Privacy Notice

Last updated: 26 May 2026

This privacy notice explains how RBT Systems Limited, trading as OPSoft, handles personal and operational data in connection with the OPSoft platform, marketing website at opsoft.co.uk, and authorised marketplace or API integrations.

1. Who we are

We are RBT Systems Limited, a company registered in England and Wales, trading as OPSoft. For privacy questions, data requests or security reports, please contact us at support@opsoft.co.uk. Our website is opsoft.co.uk.

2. Marketplace and API integrations

Where enabled or authorised by the restaurant or merchant, OPSoft may connect to third-party marketplace, ordering or delivery providers, including:

• Uber Eats
• Deliveroo
• Foodhub
• Just Eat
• other ordering, delivery or marketplace platforms added in future

These integrations only operate where the restaurant or merchant has authorised the connection. Provider access may be subject to the provider’s own terms, policies and privacy notices, and may require approval, onboarding or eligibility checks by the provider. OPSoft does not claim that every marketplace integration is fully live, generally available, or available to every customer.

3. Data we may process

Depending on the features enabled and the providers connected, OPSoft may process:

• restaurant or merchant account details
• store, branch or location details
• menu, pricing, availability and product data
• order data, including line items and totals
• customer order, contact or delivery-related data where provided by a marketplace
• delivery or fulfilment information where provided
• special instructions, allergy notes or customer notes included in orders
• operational logs, audit logs, support records and troubleshooting data
• API and OAuth connection metadata
• integration status, error messages and provider response metadata
• account user details for OPSoft staff or merchant users (name, email, role)

Some of this data may originate from the marketplace or delivery provider rather than from OPSoft directly.

4. How we use this data

Marketplace and API data may be used to:

• connect authorised marketplace accounts
• receive, display and manage orders
• support menu, store, availability or operational synchronisation where enabled
• provide operational reporting and reconciliation
• support, troubleshoot and monitor security of the service
• produce audit evidence and run system integrity checks
• improve reliability of authorised integrations

5. Security and access tokens

• API tokens, OAuth credentials and provider secrets are handled server-side.
• They are not intentionally exposed in browser or client-side code.
• Access is limited to authorised systems and authorised personnel.
• OPSoft uses reasonable technical and organisational measures to protect integration data, including transport encryption, access controls and logging.
• No secret values (such as passwords, access tokens, refresh tokens, client secrets, or signing keys) should be sent through standard support channels unless OPSoft has specifically requested them through a secure process.

6. Data sharing

Data may be exchanged between:

• OPSoft
• the restaurant or merchant operating the account
• the relevant marketplace, ordering or delivery provider
• infrastructure and service providers used to operate OPSoft, such as hosting, database, email and monitoring providers

Marketplace and delivery providers operate their own platforms and have their own privacy notices and terms. Where they act as separate controllers of personal data, their handling of that data is governed by their own policies.

7. Retention

OPSoft keeps operational, support, audit, security and accounting records only as long as is reasonably needed for service delivery, legal, accounting, security, audit or legitimate business purposes. Some records, for example those needed for financial reporting, tax, regulatory or audit purposes, may need to be retained for longer periods. Where retention obligations end, records may be deleted, archived or anonymised in line with our internal processes.

8. Individual rights and contact

Individuals may have rights under applicable data protection law, including the right to access, correct, restrict or object to the processing of their personal data, and in some cases to request deletion or portability.

• To make a request or ask a privacy question, contact support@opsoft.co.uk.
• Some requests may need to be handled by the restaurant or merchant, or by the marketplace provider, depending on who controls the relevant data.
• OPSoft may need to verify the requester’s identity or authority before acting on a request.

9. Compliance and approvals

• OPSoft supports readiness, record keeping, operational controls and audit evidence.
• OPSoft does not guarantee legal compliance and does not provide legal advice.
• OPSoft does not claim regulator or marketplace provider certification, approval or endorsement unless this is expressly stated in a formal written agreement.
• Compliance, licensing, employment, food safety, payment and tax decisions remain the responsibility of the restaurant or merchant.

10. Security incidents

• OPSoft will investigate suspected security incidents involving its systems or integrations.
• Where legally or contractually required, OPSoft will notify affected customers, providers, regulators or other parties.
• Notification timing depends on the nature of the incident and applicable legal or contractual obligations.
• Suspected vulnerabilities or incidents can be reported to support@opsoft.co.uk.

11. Changes to this notice

OPSoft may update this privacy notice from time to time to reflect changes in the service, in integrations, or in legal or regulatory requirements. Material changes will be reflected by updating the “Last updated” date above.