Maya’s Café — Privacy Policy

Last updated: 12 December 2025

Maya’s Café exists to serve people. This policy explains how personal data is handled across the Maya’s Café website, ordering pages, booking pages, and related digital services commissioned and maintained through Tecknomancy and TecknoCore.

Contact

tecknomancy@gmail.com

Applies to

Website, ordering and booking pages, operational communications, and security controls tied to these services

Law

UK GDPR and the Data Protection Act 2018

Core rule

Collect what we need. Use it to serve you. Protect it carefully. Never sell it.

1. Our Principle

People are not data points. They are guests. Every system we build exists to protect trust, dignity, and safety. We collect only what is necessary to provide café services, fulfil orders and bookings, respond to messages you send us, and keep the platform stable and secure.

We do not share personal data. We do not use your data in ways that are unfair or unrelated to providing our services. If we ever introduce an optional feature that requires consent, you will be told clearly and given a real choice.

2. Who We Are

Maya’s Café (“we”, “us”, “our”) is responsible for personal data collected through this platform in the course of providing café services. The platform is commissioned and maintained through Tecknomancy and TecknoCore. Where a third-party service provider processes data (such as a payment provider), they may act under their own terms and privacy policy.

Privacy contact: tecknomancy@gmail.com

3. Information We Collect

The information we collect depends on how you use the platform. This can include:

Name and contact details such as your name, email address, and phone number.
Order information such as items, quantities, notes you provide, timestamps, order reference numbers, and fulfilment method.
Booking information such as date, time, party size, and any notes you choose to include.
Communications such as messages you send us and our replies.
Technical data needed for operation and protection, such as IP address, device/browser details, and basic security logs.
Preferences you choose to set where offered (such as communication preferences).

4. Sensitive Information

If you choose to include allergy or dietary information in an order note or booking message, that may be sensitive data under data protection law. You provide it voluntarily so we can prepare food with care and respond responsibly. Please provide only what is needed for your request.

5. How Information Is Used

We use personal data only for purposes that match why it was provided. This includes:

Providing café services and fulfilling orders and bookings.
Confirming, updating, or clarifying your order or booking.
Responding to questions and messages you send to us.
Maintaining platform safety, preventing misuse, and protecting staff and guests.
Maintaining reliable operation, auditing issues, and improving stability.
Complying with legal obligations, including recordkeeping and lawful requests.

6. Legal Bases for Processing

Under UK GDPR, we process personal data on one or more of the following bases:

Contract to fulfil an order or booking you request.
Legitimate interests to operate safely, prevent fraud and misuse, and maintain the platform (balanced with your rights).
Legal obligation where recordkeeping or compliance is required.
Consent where optional features are offered (you can withdraw consent at any time).
Vital interests in rare cases to protect life or prevent serious harm.

7. Payments

Payments are processed by trusted third-party providers. We do not store full card details on our servers. Payment providers operate under their own privacy policies for payment processing. Where we retain payment-related records, it is typically for accounting and operational proof of purchase.

8. Cookies and Similar Technologies

The platform may use essential cookies or similar technologies required for core operation and security. Examples include maintaining sessions, preventing misuse, and ensuring the site works correctly. Where non-essential cookies are used (such as analytics), appropriate notice and choices will be provided.

9. Sharing Information

We share personal data only when necessary to operate the platform and fulfil services. This may include:

Hosting and infrastructure providers that run the site and store operational data.
Email and messaging services used to deliver confirmations and replies.
Payment providers used to process payments securely.
Professional advisers where necessary for legal or accounting support.
Authorities where required by law, or where necessary to respond responsibly to serious safety or legal concerns.

We do not share your personal information.

10. Safeguarding and Vulnerable Users

Leviathan is the safeguarding and compliance system overseeing this platform. It exists to protect children, vulnerable individuals, staff, and guests, and to preserve the integrity of the space.

Where serious safety concerns arise — such as harassment, threats, or behaviour that risks harm — appropriate steps may be taken to protect guests, staff, and the space itself. This can include restricting access, preserving relevant logs, and cooperating with authorities where required by law.

11. Equality and Non-Discrimination

No discrimination. No exclusion. Everyone is welcome, provided no harm is caused to others and the space remains safe. In rare situations, we may limit service where necessary to protect staff and guests, maintain safety, or meet legal obligations.

12. Security

We use reasonable technical and organisational measures to protect personal data. Measures can include access controls, least-privilege practices, secure hosting, backups, monitoring for misuse, and operational logging for incident response.

No online service can guarantee perfect security, but we treat protection as an ongoing duty. If you believe a security issue exists, contact us using the email address in this policy.

13. Data Retention

We keep personal data only as long as needed for the purposes described in this policy, including legal, accounting, and security obligations. Typical examples:

Order and booking records may be retained for operational needs and lawful recordkeeping.
Security logs may be retained for a limited time to detect misuse, investigate incidents, and protect the platform.
Where marketing preferences exist, they are kept until you change them or withdraw consent.

When data is no longer needed, we delete it or anonymise it where appropriate.

14. Your Rights

Under UK GDPR, you may have rights including:

Access to your personal data.
Correction of inaccurate personal data.
Deletion where legally permitted.
Restriction of processing in certain circumstances.
Objection to processing based on legitimate interests.
Data portability in certain circumstances.
Withdrawal of consent where processing is based on consent.

To exercise a right, contact us at tecknomancy@gmail.com. We may ask for verification to protect your data from improper disclosure.

15. Children

The platform is intended for general public use. If you believe a child has provided personal data without appropriate permission, contact us and we will investigate and take appropriate action.

16. International Transfers

Some service providers may process data outside the UK. Where that happens, we take steps to ensure appropriate safeguards are in place consistent with UK data protection requirements.

17. Complaints

If you have concerns, contact us first and we’ll do our best to resolve them. You may also have the right to complain to the UK Information Commissioner’s Office.

18. Changes to This Policy

We may update this policy from time to time. The “Last updated” date at the top indicates when changes were last made. Where changes are significant, appropriate notice will be provided on the platform.

19. Contact

Email: tecknomancy@gmail.com