This policy explains how Olvire Ltd ("Olvire", "we", "us") collects, uses, and protects personal data. It applies to three groups of people:
For visitor and client data, Olvire Ltd is the data controller — we decide how and why that data is processed, and we are responsible for it under UK GDPR.
For end-user data (the customers of coffee shops using our platform), Olvire acts as a data processor on behalf of the coffee shop operator, who is the data controller. If you are a coffee shop customer and have questions about how your data is used, you should contact the coffee shop directly. Olvire handles that data only as instructed by the operator.
Olvire Ltd is registered in England and Wales (Company No. 16749191) at 128 City Road, London EC1V 2NX.
Our nominated point of contact for data protection matters is Haseeb Mahmood. You can reach him at haseeb@olvire.com.
Visitors and prospective clients
| Data | Why we collect it | Legal basis |
|---|---|---|
| Name, email address | To respond to your application and communicate about onboarding | Legitimate interests |
| Shop name and location | To assess whether the service is a good fit before a call | Legitimate interests |
| Message content | To understand your requirements | Legitimate interests |
Active clients (coffee shop operators)
| Data | Why we collect it | Legal basis |
|---|---|---|
| Name and email address | Account management, service communications, support | Contract |
| Dashboard login credentials (via Firebase Auth) | To authenticate access to the admin dashboard | Contract |
| Billing and payment information | Processed entirely by Stripe — we never see or store card details | Contract |
| Business information provided during onboarding | To configure and personalise your app and dashboard | Contract |
End users (coffee shop customers, via the built app)
Collected and processed on behalf of the coffee shop operator (who is the data controller).
| Data | Why it is collected |
|---|---|
| Name and email address | Account creation, order confirmation, and communication |
| Order history | Order fulfilment, loyalty tracking, and one-tap reorder functionality |
| Loyalty balance and referral status | To operate the loyalty and referral programme |
| Push notification token (FCM) | To deliver order status updates and, with consent, promotional messages |
| Stripe customer ID (tokenised reference only) | To link returning customers to their saved payment method — Olvire never stores raw card data |
| Pickup preference (lane or counter) | To route orders correctly at fulfilment |
| Favourite items and notification preferences | To personalise the app experience at the user's own direction |
Special category data
We do not knowingly collect or process any special category personal data as defined under UK GDPR (including health, biometric, racial or ethnic origin, religious belief, or political opinion data).
We rely on the following lawful bases:
We use personal data only for the purposes for which it was collected. We do not sell personal data to any third party, use it for behavioural advertising, or share it outside of what is described in this policy.
| Service | Purpose | Location | Safeguard |
|---|---|---|---|
| Google Firebase | Authentication, real-time database, cloud functions, push notifications (FCM), crash reporting (Crashlytics) | EU and US | Google Cloud Data Processing Addendum; IDTA for UK-to-US transfers |
| Stripe | Payment processing (card data handled solely by Stripe under PCI DSS) | EU and US | UK-US Data Bridge; Stripe DPA |
| Formspree | Contact and application form submission routing | US | UK-US Data Bridge; Formspree DPA |
All processors are contractually bound to process personal data only on our documented instructions, to maintain appropriate security measures, and not to engage sub-processors without our consent.
Some of the processors listed above transfer or store data outside the United Kingdom. Where this occurs, we ensure appropriate safeguards are in place:
When data is no longer required, it is deleted or anonymised so that it can no longer be linked to an individual.
Under UK GDPR, you have the following rights in relation to your personal data:
To exercise any of these rights, email haseeb@olvire.com. We will acknowledge your request within 5 working days and respond in full within 30 days. We do not charge a fee for reasonable requests.
If you are an end user of a coffee shop app built on Olvire, some of these rights must be exercised directly with the coffee shop, as they are the data controller for your data. We will assist the operator in responding to any such requests.
You have the right to lodge a complaint with the Information Commissioner's Office (ICO) at any time if you believe we have handled your data unlawfully: ico.org.uk/make-a-complaint or 0303 123 1113.
Our service is not directed at children under the age of 13. We do not knowingly collect personal data from anyone under 13. If you believe a child under 13 has submitted personal data to us, please contact us at haseeb@olvire.com and we will delete it promptly.
Where end users of coffee shop apps may include individuals aged 13 to 15, the coffee shop operator is responsible for ensuring appropriate consent mechanisms are in place in their jurisdiction.
We take reasonable technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure:
No system is completely secure. If we become aware of a data breach that is likely to result in a risk to your rights, we will notify affected parties and the ICO as required by law within 72 hours of becoming aware.
Website (olvire.com): We do not use tracking, advertising, or analytics cookies. Firebase Auth may set a session cookie for the purposes of maintaining your login to the admin dashboard only. No third-party advertising pixels or tracking scripts are present.
Mobile app: The app uses Google Firebase Crashlytics to collect anonymous crash reports and diagnostic data (device type, OS version, app version, crash stack trace). This data is used solely to identify and fix bugs. It does not identify individuals and is not used for advertising. This processing is based on our legitimate interest in maintaining a stable and secure service.
Where Olvire processes personal data on your behalf as your data processor (i.e. the personal data of your customers using the app), Olvire will: process data only on your documented instructions; ensure all personnel with access to that data are bound by confidentiality; assist you in responding to data subject requests from your customers; notify you of any personal data breach affecting your customers' data without undue delay; and delete or return all personal data on termination of the service.
You are responsible for ensuring you have a lawful basis to collect and process your customers' personal data through the app and that your own privacy policy covers the app's data practices.
We review this policy periodically and may update it as the service evolves or legal requirements change. We will notify active clients by email at least 14 days before any material changes take effect. The date at the top of this page reflects when the policy was last updated. The current version is always available at olvire.com/privacy.
For any questions about this policy, to exercise your rights, or to raise a concern:
Email: haseeb@olvire.com
Post: Olvire Ltd · 128 City Road · London EC1V 2NX · United Kingdom
We aim to resolve all queries promptly and fairly. If you are not satisfied with our response, you have the right to escalate to the ICO at ico.org.uk.