Alpacap Limited Privacy Policy
1. Introduction
Alpacap Limited (“Alpacap”, “we”, “us”, “our”) respects your privacy and complies with UK GDPR and the Data Protection Act 2018. This Policy explains how we collect, use, and protect data. Alpacap is registered with the Information Commissioner’s Office (ICO) under reference ZB828883.. This Privacy Policy sets out how we collect, use, store, and share data in connection with our services (“Services”), including our platform, integrations, and related support.
Our Services are provided primarily to foodservice operators (including restaurants, cafés, caterers, hotels, takeaways, and other businesses preparing or serving food outside the home).
Alpacap is the data controller of personal data processed in connection with the Services, unless otherwise specified.
Our Contact Details
- Name: Alpacap Limited
- Address: 9th Floor, 107 Cheapside, London, United Kingdom, EC2V 6DN
- Email: help@alpacap.com
- Date of Last Update: 22 September 2025
2. Data we collect
We may collect and process the following categories of data:
- Account Information: name, job title, business email, telephone number, login credentials, billing details.
- Financial Data: bank account balances, transactions, counterparties, dates, and amounts obtained through Open Banking (with your authorisation).
- POS Data: sales data, payment records, timestamps, itemised transactions from your point-of-sale (POS) system.
- Invoices and Receipts: uploaded or forwarded invoices/receipts containing supplier names, dates, line items, and amounts, processed using optical character recognition (OCR).
- Usage Data: information about how you use the platform, such as log data, device identifiers, IP address, and interactions.
- Aggregated and Anonymised Data: derived from Customer Data but stripped of personal and business identifiers, used for benchmarking and analytics.
3. How We Collect Data
- Directly from you: when you create an account, upload invoices, or enter information.
- Through integrations: when you connect bank accounts, POS systems, or email accounts for invoice forwarding.
- Automatically: via cookies, tracking technologies, and system logs when you use the platform.
- From third parties: such as Open Banking providers, POS vendors, or authorised processors.
4. Purposes of Processing
We process data for the following purposes:
- To provide and operate the Services, including reporting, integrations, and invoice processing.
- To generate insights, benchmarking, and analytics, using only Aggregated and Anonymised Data.
- To improve, maintain, and secure our Services.
- To comply with legal and regulatory requirements.
- To communicate with you, including service updates, billing notices, and (with consent) marketing.
5. Lawful Basis for Processing
We rely on the following lawful bases under UK GDPR:
- Contractual necessity – where processing is required to deliver the Services you have subscribed to.
- Consent – for specific optional activities, such as connecting POS or Open Banking integrations, or receiving marketing communications.
- Legitimate interests – including improving Services, conducting anonymised benchmarking, ensuring platform security, and preventing fraud.
- Legal obligation – where processing is required to comply with applicable law.
6. Sharing of Data
We do not sell or trade personal data. We may share data in the following circumstances:
- With service providers (sub-processors): cloud hosting, OCR technology, analytics, and payment providers, under written contracts requiring confidentiality and data protection.
- With integrated third-party services: where you explicitly authorise an integration (e.g. Open Banking, POS systems).
- With professional advisers: auditors, legal advisers, and consultants under confidentiality duties.
- For legal compliance: if required by law, regulation, or valid legal process.
- Aggregated/Anonymised data: shared for research, benchmarking, and industry insights, never in a form that identifies you.
7. Data Retention
- We retain personal data only as long as necessary to fulfil the purposes outlined in this Policy.
- Following account termination, we will delete or anonymise personal data within six (6) months, unless longer retention is required by law (e.g. tax or accounting obligations).
- Aggregated and anonymised data may be retained indefinitely.
8. Your Rights
Under UK GDPR, you have the following rights in relation to your personal data:
- Right to access – to obtain a copy of the data we hold about you.
- Right to rectification – to correct inaccurate or incomplete data.
- Right to erasure – to request deletion of your data, subject to legal obligations.
- Right to restrict processing – to limit how we process your data in certain circumstances.
- Right to object – to processing based on legitimate interests or for direct marketing.
- Right to data portability – to receive your data in a structured, commonly used format.
To exercise these rights, contact us at help@alpacap.co.uk. We will respond within one month, or longer where permitted by law.
9. Security
We use appropriate technical and organisational measures to safeguard data, including encryption, access controls, secure servers, and monitoring for threats.
In the event of a data breach likely to affect rights and freedoms, we will notify you and the ICO without undue delay, as required by law.
10. International Transfers
Where data is transferred outside the UK or EEA, we ensure appropriate safeguards, such as adequacy regulations or standard contractual clauses, are in place to protect data.
11. Cookies and Tracking
We may use cookies and similar technologies to enhance your experience and analyse usage. You can manage cookie preferences through your browser settings.
12. Changes to this Policy
We may update this Policy from time to time. Updates will be posted on our website with the revised “Last Updated” date. Where changes are material, we will notify you by email or through the platform.
13. Complaints
If you are dissatisfied with how we handle your data, please contact us first. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO): www.ico.org.uk.
14. Contact
Alpacap Limited
9th Floor, 107 Cheapside
London, EC2V 6DN
United Kingdom
Email: help@alpacap.com