Table Flow Hospitality
Last updated: 21 May 2026
This generic privacy policy is written for a UK hospitality software service and references UK GDPR, the Data Protection Act 2018 and PECR principles. It is not legal advice and should be checked before launch.
Table Flow Hospitality provides reservation, waitlist, guest communication, staff workflow, payment-link, integration and reporting tools for hospitality businesses. For platform administration and our own website enquiries, Table Flow Hospitality acts as controller. For restaurant guest data processed for a restaurant customer, the restaurant is usually the controller and Table Flow Hospitality acts as processor.
We may process names, email addresses, phone numbers, booking details, party size, seating preferences, accessibility requirements, special requests, arrival/check-in information, staff account details, business contact details, support messages, audit logs, IP addresses, device information and integration status. Restaurants may also record guest notes such as dietary preferences or allergies where needed for service.
We use personal data to provide bookings, send confirmations and reminders, manage waitlists, notify guests when tables are ready, support staff accounts, connect integrations, process service requests, protect the platform, keep audit records, improve the service and comply with legal duties.
Depending on the activity, we may rely on contract, legitimate interests, consent, legal obligation, or vital interests where important safety information such as allergy or accessibility details is needed for a booking. Marketing messages should only be sent where the restaurant or Table Flow has a lawful basis to do so.
Data may be shared with the restaurant handling the booking, authorised staff users, payment providers, email and SMS providers, hosting providers, analytics and monitoring tools, POS or calendar integrations, professional advisers, regulators, or law enforcement where required. We do not sell personal data.
Payment details are handled by third-party payment providers. Table Flow Hospitality does not store raw card details. We may store payment status, receipt references, deposit status and transaction identifiers needed to manage reservations and reporting.
Some providers may process data outside the UK. Where this happens, appropriate safeguards should be used, such as adequacy regulations, the UK International Data Transfer Agreement, approved addendum, or equivalent protections required by UK data protection law.
Personal data is kept only for as long as needed for bookings, restaurant operations, account management, legal obligations, dispute handling, security and reporting. Retention periods may differ depending on the restaurant, account settings and legal requirements.
We use technical and organisational measures designed to protect personal data, including access controls, role-based permissions, audit logging, encryption in appropriate places, secure webhooks and operational monitoring. No system can be guaranteed completely secure.
The website and platform may use necessary cookies or local storage for login sessions, security, preferences and service operation. Analytics or marketing cookies should only be used where legally permitted and, where required, with consent.
Under UK data protection law, individuals may have rights to access, correct, delete, restrict, object to processing, request portability, and withdraw consent where consent is used. Some requests about restaurant bookings may need to be handled by the restaurant as controller.
If you have a privacy concern, contact support@tableflow.uk first so it can be reviewed. You may also have the right to complain to the Information Commissioner's Office in the UK.
For privacy questions, contact support@tableflow.uk. This generic privacy policy should be reviewed by a qualified legal adviser before commercial launch and updated with final company details, registered address, processor list and retention periods.