Security
Security in plain English.
What we do today, what we're working towards, and what we will not do. We try to be honest about both — restaurants and partners deserve that, and security through obscurity isn't security.
Current posture
EU-hosted infrastructure
All production infrastructure is hosted in the European Economic Area. Backups are stored in the EEA. We do not transfer personal data to third countries except via signed Standard Contractual Clauses for narrow vendor purposes (e.g. Anthropic for the AI Ask widget).
Encryption in transit and at rest
TLS 1.2+ on every public endpoint with HSTS. Database storage and backups are encrypted at rest. Service-to-service calls go over authenticated channels.
Card data isolation
Fooodo never sees raw card data. Payments are handled by Mollie under their own PCI scope. The menu app receives a checkout URL and a callback — the card never touches our infrastructure.
Authentication and access
Operator and admin access is gated behind individual accounts with auditable role assignments. Session tokens, IP, device fingerprint and login timestamps are recorded for security review.
Tenant isolation
Every record is scoped to a Company tenant. Role policies enforce tenant boundaries at the data-access layer; restaurant admins can only manage their own restaurant.
GDPR alignment
Data minimisation by default. Every employee-affecting recommendation in Fooodo Insights requires human approval (GDPR Article 22). Data subjects can exercise their rights via dpo@fooodo.com.
Sub-processors
We use a small number of vetted sub-processors. The current list:
| Vendor | Role | Region |
|---|---|---|
| Mollie | Payment processing | EU |
| Vercel | Marketing site hosting | EU regions for this site |
| Anthropic | Models powering the Ask widget | International (SCCs in place) |
The full sub-processor list including the Fooodo platform infrastructure providers is available on request to operators under the Data Processing Agreement.
What's on the security roadmap
Formal SOC 2 Type II
TargetedWe are not currently SOC 2 certified. Audit work is on the roadmap; the timeline depends on customer demand. We can share our internal control framework on request.
ISO/IEC 27001
ConsideredTracking against the standard internally; certification is a 12+ month process and is decided based on customer demand.
Penetration testing
AnnualWe engage external penetration testers on an annual cadence and after material architectural changes. Reports are summarised for customer security teams on request.
Vulnerability disclosure
LiveReports go to security@fooodo.com (PGP available on request). We acknowledge within two business days. We do not currently run a paid bounty programme.
Incident response
If we have a security incident affecting a customer, we notify the customer's nominated contact within 72 hours of becoming aware (the GDPR breach-notification deadline) and follow up with a written report within 30 days. We coordinate with payment-provider incident channels for any payment-related event.
What we will not do
- We will not sell your data, your guests' data, or your staff's data — to anyone, ever.
- We will not use your operational data to train AI models without your explicit, opt-in consent.
- We will not hold your data hostage — exports are available in standard formats while you are a customer and at the end of your contract.
- We will not auto-implement AI recommendations that affect employees. Article 22 is a hard floor.
Talk to security
Vulnerability reports, vendor due-diligence, customer security questionnaires — write to security@fooodo.com. Data-subject requests go to dpo@fooodo.com. We respond to both within two business days.
Related pages: Privacy notice · Terms of service · Data processing agreement · Contact