This Privacy Policy explains how Carpia (operated by Side Alley Ltd) collects, uses, stores, and protects personal data when you interact with our services, including our website, onboarding, support, and direct ordering tools. It also explains how data flows between Carpia, technology partners (such as the online ordering platform provider), and third-party services.
Your privacy is important, and this statement is intended to be clear, transparent, and compliant with applicable data protection laws, including the UK GDPR.
1. Who We Are & Scope
Carpia (a brand of Side Alley Ltd) is the commercial, onboarding, and relationship layer for restaurants using direct ordering solutions.
We do not control the core ordering platform provided by our technology partner, and we are separate from that partner’s own privacy practices. Secondly, delivery operations are handled by third-party delivery partners.
This policy applies to personal data we collect and process in connection with Carpia services. It does not cover the privacy practices of:
technology partners providing platform functionality (see Order Tiger policies)
delivery partners
payment providers
other third-party services outside Carpia’s direct control
2. What Personal Data We May Collect
2.1 These Terms govern only the Services provided by Carpia.
2.2 Your use of the Direct Ordering Platform is governed by a separate agreement between you and the Technology Partner.
2.3 Delivery services are provided by Delivery Partners under their own terms. Carpia is not a delivery provider.
2.4 Nothing in these Terms creates a franchise, partnership, agency, or employment relationship.
3. How We Use Personal Data
Carpia may use personal data for:
Setting up and managing your Carpia account
Facilitating onboarding with technology partners
Providing support or responding to enquiries
Improving our services and user experience
Fulfilling legal and compliance obligations
We will only use your data when we have a legal basis to do so (e.g. contract performance, legitimate interest, consent where relevant).
4. Technology Partners & Third-Party Sharing
Some processing is carried out by our technology partner (ordering platform provider) or other third parties we engage in order to deliver services.
For clarity:
Carpia does not control the technology partner’s data collection or processing practices. You should review their own privacy policy for data collected and retained by them, which may include names, addresses, device, and usage data collected during ordering flows.
Delivery partners, payment processors, and analytics providers process data under their own policies.
We do not sell personal data to unrelated third parties.
5. Legal Basis for Processing
We rely on one or more of the following:
Contractual necessity — to perform services requested (onboarding, support)
Legitimate interests — to improve services, maintain security, and prevent fraud
Legal obligation — to comply with applicable law
Consent — when specific permissions are requested (e.g., marketing emails)
6. Data Security and Storage
We implement reasonable physical, technical, and organisational safeguards to protect personal data against loss, theft, misuse, or unauthorised access. We continuously review and update these practices as technology evolves.
However, no system is completely secure, and we cannot guarantee absolute protection.
7. Data Retention
We will retain personal data only for as long as necessary to fulfil the purposes described in this policy and in accordance with legal retention requirements.
Data associated with accounts that are no longer active may be archived or deleted unless otherwise required to be retained by law.
8. Your Rights Under UK GDPR
You have the right to:
Request access to your data
Correct or update inaccurate data
Request deletion (subject to legal obligations)
Object to or restrict certain processing
Withdraw consent where consent has been relied upon
To exercise your rights, contact support@carpia.ai.
Note: Rights may vary depending on your relationship with the technology partner or other data controllers.
9. Cookies and Tracking
We and our partners use cookies and similar technologies to:
Improve website performance
Analyse site usage
Provide personalised features
You can configure or disable cookies via your browser settings. Disabling some cookies may impact the functioning of parts of the site.
10. Changes to This Policy
We may update this Privacy Policy over time to reflect changes in law or service updates. Updated policies will be posted on our website with an updated effective date.
11. Limitations of Liability
Carpia is not liable for:
Data practices of technology partners, delivery partners, or payment processors
Loss or misuse of personal data outside our direct control
Any indirect or consequential harm arising from use of third-party platforms
Each of those parties operates under its own privacy policy and terms.
12. Contact Us
If you have questions or complaints about this policy or your data held by Carpia:
support@carpia.ai
