Privacy Policy
1. Who we are
Milkbook is a software product operated by its developer, based in the United Kingdom. We build and maintain a milk round management platform for doorstep dairy businesses. Our contact address is support@milkbook.co.uk.
We are registered with the Information Commissioner's Office (ICO) as a data controller in respect of our operator accounts.
2. Our two roles — controller and processor
GDPR distinguishes between a data controller (who determines why and how personal data is processed) and a data processor (who processes data on a controller's behalf). Milkbook acts in both roles depending on whose data is involved:
| Whose data | Our role | What that means |
|---|---|---|
| Operator accounts dairy business owners and their staff who sign up to use Milkbook |
Controller | We determine the purposes and means of processing your account data. This policy covers your rights in full. |
| Dairy customers end customers whose records operators enter into Milkbook (name, address, delivery notes, etc.) |
Processor | We process this data solely on the operator's instructions. The operator is the controller for their customers' data and is responsible for their own privacy notice to those customers. |
This policy primarily addresses our controller obligations. Our processor obligations to operators are set out in our Data Processing Agreement, available on request.
3. Data we collect about operator accounts
Account information
- Business name, email address, and password (hashed — we never store plaintext passwords)
- Name and email address of individual users (admin, office, and driver accounts) created within an operator's account
- Optional: business logo, business address (used on invoices and PDF documents)
Usage and technical data
- Application activity logs (page visits, actions taken) for security and support purposes
- IP addresses used to authenticate, for rate-limiting and fraud prevention
- Multi-factor authentication (MFA) settings — we store an AES-256-GCM encrypted TOTP secret if you enable MFA
Billing and subscription data
We do not currently store payment card details. Subscription management and payment processing, when introduced, will be handled by a third-party payment processor (such as Stripe) subject to their own privacy policy. We will update this policy when billing is live.
Communications
If you contact us by email or submit your email address via the waitlist form on our website, we retain your email address and the content of any correspondence.
4. Data operators enter on behalf of their dairy customers
When an operator uses Milkbook, they enter records about their own customers — names, delivery addresses, phone numbers, standing orders, and payment history. As processor, we:
- store this data only to provide the service to the operator
- do not use it for our own purposes or share it with third parties for marketing
- follow the operator's instructions for deletion and erasure requests
- apply the same technical and organisational security measures to this data as to our own
5. Lawful basis for processing
| Category | Lawful basis |
|---|---|
| Account and user information | Contract — necessary to provide the Milkbook service you have subscribed to |
| Security logs and IP data | Legitimate interests — protecting the platform and its users from unauthorised access and abuse |
| Waitlist email addresses | Consent — you submitted your email address voluntarily to hear about Milkbook's launch |
| Support correspondence | Legitimate interests — resolving support requests and maintaining a record of communications |
| Operator customer data (processor role) | The operator's own lawful basis — Milkbook processes this under the operator's instructions |
6. Retention and deletion
Operator accounts
We retain account data for as long as your subscription is active. On account closure, personal data associated with your account and users will be deleted within 90 days, subject to any legal obligations to retain financial records.
Dairy customer records (operator data)
Records are retained within your Milkbook database for as long as you keep them. When you delete a customer, Milkbook preserves the financial records (invoices, payments) for a 7-year period in line with HMRC bookkeeping obligations. After 7 years — measured from the deletion date and the date of the most recent invoice, whichever is later — all personal data associated with that customer is automatically anonymised by a nightly process. Anonymised records show as "Customer #N" and retain no name, address, or contact information. Customers who are still active, or who have outstanding invoices, are never automatically anonymised.
Waitlist emails
We retain waitlist email addresses until we notify you of launch or until you request removal — whichever comes first.
7. Who we share data with
We do not sell personal data. We share data only with the following sub-processors, all of whom are contractually bound to process it only as directed and to maintain appropriate security:
| Processor | Purpose | Location |
|---|---|---|
| Cloudflare | DNS, CDN, DDoS protection, and hosting for this marketing website (Cloudflare Pages / D1) | USA (SCCs / adequacy decision) |
| Amazon Web Services (AWS) — Lightsail London | Application hosting for the Milkbook platform (planned production environment) | UK (London region) |
| Resend | Transactional email delivery (invoices, statements, password resets) | USA (SCCs) |
In addition, the current pilot deployment runs on a physical server managed by the pilot operator in their own premises. No third-party cloud hosting applies to that installation.
We may disclose data if required to do so by law or in response to a valid request from a law enforcement authority.
8. Security
We apply the following technical and organisational measures to protect personal data:
- Passwords are hashed and never stored in plaintext
- MFA secrets are encrypted at rest (AES-256-GCM)
- All data in transit is encrypted via TLS
- The application database uses separate per-tenant databases, limiting the blast radius of any single compromise
- Access to production systems is restricted to authorised personnel only
- Audit logs record sensitive account actions with timestamps
No system is perfectly secure. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the ICO within 72 hours of becoming aware, as required by UK GDPR Article 33.
9. Your rights
Under UK GDPR, you have the following rights in relation to personal data we hold about you as a controller (i.e. your operator account data):
- Right of access — you may request a copy of the personal data we hold about you
- Right to rectification — you may ask us to correct inaccurate data
- Right to erasure (Article 17) — you may ask us to delete your personal data where there is no lawful basis to retain it
- Right to restriction — you may ask us to restrict processing while a dispute is resolved
- Right to data portability — you may request your data in a structured, machine-readable format
- Right to object — you may object to processing based on legitimate interests
- Right to withdraw consent — where processing is based on consent (e.g. the waitlist), you may withdraw it at any time
To exercise any of these rights, email us at support@milkbook.co.uk. We will respond within one calendar month.
If you are a dairy customer whose data an operator has entered into Milkbook, your rights should be directed to that operator — they are the controller for your data.
10. Cookies
The Milkbook application (milkbook.app) uses the following cookies:
- Session cookie — a signed, encrypted HTTP-only cookie used to maintain your authenticated session. Strictly necessary; no consent required.
- CSRF token cookie — a double-submit CSRF protection cookie. Strictly necessary; no consent required.
- Locale preference cookie (
mb_locale) — remembers your preferred language. Strictly necessary for functionality; no consent required.
We do not use advertising, analytics, or tracking cookies on the application. This marketing website (milkbook.co.uk) does not set any cookies.
11. Children's data
Milkbook is a business-to-business platform intended for adults operating or working within dairy businesses. We do not knowingly collect data from anyone under the age of 18. If you believe we have inadvertently collected such data, please contact us immediately.
12. Changes to this policy
We may update this policy from time to time. Material changes will be communicated to active operator account holders by email at least 14 days before they take effect. The "last updated" date at the top of this page will always reflect the most recent version.
13. Complaints
If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection:
- Website: ico.org.uk
- Helpline: 0303 123 1113
We would appreciate the opportunity to address any concern directly before you contact the ICO — please email us first at support@milkbook.co.uk.