Privacy Policy

Raju Sauces is the data controller for personal data collected through the Raju B2B portal at b2b.rajusauces.com.

Contact: privacy@rajusauces.com
ICO registration number: [to be added]

When you apply for a trade account we collect: business name, contact name, email address, phone number, billing address, delivery address, job role, business type, estimated order volume, and any notes you provide.

When you use the portal we collect: login and session activity, order history (items, quantities, prices, delivery address), payment metadata (never full card details — those are held by Stripe), and any contact log entries our team records when we speak with you.

Under UK GDPR we only process personal data where we have a lawful basis to do so. Our bases are:

• Performance of a contract (Art. 6(1)(b)) — to provide the portal, process your orders, take payment, and ship goods to you.
• Legitimate interests (Art. 6(1)(f)) — to run our wholesale business, improve the portal, detect fraud, maintain customer records, and follow up on unpaid invoices.
• Legal obligation (Art. 6(1)(c)) — to keep tax and accounting records as required by UK law.
• Consent (Art. 6(1)(a)) — only where you have explicitly opted in, e.g. to receive product updates. You can withdraw consent at any time.

We do not use your data for marketing without your explicit consent, and we never sell or rent personal data.

We rely on the following processors, each of which is contractually bound to protect your data and process it only on our instructions:

• Stripe — payment processing (stripe.com/privacy). Stripe acts as a separate controller for your payment data.
• Supabase — database and authentication (supabase.com/privacy).
• Resend — transactional email, e.g. password reset links (resend.com/legal/privacy-policy).
• Vercel — application hosting (vercel.com/legal/privacy-policy).

We don't share personal data with third-party advertisers or data brokers.

Supabase stores our database and authentication records in its West EU (Ireland) region. Resend stores transactional email metadata in the EU. Vercel serves our application through its global CDN; origin compute is selected per-region and typically runs in the EU. Stripe is a global payments processor headquartered in the US and operates under the EU-US Data Privacy Framework with additional Standard Contractual Clauses where required.

Where your data is transferred outside the UK, we rely on UK / EU adequacy decisions and Standard Contractual Clauses to ensure appropriate safeguards are in place.

• Account and contact information: for the life of your account, plus 7 years after closure (to meet UK accounting record requirements).
• Order history: 7 years after the order date.
• Payment metadata: retained by Stripe per their retention policy. We keep a Stripe payment reference and invoice amount for 7 years.
• Marketing consents: until you withdraw them.
• Login and audit logs: 90 days.

You have the right to:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Request deletion, subject to our legal retention obligations noted above.
• Object to processing that relies on legitimate interests.
• Data portability — receive a copy of your data in a machine-readable format.
• Withdraw consent where we rely on it.

Email privacy@rajusauces.com to exercise any of these rights. We'll respond within one month as required by UK GDPR.

You also have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk if you think we've mishandled your data.

See our Cookie Policy for details on the cookies we use. In short: essential session cookies only — no analytics, no advertising, no tracking.

We protect personal data using industry-standard measures including TLS encryption in transit, encryption at rest on our database provider, row-level security to isolate one customer's data from another, bcrypt-hashed passwords, and two-factor protection on administrator accounts. Payment data never touches our servers — it goes directly from your browser to Stripe.

The current version of this policy is always at b2b.rajusauces.com/privacy. Material changes will be notified by email. Minor changes (e.g. clarifying language, adding a new processor) will be published here with an updated date at the top.

Raju Sauces
Registered address: [to be added]
Company number: [to be added]
Email: privacy@rajusauces.com