Back to TasteBuds for Business

TasteBuds for Business Privacy Policy

Last updated: April 9, 2026

1. Who We Are

This Privacy Policy explains how Big Theory Ltd, trading as TasteBuds for Business, collects, uses, stores, shares, and otherwise processes personal data in connection with the TasteBuds for Business product.

Big Theory Ltd is a company incorporated in the United Kingdom with company number 12767506 and registered office at 124 City Road, London, England, EC1V 2NX.

For business privacy questions, requests, or complaints, contact:

  • Privacy: privacy@business.tastebuds.dev
  • Support: support@business.tastebuds.dev
  • Legal / commercial notices: legal@business.tastebuds.dev

2. Scope

This Privacy Policy applies to TasteBuds for Business, including the marketing site, business workspace, onboarding flows, account administration tools, node management, analytics dashboards, APIs, support flows, and related business-facing services.

The business product is designed for hospitality operators and teams using TasteBuds tools to manage venue intelligence and performance insight.

3. Personal Data We Collect

We may collect the following categories of personal data:

Business account information

This may include company name, workspace details, billing or plan information, claimed locations or nodes, pricing tier, subscription details, and setup information.

User and team-member details

This may include names, business email addresses, authentication identifiers, login provider details, role assignments, MFA settings, and workspace membership records.

Ownership and authority verification data

To verify authority over a venue, node, or workspace, we may collect and process information used to confirm business ownership or authorised control.

Tier 1 verification methods may include:

  • business email domain verification;
  • venue phone or one-time code verification; and
  • website or domain verification.

Tier 2 verification methods may include manual review using reasonable evidence where Tier 1 methods are unavailable or insufficient, including public registry checks, business website evidence, or limited supporting documentation reasonably necessary to verify authority.

Operational workspace data

This may include searches, node selections, benchmarking queries, dashboard views, settings changes, permission changes, API usage, export activity, and workspace administration events.

Support, security, and technical metadata

This may include request logs, IP-related records, browser and device information, audit logs, service diagnostics, authentication events, and security-related metadata.

Business insight data

This may include venue statistics, comparative analytics, benchmarking outputs, rankings, trend indicators, and community-signal reporting exposed inside the business product.

4. How We Use Personal Data

We use personal data to:

  • provide access to the workspace and authenticate users;
  • create, maintain, bill, renew, and administer business accounts and subscriptions;
  • manage memberships, roles, permissions, and owned nodes;
  • verify authority over venues, nodes, and workspaces;
  • generate analytics, reporting, benchmarking, and operational insights for authorised business users;
  • provide and administer API access and enforce usage limits;
  • support customers and respond to enquiries;
  • protect the service, detect abuse or fraud, maintain audit trails, and investigate incidents;
  • improve the product, measure feature usage, and develop future features;
  • comply with legal obligations and protect our rights, customers, users, and the public.

5. Our Lawful Bases

Depending on the context, we rely on the following lawful bases:

Contract

Where processing is necessary to provide the TasteBuds for Business service, including account creation, authentication, workspace access, subscriptions, onboarding, permissions, and core business features.

Legitimate interests

Where processing is necessary for our legitimate interests, provided those interests are not overridden by the rights and interests of the relevant individual. This may include security, fraud prevention, service administration, ownership verification, product improvement, internal analytics, billing administration, benchmarking methodology, and customer support.

Legal obligation

Where processing is necessary to comply with law, legal process, regulatory requirements, tax rules, accounting duties, or lawful requests from authorities.

Consent

Where required by law, including for certain cookies, similar technologies, and certain marketing communications.

6. Customer Data Roles

Depending on the context, TasteBuds for Business may act either:

  • as an independent controller of business account, billing, security, service administration, usage analytics, and platform improvement data; or
  • as a processor or service provider acting on documented customer instructions for certain workspace data.

Where we act as a processor for customer personal data, the relevant processing is governed by the applicable contract and, where required, a separate data processing agreement.

Business customers are responsible for ensuring that they have the right to provide team-member details or other customer-controlled data to us and for providing any workplace notices required under applicable law.

7. Consumer-Derived Insight

The business product may include insight generated from activity in the broader TasteBuds ecosystem.

Business customers do not receive consumer account credentials or unrestricted access to hidden personal consumer content through the business product.

Where consumer-derived insight is shown in the business product, we aim to present it using privacy controls such as aggregation, thresholding, rolling windows, time delays, and suppression.

Based on our current product design:

  • basic aggregated venue counts and visits are generally shown only where at least 5 users contribute within the reporting window;
  • segmented analytics are generally shown only where at least 10 users contribute to the relevant segment or reporting cell;
  • NLP-derived excerpts, richer sentiment outputs, or similar deeper analytics are generally shown only where at least 20 contributors support the output;
  • restaurant-facing consumer-derived insight is generally delayed by 7 days; and
  • reporting generally uses a rolling 30-day window.

Where we determine that an output may create privacy, safety, legal, or misuse risk, we may suppress, combine, delay, restrict, or withhold that output.

8. Cookies, Similar Technologies, and Analytics

We may use cookies, local storage, SDK identifiers, and similar technologies for sign-in, security, preferences, analytics, product improvement, and service administration.

Where required by law, we will ask for consent before using non-essential technologies. Additional information may be provided in a separate cookie notice.

9. Sharing

We may share personal data with:

  • vendors and infrastructure providers that help us operate authentication, hosting, storage, security, support, monitoring, analytics, mapping, communications, and related systems;
  • professional advisers, auditors, insurers, counterparties, regulators, and authorities where reasonably necessary for legal compliance, contract enforcement, dispute resolution, or protection of the service and its users;
  • relevant parties in connection with financing, acquisition, merger, reorganisation, or sale of assets, subject to appropriate confidentiality and transition protections.

10. International Transfers

Business account information may be processed in countries other than the country in which a customer or user is located.

Where we make a restricted transfer of personal data, we aim to use an appropriate transfer mechanism under applicable law, such as an adequacy decision, standard contractual safeguards, the UK International Data Transfer Agreement, or another lawful transfer mechanism or exception where applicable.

11. Retention

We retain business account records, workspace activity, and associated logs for as long as reasonably necessary to provide the service, manage customer relationships, protect the platform, verify ownership or authority, satisfy legal obligations, and support audit, security, tax, accounting, and evidentiary needs.

Backups, deleted-workspace remnants, and audit records may persist for a limited period after deletion or termination.

Where we process ownership verification data, we may retain an appropriate record of the verification outcome and limited supporting evidence for as long as reasonably necessary to prevent fraud, resolve disputes, enforce contractual restrictions, and meet legal obligations.

12. Security

We use reasonable technical and organisational safeguards designed to protect business workspace data.

This includes, where appropriate:

  • encryption in transit using TLS;
  • encryption at rest for personal data where applicable;
  • MFA availability for business users;
  • role-based permissions; and
  • audit logs for administrative actions.

No platform can guarantee absolute security. Customers are responsible for controlling internal access to their own workspace and credentials.

13. Data Subject Rights

Subject to applicable law, individuals may have rights to access, correct, delete, restrict, object to, or port certain personal data.

Privacy requests relating to TasteBuds for Business should be sent to privacy@business.tastebuds.dev.

Where a request relates to customer-controlled workspace data for which we act as processor, we may direct the requester to the relevant customer or assist that customer in responding, as appropriate.

14. Changes

We may update this Privacy Policy from time to time by publishing a revised version and updating the last-updated date.

15. Contact

Privacy questions about TasteBuds for Business should be sent to:

privacy@business.tastebuds.dev

Support questions should be sent to:

support@business.tastebuds.dev

Legal and commercial notices should be sent to:

legal@business.tastebuds.dev