Privacy Policy

Yalla Kosher is a kosher-certified meal preparation and delivery service operating across North London. The data controller is Yalla Kosher.

For privacy questions or to exercise your rights, contact us at hello@yallakosher.co.uk.

• Account & identity: name, email address, phone number, and authentication identifier (Supabase user ID and, if you sign in with Google, your Google profile email and name).
• Delivery details: address, postcode, delivery area, and dietary notes you choose to provide.
• Order history: which meals you've ordered, portion size, quantities, totals, and delivery dates.
• Payment data: we never store your card number. Card details are collected and stored by our payment processor, Stripe. We keep a Stripe customer reference and a "last 4" card summary so you can identify your saved card.
• Technical data: standard server logs (IP address, user agent, requested URL, timestamp) for security and operational troubleshooting.

• To set up and manage your account.
• To take and fulfil your weekly orders, including kitchen prep and delivery.
• To take recurring weekly payment via Stripe.
• To send you transactional emails (order confirmations, payment failures, weekly charge receipts).
• To respect any dietary notes or allergens you've shared with us.
• To keep the service secure, prevent fraud, and meet our legal obligations.

We process your personal data on the following lawful bases under the UK GDPR:

• Contract: to provide the meal subscription you've signed up for (Article 6(1)(b)).
• Legitimate interests: to operate, secure, and improve the service (Article 6(1)(f)).
• Legal obligation: to keep accounting and tax records (Article 6(1)(c)).

We share your data only with the third-party processors who help us run the service:

• Supabase — authentication and database hosting (data stored in the EU).
• Stripe — payment processing.
• Resend — transactional email delivery.
• Vercel — website hosting and serverless compute.
• Google — (a) Google Analytics 4, which sets cookies on your device and sends anonymised usage data (pages viewed, device type, approximate location) to Google to help us understand how the site is used; (b) only if you choose "Sign in with Google", Google receives the fact that you authenticated with our app and returns your name and email.

Each of these providers acts as a processor under our written instructions and is contractually obliged to keep your data secure. We do not sell your data and we do not share it with advertisers.

Account and order data is retained for as long as your account is active. If you delete your account from your account page, we delete your profile and personal details. Anonymised order history and payment records are kept for up to 7 years to meet our UK accounting and tax obligations.

Under UK GDPR, you have the right to:

• Access the personal data we hold about you.
• Correct any inaccuracies.
• Request deletion of your data ("right to be forgotten").
• Object to or restrict our processing.
• Receive your data in a portable format.
• Withdraw consent at any time where we rely on consent.

To exercise any of these rights, email hello@yallakosher.co.uk. We'll respond within one month.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

We split cookies into two categories: strictly necessary (sign-in, basket) and analytics (Google Analytics 4). Analytics cookies are only set if you explicitly accept them in the consent banner. We do not use marketing, advertising, or social-media tracking cookies.

Our full Cookie Policy lists every cookie we set, and lets you change your consent at any time.

We use HTTPS in transit, encrypted-at-rest storage on Supabase and Stripe, and access controls that limit who on our team can see your data. No system is perfectly secure — if you believe your account has been compromised, contact us immediately.

If we make material changes we'll update the "Last updated" date at the top and notify subscribed users by email.