrestaurant.com.

3. Data we collect

  • Account data: name, email address, role assignments, location access.
  • Operational data: inventory, recipes, purchase orders, invoices, waste records, and audit logs you create in the Platform.
  • Shopify integration data: order details, customer names, phone numbers, delivery addresses, and line items received via webhooks.
  • Invoice documents: PDF or image files uploaded for supplier invoice processing.
  • Technical data: session cookies, IP address (where logged), browser user-agent (where logged), and security event metadata.

4. Why we use your data

Legal bases (GDPR): contract performance (providing the service), legitimate interests (security and operations), and legal obligation where applicable.

  • Authenticate users and enforce role-based access.
  • Operate inventory, costing, purchasing, and reporting workflows.
  • Process Shopify orders and deduct stock automatically.
  • Maintain security, audit trails, and fraud prevention (rate limiting).
  • Improve reliability and support (error logs, health checks).

5. Sub-processors

We use data processing agreements or standard contractual terms with providers where required.

  • Supabase (EU) — database, authentication, file storage.
  • Vercel — application hosting and CDN.
  • Shopify — e-commerce orders and product catalog (when connected).
  • OpenAI — optional invoice OCR extraction (when enabled).
  • PrintNode — optional label and receipt printing (when enabled).

6. Retention

Operational records are retained while the organisation uses the Platform and as needed for accounting, food safety, or legal requirements.

Audit logs are retained for security review (typically 12–24 months unless a longer period is required).

You may request deletion of your user account subject to legal and operational constraints.

7. Your rights

Contact privacy@thekrestaurant.com to exercise your rights.

  • Access, rectification, erasure, restriction, portability, and objection (where applicable under GDPR).
  • Withdraw consent where processing is consent-based.
  • Lodge a complaint with your local supervisory authority.

8. Security

We apply row-level security in the database, encrypted transport (HTTPS), permission checks in the application, and webhook signature verification.

See our Security Policy for a summary of technical controls.