Privacy Policy

Effective Date: 30 March 2026

Who We Are

Candour is operated by Sullivan Applications Ltd, a company registered in England and Wales. When this policy refers to "we", "our", or "us", it means Sullivan Applications Ltd.

Candour is a platform that gives restaurants, cafes, pubs, and other food businesses a single QR code linking their customers to a digital menu, Wi-Fi, loyalty stamp cards, and a feedback form - with no app download required.

This policy explains what data we collect, why we collect it, and how we handle it. We keep it in plain English.

The Two Types of People Who Use Candour

Candour has two distinct groups of users, and we treat their data differently:

• Business owners - restaurants, cafes, pubs, and similar businesses that create a Candour account to manage their profile.
• Customers - members of the public who tap a QR code or NFC stand at a venue. No account or app download is needed.

Data We Collect From Business Owners

Account Information

When you create a Candour account, you sign in with Apple. We receive your Apple user ID and, if you choose to share it, your email address. We also ask you to provide your business name and address to set up your profile.

Menu Data

If you use the digital menu feature, you can upload photos of your menu or enter menu items manually. These files are stored securely in Google Firebase Storage. If you use our AI menu reader, images or text are sent to Anthropic's API to extract menu items automatically. We do not use your menu data to train AI models.

Wi-Fi Credentials

If you use the Wi-Fi feature, your Wi-Fi network name (SSID) and password are stored in our database so they can be shared with customers who tap your QR code. This data is encrypted at rest.

Loyalty and Customer Analytics

If you use the loyalty stamp card feature, we store stamp counts and card status linked to anonymous customer identifiers. We provide you with aggregate analytics (e.g. total stamps issued, cards completed). No personally identifiable information about your customers is collected by Candour in connection with loyalty.

Subscription and Billing

Candour subscriptions are processed through Apple's App Store using StoreKit. Apple handles all payment information - we never see or store your card details. We receive confirmation of your subscription status from Apple to unlock the relevant features in the app.

If you purchase physical products (QR stands) through the Candour in-app shop, payments are processed by Stripe. Stripe handles all payment data in accordance with their own privacy policy. We receive order confirmation and fulfilment details only.

Feedback Received at Your Venue

Feedback submitted by your customers through your Candour profile is stored in our database and made available to you in your dashboard. See the section below on customer data for what is collected from the person submitting feedback.

Data We Collect From Customers

Customers are people who tap a QR code or NFC stand at a venue. We deliberately collect as little data as possible from this group.

• Feedback text - if a customer submits feedback, we store the text of their response. No name, email, or account is required. Feedback is anonymous.
• AI sentiment analysis - feedback text is sent to Anthropic's API to determine whether the sentiment is positive or negative. This determines whether the customer is invited to leave a Google review. We do not use feedback text to train AI models.
• Google Reviews redirect - if feedback is positive, the customer may be shown a prompt to leave a Google review. Clicking that link takes them to Google, which is governed by Google's own privacy policy. We do not receive any data from Google about whether they completed a review.
• No tracking or advertising - we do not place tracking cookies, serve ads, or build profiles on customers who tap a Candour QR code.

How We Use Your Data

• To create and manage your Candour account and business profile
• To provide the features you have enabled (menu, Wi-Fi, loyalty, feedback)
• To process and confirm your subscription or shop orders
• To provide you with feedback and loyalty analytics in your dashboard
• To improve the reliability and quality of our service
• To contact you about your account or service updates

We do not sell your data. We do not use your data for advertising.

Third-Party Services We Use

Candour is built on a number of third-party services. Here is what each one does and why we use it:

• Google Firebase - our database (Firestore), file storage, and backend infrastructure. Your data is stored on Google Cloud servers, primarily in the EU. Firebase is operated by Google LLC.
• Anthropic - we use Anthropic's AI API to analyse feedback sentiment and to parse menu content. Text or images are sent to Anthropic's servers for processing. Anthropic does not retain this data for model training.
• Apple - account sign-in is handled by Apple. Subscriptions are processed through the App Store. Apple Wallet passes for loyalty cards are generated and delivered via Apple's infrastructure.
• Stripe - payment processing for physical product orders placed through the in-app shop.
• Google - positive feedback may prompt customers to leave a review on Google. We link to Google Reviews but do not exchange personal data with Google in this flow.

International Data Transfers

Some of our third-party service providers, including Anthropic, are based in the United States. When we send data to these providers for processing (for example, feedback text for sentiment analysis or menu images for AI parsing), that data may be transferred to and processed in the US or other countries outside the UK and European Economic Area.

Where such transfers occur, we rely on appropriate safeguards, including standard contractual clauses approved by the UK Information Commissioner's Office (ICO), to ensure your data is protected to a standard equivalent to UK GDPR. By using Candour, you acknowledge that your data may be processed in this way.

Data Retention

We keep your business account data for as long as your account is active. If you close your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or financial compliance purposes.

Feedback submitted by customers is retained for as long as your account is active, so you can access your history. Anonymous feedback has no associated individual to delete.

If you disable the Wi-Fi feature, your stored Wi-Fi credentials (network name and password) are deleted from our systems immediately. If your account is closed, any stored Wi-Fi credentials are deleted as part of the standard account deletion process.

Your Rights

If you are a business owner with a Candour account, you have the following rights under UK GDPR:

• Access - you can request a copy of the data we hold about you.
• Correction - you can ask us to correct inaccurate data.
• Deletion - you can ask us to delete your account and associated data.
• Portability - you can request your data in a portable format.
• Objection - you can object to certain types of processing.

To exercise any of these rights, contact us at the email address below. We will respond within 30 days.

Data Security

We take reasonable steps to protect your data, including encryption at rest, secure HTTPS connections, and access controls on our backend systems. No system is completely immune to risk, and we cannot guarantee absolute security, but we take this responsibility seriously.

Children

Candour is not intended for use by anyone under the age of 18. We do not knowingly collect data from children.

Changes to This Policy

We may update this policy from time to time. If we make significant changes, we will notify business account holders by email. The effective date at the top of this page will always reflect the most recent version.

Contact Us

If you have any questions about this policy or want to exercise your data rights, please contact us at contact@candour.app.

Sullivan Applications Ltd, United Kingdom.