Menu
Cart (0)

Privacy Policy

Hello! Welcome to Frood. We value your trust as much as your tastebuds. This policy explains how we handle your data in a way that’s transparent and easy to navigate.

This policy is designed specifically for our customers and website visitors. You are in the right place if you are:

  • Browsing our website or building a Frood bundle.

  • Signing up for our newsletters or downloading recipe guides.

  • Chatting with us on social media or entering a promotion.

How to read this policy

We use a layered approach to keep things simple:

  1. The Headings: Tell you what information is covered in this policy and where to find specific topics.
  2. Drop-down Menus: Expand the headings for specific topics you want to learn more about.
  3. Useful Info: Head to the end of the page if you need help with legal terms.


1. Who we are & how to contact us

We are FJRR Limited, trading as Frood. In legal terms, we are the “Controller” of your data.

If you have any questions or want to exercise your rights, our Privacy Team is ready to help:

  • Email: privacy@frood.com

  • Complaints: If you’re not happy, you have a statutory right to complain directly to us. We will acknowledge your query within 30 days. 

2. The data we collect and why

We only collect data that we actually need. See below for more information about what we collect, why we need it, and what our lawful basis is.

Why do we need a "lawful basis”?

Under UK data protection law, we can’t just collect your information because we feel like it. We must have a valid legal reason for every bit of data we handle.

In the table below, we’ve included a column called Lawful Basis so you can see exactly which reason we are using for each purpose. Whether we need your data to fulfill our contract with you (like delivering your orders) or because we have a "legitimate interest" in making our website better, we want you to know the "why" behind the "what".

(If you’re curious about what terms like "Legitimate Interests" actually mean, skip down to our Useful Terms section at the bottom of the page!)

Is providing this data mandatory? Providing your Contact, Transaction, and payment details is a requirement for us to enter into a contract with you. If you don't provide this information, we won't be able to fulfill your order. Other information, like signing up for recipe guides, is entirely voluntary.


What we collect

Why we collect it

Lawful Basis

Contact Details (Name, email, phone, address)

To process your order, deliver your goods, and send tracking updates.

Contractual Necessity

Profile Data (Inferred interests, customer segments e.g. "Sweet vs Savoury", purchase frequency, and predicted preferences)

To group our customers into categories so we can provide more relevant content and understand our business growth.

Legitimate Interests

Transaction Data (Items bought, amount spent, last 4 digits of card)

To manage payments, refunds, and keep tax records.

Contractual & Legal Obligation

Safety Data (Contact details linked to batch numbers)

To contact you in the event of a product recall or safety notice.

Recognised Legitimate Interests (Public Interest/Emergency) & Legal Obligation

Fraud & Security Data (Transaction patterns, IP address, device ID)

To detect and prevent fraudulent transactions.

Recognised Legitimate Interests (Crime Prevention)

Affiliate/Referral Data (Use of specific discount codes)

To understand which partners or friends are helping us grow.

Legitimate Interests

UGC & Reviews (Comments, photos, and feedback)

To display social content on our site (with your permission).

Consent or Legitimate Interests

Marketing Data (Email/SMS preferences, entry into giveaways)

To send you news, recipes, and promos you’ve asked for.

Recognised Legitimate Interests (Direct Marketing) & Consent (or Soft Opt-in)

Technical Data (IP address, browser type and version, device type, time zone setting and operating system - collected automatically when you visit our website )

To make sure our website works properly on your screen.

Legitimate Interests

Usage Data (How you use our site, pages viewed, abandoned carts, and the site you came from)

To improve our website and follow up if you leave items in your basket.

Legitimate Interests

Communication Data (Emails to our Privacy/Support inbox, social DMs)

To answer your questions and provide support.

Contractual/Legitimate Interests


Note on Health Data: We do not currently collect "special category" data (e.g. information about your health). While we may provide FAQs on dietary suitability, we do not provide medical advice or store your health metrics.


3. How we collect your data

We use different methods to collect data from and about you:

  • Directly from you: When you create an account, build a bundle, or sign up to hear more from us.

  • Automated Technologies: As you interact with our website, we automatically collect Technical Data. We use cookies and similar tracking technologies (like "pixels" or "tags") provided by partners like Shopify and Klaviyo to track your journey and attribution (how you found us).

  • Inferred Data: We generate data about you by analysing your Transaction and Usage Data. For example, if you only buy savoury snacks, we will tag your profile as a "Savoury Lover".

  • Social Media: If you comment on our Instagram or other social media accounts, we see your profile handle and the content of your message.


4. Marketing, advertising & profiling

We want to keep you in the loop, but we won't be a nuisance.

  • Email & SMS: You can sign up to hear more from us via the website. You can opt-out at any time by clicking "unsubscribe" in our marketing messages. 

OR: 

If you have purchased from us, we rely on the 'soft opt-in' to send you news about similar products and recipes we think you'll love. For everyone else (like if you’ve just signed up for a recipe guide), we will always ask for your consent first. You can opt-out at any time.

  • Opting Out: Every email has an "Unsubscribe" link. It’s one-click and we’ll remove you from our marketing lists.

  • Social Media: If you follow our Founder or the brand on Instagram/TikTok/other social media sites, those platforms handle your data too. 

  • Personalisation (Profiling): We use tools like Klaviyo to create a profile of your interests. This means you’re more likely to receive a discount on a product you actually like rather than a random offer. You can object to this profiling at any time by emailing us.

  • Social Media Advertising: We may use "Custom Audiences" or "Match" features on platforms like Meta or TikTok. This involves sharing a hashed (scrambled) version of your email with the platform to show you ads or to ensure you don’t see ads for products you’ve already bought.


5. Who we share your data with

We don't sell your data. We only share it with trusted partners who help us run the business, such as:

  • Shopify: The platform we use to host our online store.

  • Pack Fulfillment: Our partner who packs and ships your orders.

  • Delivery Partners: To get the box to your door.

  • Payment Partners: We share your Transaction Data with providers like Stripe and PayPal. They act as a Processor to complete your order. However, they also act as an Independent Controller to perform fraud checks and meet financial reporting laws. This means that once they have your data for these safety checks, they are responsible for it under their own privacy rules. We do not store your full credit card numbers on our servers; this is handled entirely by our partners.

    • More Info: We recommend you review the [Stripe and PayPal Privacy Policies] to understand how they handle your data in their capacity as a Controller.

  • Gorgias: Our customer support tool.

  • Other service providers: IT, email, marketing communications and customer relationship management tools.

  • Professional Advisers: Our lawyers, accountants, and insurers.

  • Regulators: E.g. the ICO, if required by law.


6. Cookies & tracking

Our website uses cookies and similar technologies to distinguish you from other users. This helps us provide a smooth shopping experience (like keeping items in your basket) and allows us to improve our site.

  • What are they? Cookies are small files stored on your browser. Some are "Essential" (the site won't work without them), and others are "Non-Essential" (used for analytics or to see if you clicked an ad from a partner).

  • Who sets them? In addition to our own cookies, third-party tools like Shopify (for checkout security) and Klaviyo (for cart recovery) set cookies on our site.

  • Your Control: You can manage your preferences via our Cookie Banner.

  • More Info: For a full list of the cookies we use, their duration, and their purpose, please see our [Link to Separate Cookie Policy].


7. International transfers

We use global tools to help us run our business, so your data may occasionally travel outside the UK (e.g. to Shopify’s servers in the USA or Canada). We use UK International Data Transfer Agreements or ensure these partners are located in countries with "adequacy" status to keep your data just as safe as it is in the UK.

 

8. How long we keep your data

We don't keep data forever. We will only keep it for as long as needed to fulfil the purposes it was collected for. Our general rules are:

  • Orders & Transactions: 6 years (for legal, tax, and regulatory reasons).

  • Product Safety/Recalls: We keep contact data for at least 12 months (matching our product shelf-life) to reach you in an emergency.

  • Marketing: If you haven’t opened an email or SMS from us in 2 years, we will treat you as "inactive" and stop messaging you.

  • Abandoned Carts: [30–90 days].

  • Profile & Usage Data: We keep "segmentation" data (like your flavour preferences) for as long as you are an active customer. If you haven't interacted with us for 2 years, we will delete this inferred data as part of our marketing cleanup.


9. Your rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data, including the right to:

  • Request access (Subject Access Request).

  • Request correction of your data.

  • Request deletion of your data.

  • Object to processing of your data (including marketing).

  • Request restriction of processing.

  • Request transfer of your data.

  • Right to withdraw consent.

If you wish to exercise any of these rights, please contact privacy@frood.com 

10. Complaints

If you’re unhappy with how we’ve handled your data, please tell us first. We have a formal internal complaints process in accordance with the Data (Use and Access) Act 2025.

  • Lodge a Complaint with Us: Please email privacy@frood.com. We will acknowledge your complaint within 30 days and investigate without undue delay. 

  • Complaints to the Regulator: You have a right to lodge a complaint with the Information Commissioner’s Office (ICO) at any time. However, the ICO generally expects you to have given us the opportunity to resolve your complaint through our internal process first.

  • ICO Contact: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF | 0303 123 


11. Useful terms

Here is what some of the terms in this policy actually mean in plain English:

  • Controller: That’s us (FJRR Limited). We decide how and why your data is used.

  • Processor: Our service providers (like Shopify). They only handle your data based on our strict instructions.

  • Contractual Necessity: This means "we need this data to give you what you paid for". Without your address, the food stays in our warehouse!

  • Inferred Data: This is data we "create" rather than you giving it to us. For example, if you only buy savoury bundles, we "infer" that you have a savoury tooth and tag your profile accordingly so we don't send you ads for sweet baking blends.

  • Legitimate Interests: Using data in ways you’d reasonably expect us to - like analysing which recipes are popular so we can make more of them. We always balance this against your privacy.

  • Profiling: Using your past behaviour (like what you bought or clicked) to make best guesses about what you might like in the future. We do this to make our marketing more relevant to you.

  • Recognised Legitimate Interests: A new category under the 2025 Act for vital things like fraud prevention or responding to emergencies where we don't have to perform a complex "balancing test" first.

  • Recognised Legitimate Interests: A new category under the Data (Use and Access) Act 2025 for activities the UK government has said we can do without performing a complex balancing test first. At Frood, we primarily rely on this for:

  • Fraud Prevention: To stop people using stolen cards on our site.

  • Direct Marketing: Sending news to our existing customers who we think will love our new launches.

  • Product Recalls: Contacting you quickly if there is a product safety issue.

  • Soft Opt-in: A rule that lets us email you about our new products if you’ve bought from us before, provided we give you a clear way to stop those emails (like an “Unsubscribe” link).