Privacy Policy

Last updated: 14 July 2026

1. Who we are

ScanServe ("we", "us", "our") operates the digital ordering and loyalty platform available at prismcodelabs.com and via in-venue QR codes. If you have any questions about this policy, contact us at prismcodelabs@gmail.com.

2. What data we collect

When you join our loyalty programme we collect:

  • Email address or phone number: used to identify your account and send loyalty updates.
  • Order history: items ordered, totals, date and time, and table or pickup session.
  • Points balance and reward redemptions: used to operate the loyalty programme.

We do not collect payment card details. All card payments are processed directly by Stripe and subject to their privacy policy.

3. How we use your data

We use your data to:

  • Track and award loyalty points on your purchases.
  • Send you loyalty point updates and, where you have opted in, promotional offers from ScanServe.
  • Operate and improve our ordering platform.
  • Comply with legal obligations (e.g. financial record-keeping).

We do not sell your data to third parties. We do not use your data for automated decision-making that produces legal or similarly significant effects.

4. Legal basis for processing (GDPR)

If you are in the European Economic Area, the United Kingdom, or another jurisdiction with similar data protection laws, we process your personal data on the following legal bases:

  • Consent: you give explicit consent when you enter your email or phone number to join the loyalty programme.
  • Legitimate interests: we use order data to operate and improve our service.
  • Legal obligation: we retain certain records as required by law.

5. Data retention

We retain your personal data for as long as your loyalty account is active. If you request deletion, we will remove your personal data within 30 days, except where we are required to retain it by law (e.g. financial records for 7 years).

6. Your rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your account and personal data.
  • Withdraw consent at any time. This will not affect the lawfulness of processing before withdrawal.
  • Object to or restrict certain processing.
  • Data portability: receive your data in a structured, machine-readable format.

To exercise any of these rights, email us at prismcodelabs@gmail.com. We will respond within 30 days.

7. Unsubscribing from emails

Every marketing email we send contains an unsubscribe link. You can also email us directly to opt out. Transactional messages (e.g. point balance updates triggered by your own actions) may still be sent while your account is active.

8. Cookies and local storage

Our platform uses browser localStorage to store your session (table or pickup) so you don't need to re-scan the QR code within the same visit. No cross-site tracking cookies are used. We do not use advertising cookies.

9. Third-party services

We use the following third-party services which may process your data under their own privacy policies:

  • Supabase: database and authentication hosting (EU region).
  • Stripe: payment processing. Stripe does not share card details with us.
  • Vercel: web hosting and edge network.
  • Resend: transactional and marketing email delivery.

10. Changes to this policy

We may update this policy from time to time. The "last updated" date at the top of this page will reflect any changes. Continued use of the platform after changes constitutes acceptance of the updated policy.

11. Contact

ScanServe
Email: prismcodelabs@gmail.com
Website: prismcodelabs.com