innkept

GDPR & data residency

Lawful basis, retention, sub-processors. What you can hand to your DPO.

The plain-English version of where data lives, how long we keep it, and what your DPO should know. We're a UK company processing data for UK customers — UK GDPR is the regime.

What we store

CategoryExamplesLawful basis
Operator accountYour name, email, password (hashed), brand assetsContract
CatalogueLocations, products, menus, pricing plans — your business configContract
Lead dataGuest name, email, phone, event details, GDPR consentLegitimate interest, with consent for marketing follow-up
Quote dataSelected items, totals, commentsContract (between you and your guest, processed by us)
TelemetryAPI request logs (no body content), error tracesLegitimate interest

Data residency

All operator and lead data is stored in UK regions on AWS (London, eu-west-2). No data is processed or stored outside the UK or EEA. If your DPO needs the specifics: our primary RDS database is in eu-west-2, with encrypted backups also in eu-west-2.

Sub-processors

Sub-processorWhat forWhere
AWSHosting, database, queues, backupsUK (eu-west-2)
StripeSubscription billingEU
PostmarkTransactional email (notifications, password reset)US, with EU regional storage
CloudflareCDN, DDoS protectionGlobal

The full sub-processor list is updated on Privacy. Subscribe to the page for change notifications.

Retention

  • Active operator account — kept indefinitely while you're a customer.
  • Closed operator account — wiped after 90 days, except where law requires us to retain (invoicing records: 7 years).
  • Lead data — retained for as long as your account is active. Deleting a lead from the dashboard removes it permanently within 24 hours.
  • Logs — 90 days, then aggregated and personally non-identifiable.

Guest rights

Your guest is the data subject for the lead data. They have the standard UK GDPR rights: access, rectification, erasure, portability, objection. If a guest contacts you:

  • Access / portability — the lead detail page in your dashboard has an Export button.
  • Erasure — delete the lead from your dashboard. Permanent within 24 hours.
  • Objection — flip GDPR consent to false on the lead. They'll be excluded from any marketing exports.

If a guest contacts us directly at privacy@innkept.com, we'll forward to you and copy you on the resolution.

The DPA

Our standard Data Processing Agreement is available on request — email privacy@innkept.com. It's based on the ICO template with the IDTA addendum for any onward transfers. Most operators don't need to negotiate.

Consent in the configurator

The configurator's last step has a required GDPR consent checkbox. We won't accept a submission without it ticked. The wording is standard:

I agree to the venue contacting me about my enquiry and storing my details for the duration of the conversation.

The text is currently fixed — per-operator wording is on the roadmap.

Something missing or wrong? Tell us.

Updated regularly. UK English. No AI slop.