Privacy Policy

Last updated: 27 March 2026

1. Introduction

This Privacy Policy explains how Maria Iontseva ("we", "us", "our"), trading as Blueroll, collects, uses, stores, and protects your personal data when you use the Blueroll mobile application ("App") and related services (the "Service").

We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Controller: Maria Iontseva, London, United Kingdom
Contact: hello@blueroll.app

2. Data We Collect

2.1 Information You Provide

Data Category	Examples	Purpose
Account information	Name, email address, password	Account creation and authentication
Business information	Business name, type, address	Customising the Service for your business
Food safety records	HACCP checklists, temperature logs, cleaning records, incident reports	Core functionality of the Service
Recipes and menus	Ingredients, preparation steps, allergen data	Recipe management and allergen matrix generation
Team data	Staff names, roles, task assignments	Team management features
Documents	Certificates, licences, uploaded files	Document storage and expiry tracking

2.2 Information Collected Automatically

Data Category	Examples	Purpose
Device information	Device type, operating system, app version	Technical support and compatibility
Usage data	Features used, session duration, interaction patterns	Improving the Service
Crash reports	Error logs, stack traces	Diagnosing and fixing bugs

2.3 Information We Do Not Collect

We do not collect precise geolocation data, contacts from your device, or payment card details (payments are processed entirely by Apple or Google).

3. Legal Basis for Processing

We process your personal data on the following legal bases under the UK GDPR:

Performance of a contract (Article 6(1)(b)): Processing necessary to provide the Service you have subscribed to.
Legitimate interests (Article 6(1)(f)): Improving the Service, preventing fraud, and ensuring security.
Consent (Article 6(1)(a)): Where applicable, for optional features such as marketing communications. You may withdraw consent at any time.
Legal obligation (Article 6(1)(c)): Where we are required to retain data by law.

4. How We Use Your Data

We use your data to:

Provide, maintain, and improve the Service
Process your subscription and manage your account
Generate compliance reports, allergen matrices, and other outputs from your data
Send essential service communications (e.g. expiry alerts, account notifications)
Diagnose technical issues and improve app performance
Comply with legal obligations

We do not sell, rent, or trade your personal data to any third party.

5. Data Storage and Hosting

Your data is stored securely using Supabase, a cloud database platform. Supabase infrastructure is hosted on AWS (Amazon Web Services) data centres. Data may be stored in the EU or US regions.

Where data is transferred outside the UK, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) as approved by the UK Information Commissioner's Office.

6. Data Sharing

We may share your data with the following categories of recipients, solely as necessary to provide the Service:

Supabase (database hosting): Stores your account data and food safety records.
Apple / Google (payment processing): Processes subscription payments. We do not receive or store your payment card details.
Analytics providers: Anonymised usage data to help us improve the Service.
Legal authorities: If required by law, regulation, or legal process.

We do not share your food safety records, recipes, or business data with any third party for their own purposes.

7. Data Retention

We retain your data as follows:

Active account: Data is retained for as long as your account is active and your subscription is current.
After cancellation: We retain your data for 90 days after subscription cancellation, during which you may reactivate your account and recover your data.
After account deletion: All personal data is deleted within 30 days of an account deletion request, except where retention is required by law.
Compliance records: Certain food safety records may be retained for up to 2 years after account deletion if required for regulatory compliance.

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

Right of access: Request a copy of the personal data we hold about you.
Right to rectification: Request correction of inaccurate or incomplete data.
Right to erasure: Request deletion of your personal data ("right to be forgotten").
Right to restrict processing: Request that we limit how we use your data.
Right to data portability: Request your data in a structured, commonly used, machine-readable format.
Right to object: Object to processing based on legitimate interests.
Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at hello@blueroll.app. We will respond within one month of receiving your request.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data protection rights have been violated.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

Encryption of data in transit (TLS/SSL) and at rest
Secure authentication with Supabase Auth
Row-level security policies to ensure users can only access their own data
Regular security reviews and updates

While we take reasonable steps to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

10. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 18, we will take steps to delete it promptly.

11. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal data.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy within the App or by email. The "Last updated" date at the top of this page indicates when the policy was last revised.

13. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

Maria Iontseva
London, United Kingdom
Email: hello@blueroll.app