Last updated: 19 June 2026
Effective Date: 19 June 2026
CribNosh Ltd ("CribNosh", "we", "our", or "us"), registered in Scotland under company number SC834534, is the data controller responsible for your personal information unless we tell you otherwise.
Registered Office: 50 Southhouse Broadway, Edinburgh, EH17 8AR, United Kingdom
Privacy Email: privacy@cribnosh.co.uk
Data Protection Contact: dpo@cribnosh.co.uk
This Privacy Policy explains how we collect, use, store, share, protect, retain, and otherwise process personal information when you use our website, mobile applications, social or community features, creator tools, driver tools, support flows, family-account features, and related services (together, the "Platform").
This Policy applies to customers, Food Creators, Drivers, guests, support users, and other people who interact with the Platform, unless we provide a separate notice for a specific service or relationship.
We may apply stricter age, eligibility, verification, or feature-access rules in particular cases. We do not knowingly allow underage users into account types or features that require a higher minimum age.
We collect personal information directly from you, automatically from your use of the Platform, from other Platform participants, from service providers, and from devices or systems you use with the Platform.
This may include:
This may include:
If you use the Platform as a Food Creator, we may collect:
If you use the Platform as a Driver, we may collect:
This may include:
This may include:
Depending on your device, account type, settings, and use of the Platform, we may collect information linked to your use of:
Unless we expressly tell you otherwise for a specific feature, we do not seek to collect or store the raw Face ID, fingerprint, or other biometric template used by your device for local authentication.
Some information you choose to provide, such as allergy details, dietary restrictions, or health information in a complaint or safety report, may amount to special category data under data protection law.
Where required by law, we rely on your explicit consent, your manifest choice to provide the information for a specific purpose, legal claims handling, substantial public interest, or another lawful condition that applies to the circumstances.
We use personal information where necessary to operate, improve, protect, and support the Platform. This may include using your information:
Depending on the context, we process personal information under one or more of the following legal bases under UK GDPR:
We process personal information where necessary to enter into or perform our contract with you, including:
We process personal information where necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. These interests may include:
We rely on consent where required, including for example:
You can withdraw consent at any time, although this does not affect processing already carried out lawfully before withdrawal.
We process personal information where necessary to comply with legal or regulatory obligations, including obligations relating to tax, accounting, anti-fraud, safety, investigations, law enforcement, court orders, and similar requirements.
In limited circumstances, we may process information to protect someone from serious harm, to address urgent safety incidents, or to establish, exercise, or defend legal claims.
To make our use of data clearer, the following are common examples of how categories and legal bases fit together:
We share personal information only where we believe it is necessary, appropriate, and lawful.
Depending on the workflow:
We may share information with service providers acting on our instructions, such as:
We may share information with:
where reasonably necessary and lawful.
If we are involved in a merger, acquisition, financing, restructure, or sale of assets, personal information may be disclosed to relevant counterparties and advisers subject to appropriate safeguards.
Some service providers or counterparties may be located outside the UK. Where we transfer personal information internationally, we take steps designed to ensure a comparable level of protection, such as:
We retain personal information only for as long as reasonably necessary for the purposes described in this Policy, including for legal, accounting, tax, fraud-prevention, safety, moderation, copyright, payout, support, and dispute reasons.
Retention periods vary depending on the information and context. For example:
We may also retain derived records, audit trails, redaction logs, payout adjustments, moderation outcomes, and similar operational records where necessary.
We may use automated systems, rules, ranking models, or AI-assisted systems to help with:
These systems may use information such as account activity, preferences, location, order history, reliability signals, safety signals, and related Platform context.
These tools help us operate and improve the Platform, but they do not replace all human judgment. If you believe an automated process has affected you unfairly, you may contact us to request review and, where applicable, human intervention.
Some automated or partially automated processes may contribute to eligibility, fraud, payout, moderation, recommendation, visibility, routing, or support outcomes, although human review may also be involved depending on the workflow.
Where applicable, you may also ask us for more information about the relevant decision process, the main categories of information involved, and the available review options.
AI-generated or AI-assisted outputs may be incomplete or wrong and should not be treated as medical, dietary, allergy, food-safety, legal, or other professional advice.
We and our partners may use cookies, SDKs, pixels, local storage, and similar technologies to:
Your account or device settings may also let you control certain data uses such as analytics, marketing, personalization, discoverability, map visibility, or online-status sharing, but some service and safety uses remain necessary for the Platform to function.
You can manage cookies and similar technologies through our cookie controls, your browser settings, device settings, and other mechanisms we make available. Some features may not work properly if certain technologies are disabled.
Subject to applicable law, you may have the right to:
To exercise your rights, contact us using the details at the end of this Policy. We may need to verify your identity before we can fully respond. We may also need to retain or refuse deletion of some information where the law allows or requires us to do so.
We use technical and organisational measures designed to protect personal information, including measures such as:
No system can be guaranteed completely secure. You are also responsible for using unique passwords or secure sign-in methods and keeping your credentials and devices secure.
The Platform may contain third-party services, links, content, or integrations. We are not responsible for the privacy practices of third parties acting outside our instructions. Their own notices and policies may apply.
We may update this Privacy Policy from time to time to reflect changes in the Platform, our practices, legal requirements, or other operational reasons.
Where legally required, we will provide appropriate notice of material changes. Your continued use of the Platform after the effective date of an update means you accept the updated Policy, except where applicable law requires another form of consent.
If you have concerns about how we handle your personal information, you may contact us first and we will try to resolve them.
You also have the right to complain to the UK Information Commissioner's Office:
ICO Website: www.ico.org.uk
Helpline: 0303 123 1113
Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
If you have questions about this Privacy Policy, want to exercise your rights, or want to contact us about privacy, safety, moderation, or retention issues, please contact us:
Email: privacy@cribnosh.co.uk
Data Protection Contact: dpo@cribnosh.co.uk
Address: CribNosh Ltd, 50 Southhouse Broadway, Edinburgh, EH17 8AR, United Kingdom
Last updated: 19 June 2026
Effective Date: 19 June 2026
CribNosh Ltd ("CribNosh", "we", "our", or "us"), registered in Scotland under company number SC834534, is the data controller responsible for your personal information unless we tell you otherwise.
Registered Office: 50 Southhouse Broadway, Edinburgh, EH17 8AR, United Kingdom
Privacy Email: privacy@cribnosh.co.uk
Data Protection Contact: dpo@cribnosh.co.uk
This Privacy Policy explains how we collect, use, store, share, protect, retain, and otherwise process personal information when you use our website, mobile applications, social or community features, creator tools, driver tools, support flows, family-account features, and related services (together, the "Platform").
This Policy applies to customers, Food Creators, Drivers, guests, support users, and other people who interact with the Platform, unless we provide a separate notice for a specific service or relationship.
We may apply stricter age, eligibility, verification, or feature-access rules in particular cases. We do not knowingly allow underage users into account types or features that require a higher minimum age.
We collect personal information directly from you, automatically from your use of the Platform, from other Platform participants, from service providers, and from devices or systems you use with the Platform.
This may include:
This may include:
If you use the Platform as a Food Creator, we may collect:
If you use the Platform as a Driver, we may collect:
This may include:
This may include:
Depending on your device, account type, settings, and use of the Platform, we may collect information linked to your use of:
Unless we expressly tell you otherwise for a specific feature, we do not seek to collect or store the raw Face ID, fingerprint, or other biometric template used by your device for local authentication.
Some information you choose to provide, such as allergy details, dietary restrictions, or health information in a complaint or safety report, may amount to special category data under data protection law.
Where required by law, we rely on your explicit consent, your manifest choice to provide the information for a specific purpose, legal claims handling, substantial public interest, or another lawful condition that applies to the circumstances.
We use personal information where necessary to operate, improve, protect, and support the Platform. This may include using your information:
Depending on the context, we process personal information under one or more of the following legal bases under UK GDPR:
We process personal information where necessary to enter into or perform our contract with you, including:
We process personal information where necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. These interests may include:
We rely on consent where required, including for example:
You can withdraw consent at any time, although this does not affect processing already carried out lawfully before withdrawal.
We process personal information where necessary to comply with legal or regulatory obligations, including obligations relating to tax, accounting, anti-fraud, safety, investigations, law enforcement, court orders, and similar requirements.
In limited circumstances, we may process information to protect someone from serious harm, to address urgent safety incidents, or to establish, exercise, or defend legal claims.
To make our use of data clearer, the following are common examples of how categories and legal bases fit together:
We share personal information only where we believe it is necessary, appropriate, and lawful.
Depending on the workflow:
We may share information with service providers acting on our instructions, such as:
We may share information with:
where reasonably necessary and lawful.
If we are involved in a merger, acquisition, financing, restructure, or sale of assets, personal information may be disclosed to relevant counterparties and advisers subject to appropriate safeguards.
Some service providers or counterparties may be located outside the UK. Where we transfer personal information internationally, we take steps designed to ensure a comparable level of protection, such as:
We retain personal information only for as long as reasonably necessary for the purposes described in this Policy, including for legal, accounting, tax, fraud-prevention, safety, moderation, copyright, payout, support, and dispute reasons.
Retention periods vary depending on the information and context. For example:
We may also retain derived records, audit trails, redaction logs, payout adjustments, moderation outcomes, and similar operational records where necessary.
We may use automated systems, rules, ranking models, or AI-assisted systems to help with:
These systems may use information such as account activity, preferences, location, order history, reliability signals, safety signals, and related Platform context.
These tools help us operate and improve the Platform, but they do not replace all human judgment. If you believe an automated process has affected you unfairly, you may contact us to request review and, where applicable, human intervention.
Some automated or partially automated processes may contribute to eligibility, fraud, payout, moderation, recommendation, visibility, routing, or support outcomes, although human review may also be involved depending on the workflow.
Where applicable, you may also ask us for more information about the relevant decision process, the main categories of information involved, and the available review options.
AI-generated or AI-assisted outputs may be incomplete or wrong and should not be treated as medical, dietary, allergy, food-safety, legal, or other professional advice.
We and our partners may use cookies, SDKs, pixels, local storage, and similar technologies to:
Your account or device settings may also let you control certain data uses such as analytics, marketing, personalization, discoverability, map visibility, or online-status sharing, but some service and safety uses remain necessary for the Platform to function.
You can manage cookies and similar technologies through our cookie controls, your browser settings, device settings, and other mechanisms we make available. Some features may not work properly if certain technologies are disabled.
Subject to applicable law, you may have the right to:
To exercise your rights, contact us using the details at the end of this Policy. We may need to verify your identity before we can fully respond. We may also need to retain or refuse deletion of some information where the law allows or requires us to do so.
We use technical and organisational measures designed to protect personal information, including measures such as:
No system can be guaranteed completely secure. You are also responsible for using unique passwords or secure sign-in methods and keeping your credentials and devices secure.
The Platform may contain third-party services, links, content, or integrations. We are not responsible for the privacy practices of third parties acting outside our instructions. Their own notices and policies may apply.
We may update this Privacy Policy from time to time to reflect changes in the Platform, our practices, legal requirements, or other operational reasons.
Where legally required, we will provide appropriate notice of material changes. Your continued use of the Platform after the effective date of an update means you accept the updated Policy, except where applicable law requires another form of consent.
If you have concerns about how we handle your personal information, you may contact us first and we will try to resolve them.
You also have the right to complain to the UK Information Commissioner's Office:
ICO Website: www.ico.org.uk
Helpline: 0303 123 1113
Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
If you have questions about this Privacy Policy, want to exercise your rights, or want to contact us about privacy, safety, moderation, or retention issues, please contact us:
Email: privacy@cribnosh.co.uk
Data Protection Contact: dpo@cribnosh.co.uk
Address: CribNosh Ltd, 50 Southhouse Broadway, Edinburgh, EH17 8AR, United Kingdom