Privacy & Cookie Policy

This Privacy & Cookie Policy explains how BunnyAtHome collects, uses, stores, and shares personal data when you visit our website, create an account, place an order, manage a subscription, contact support, or interact with our community and marketing features.

We are a UK food ordering and delivery service. We aim to collect only the information we need to run the service, fulfil orders, support customers, improve the product, and meet our legal and operational obligations.

Depending on how you use BunnyAtHome, we may collect the following categories of data:

• Account details: name, email address, password-based or magic-link sign-in details, and account preferences.
• Profile information: phone number, preferred name, avatar, dietary preferences, spice level, language, timezone, and communication preferences.
• Order and delivery details: cart contents, saved boxes, delivery address, order notes, delivery instructions, selected slot, order history, and tracking updates.
• Payment and billing data: payment intent references, subscription identifiers, invoice references, and billing status. Card details are handled by Stripe and are not stored directly in our application database.
• Support and communications: support ticket content, contact form messages, customer service replies, transactional emails, and marketing preferences.
• Loyalty, referrals, and promotions: referral codes, points balance, promotion usage, and rewards activity.
• Technical and device data: authentication cookies, local storage and session storage entries needed for sign-in, cart persistence, cookie preferences, and similar essential site functionality.

We use personal data to operate BunnyAtHome and support our customers, including to:

• create and secure accounts, including password reset and sign-in flows
• process orders, payments, delivery scheduling, and subscriptions
• send essential service communications such as order confirmations, payment updates, and delivery notifications
• respond to support requests and keep internal records of customer service interactions
• run loyalty, referral, and promotional features, including validating eligibility and preventing misuse
• respect and store your notification and communication preferences
• maintain fraud prevention, security, auditing, and internal administration records
• comply with legal, tax, accounting, and consumer protection obligations

Where UK GDPR applies, we rely on one or more of the following lawful bases:

• Contract: to create your account, take payment, deliver orders, manage subscriptions, and provide customer support linked to our service.
• Legitimate interests: to prevent fraud, secure the platform, improve operations, maintain internal admin records, and send limited service-related communications.
• Consent: where we rely on your choices for non-essential cookies or optional marketing preferences.
• Legal obligation: where we need to keep records or process data to meet legal, accounting, tax, or regulatory duties.

We do not sell your personal data. We share it only where needed to run BunnyAtHome or where we are required to do so.

• Supabase: hosting key parts of our database, authentication, and storage infrastructure.
• Stripe: processing payments, billing, customer payment profiles, and subscription management.
• Resend: sending transactional and operational emails, and selected marketing emails where your settings allow it.
• Sendcloud and delivery partners: creating shipment records, tracking deliveries, and sharing the information needed to fulfil orders.
• Service providers and advisers: where reasonably necessary for security, compliance, hosting, maintenance, or professional advice.

We use essential technologies to keep BunnyAtHome working properly. These include sign-in session handling, remembering your cart, and storing your cookie preference.

• Essential cookies and storage: used for account sessions, checkout continuity, cart persistence, password reset flow state, and basic site settings.
• Cookie preference storage: when you choose cookie settings, we store that choice locally on your device.
• Optional technologies: if we introduce non-essential analytics, advertising, or similar tools, we will aim to explain that in this policy and, where needed, ask for the appropriate consent.

You can also manage cookies in your browser settings. Some parts of the site may not work correctly without essential technologies.

We send service communications that are necessary to run your account, orders, deliveries, subscriptions, payments, and support requests.

We may also send marketing or promotional communications where your account settings allow it. You can update your communication and notification preferences in your account settings or contact us to opt out of future marketing.

Features for SMS or messaging preferences may appear in your account. Where those channels are offered, we will use them in line with your settings and the service in operation at that time.

We keep personal data only for as long as reasonably necessary for the purposes described in this policy, including to fulfil orders, manage subscriptions, resolve disputes, keep business records, and meet legal or regulatory obligations.

If you ask to close your account, we may anonymize certain profile data while retaining information that we need for order history, accounting, compliance, fraud prevention, or legitimate business records.

Subject to applicable law, you may have the right to:

• ask for access to the personal data we hold about you
• ask us to correct inaccurate or incomplete information
• ask us to delete or restrict certain data
• object to certain processing
• request a copy of data you provided to us in a portable format
• withdraw consent where processing depends on consent

The app also includes account tools that may help you manage your information, such as updating profile settings, exporting account data, and requesting account closure.

To exercise your rights, contact info@bunnyuk.co.uk. If you are unhappy with how we handle your personal data, you may also have the right to complain to the relevant data protection authority.

Some of our service providers may process data outside the UK. Where that happens, we expect appropriate safeguards to be used in line with applicable data protection law.

We also take steps designed to protect personal data, including access controls, authenticated account access, and the use of established service providers for infrastructure, payments, and communications. No system can be guaranteed to be completely secure, so we encourage you to use a strong password and protect your account credentials.

If you have questions about this policy, your data, or your rights, please contact us at info@bunnyuk.co.uk.

We may update this page from time to time to reflect changes to the service, our legal obligations, or the way we process personal data.