QuantDine
Start trial
← quantdine.co.uk

Your data is safe with us

We treat your restaurant's data with the same care you'd want your own financial records treated. Here's exactly how we protect it.

ICO Registered · ZC119810UK GDPR CompliantEU Data Centres

Data storage & infrastructure

  • All restaurant data is stored on Supabase PostgreSQL servers located in Frankfurt, Germany (EU Central) — never outside the EU for primary storage.
  • Hosted on Vercel's global edge network with enterprise-grade infrastructure.
  • Database connections use SSL/TLS encryption in transit at all times.
  • All data is encrypted at rest.
  • Automatic backups with point-in-time recovery.

Access & authentication

  • All user passwords are hashed using bcrypt — we never store plaintext passwords.
  • Sessions are managed securely via NextAuth.js with server-side validation on every protected request.
  • Every database query is scoped to your business ID — it is architecturally impossible for one restaurant to access another's data.
  • Role-based access control supports owner, manager, and staff roles with permissions matched to each role.

Payments

  • All payment processing is handled entirely by Stripe — one of the world's most trusted payment processors.
  • QuantDine never stores, sees, or touches your card details.
  • Stripe is PCI DSS Level 1 certified — the highest level of payment security certification.
  • Billing and card data never touch our own database.

AI & third party data handling

  • When generating AI insights, only anonymised trading patterns are shared with the Anthropic API — never personal guest data, and never payment details.
  • We use a minimal data principle: third parties only receive what is strictly necessary for their function.
  • All third party processors are bound by data processing agreements that comply with UK GDPR.

Regulatory compliance

  • QuantDine Ltd is registered with the Information Commissioner's Office (ICO Registration No. ZC119810).
  • We are fully compliant with UK GDPR and the Data Protection Act 2018.
  • You retain full ownership of your data at all times.
  • We will never sell, rent, or share your data with advertisers or third parties for commercial purposes.
  • On cancellation, your data is retained for 30 days then permanently deleted on request.

For full details on how we handle your data, see our Privacy Policy, Terms & Conditions, and Cookie Policy.

Reporting a concern

If you have a security concern or want to report a vulnerability, email legal@quantdine.co.uk. We commit to acknowledging all security reports as soon as we can.