Last updated: 2 June 2025
GoDeli ("we", "us", "our") operates the GoDeli platform at godeli.ie. This policy explains what personal data we collect, why we collect it, how it is used, and your rights under the EU General Data Protection Regulation (GDPR) and Irish data protection law.
We take your privacy seriously. We collect only what is necessary, we do not sell or share your data for advertising, and we do not use tracking or profiling technologies.
GoDeli is the data controller for personal data processed through this platform. If you have questions about this policy or wish to exercise your rights, contact us at hello@godeli.ie.
| Data | Purpose | Legal basis |
|---|---|---|
| First name | So the deli can identify your order at collection | Contract performance (Art. 6(1)(b)) |
| Items ordered, customisations, total | To fulfil your order and generate a receipt | Contract performance (Art. 6(1)(b)) |
| Geolocation (if you allow it) | To sort nearby delis by distance | Consent (Art. 6(1)(a)) — you can decline or revoke via browser settings |
We do not collect your email address, phone number, or payment card details as a customer. Payment is handled directly by SumUp.
| Data | Purpose | Legal basis |
|---|---|---|
| Email address | Account authentication | Contract performance (Art. 6(1)(b)) |
| Business name, address, phone, hours, menu | To display your deli listing and accept orders | Contract performance (Art. 6(1)(b)) |
| Orders received (customer names, items, totals) | Order fulfilment and business analytics | Contract performance (Art. 6(1)(b)) |
| Aggregated order statistics | AI-generated business insights shown to the deli owner | Legitimate interests (Art. 6(1)(f)) — only anonymised totals are sent to OpenAI, no customer personal data |
We use the following third parties to operate this service. Each is bound by a Data Processing Agreement and processes data only on our instructions.
| Processor | Purpose | Location |
|---|---|---|
| Google Firebase (Google LLC) | Authentication and database storage | EU data centres where possible; subject to Google's Standard Contractual Clauses |
| SumUp Payments | Card payment processing — PCI-DSS Level 1 compliant | EU |
| OpenAI | Generating business insights for deli owners using aggregated, non-personal statistics only | USA — subject to Standard Contractual Clauses |
| Mapbox | Address search and geocoding during deli setup | USA — subject to Standard Contractual Clauses |
We do not use Google Analytics, Meta Pixel, or any advertising or tracking technologies.
If you are in the EU or UK, you have the following rights:
To exercise any of these rights, email us at hello@godeli.ie. We will respond within 30 days. You also have the right to lodge a complaint with the Data Protection Commission of Ireland (dataprotection.ie).
See our Cookie Policy for full details. We use only technically necessary storage — no advertising or tracking cookies.
All data is transmitted over HTTPS. Authentication credentials are hashed by Firebase and never accessible to us. Payment card data is processed entirely by SumUp and never passes through our systems.
Our service is not directed at children under 16. We do not knowingly collect personal data from children.
We may update this policy from time to time. We will notify deli owners of material changes by email. The date at the top of this page always reflects the most recent version.
Questions? Email us at hello@godeli.ie