Effective Date: 05 March 2026 | Version 1.1
This Privacy Policy explains how StoreNova Ltd ("StoreNova", "we", "us", or "the Platform") collects, uses and protects the personal data of Vendors who operate on the Platform. It should be read together with the StoreNova Vendor Terms and Conditions.
For data protection purposes, StoreNova acts as the Data Controller for Vendor account information, compliance documentation, order- related data, and payout administration data. Stripe may act as a separate and independent Data Controller for identity verification, biometric processing and payment processing.
By registering as a Vendor on the StoreNova Platform, you acknowledge and agree to this Privacy Policy.
Available Balance: The portion of a Vendor's funds that has cleared StoreNova's Inspection Window and is eligible for payout via Stripe Connect.
Biometric Data: Personal data relating to a person's physical or behavioural characteristics used for identification. Biometric identifiers derived from selfies (e.g., facial geometry) are processed solely by Stripe, acting as an independent Data Controller. StoreNova does not access, generate, or store biometric templates.
Data Controller: The entity that determines the purposes and means of processing personal data. StoreNova acts as the Data Controller for Vendor account information, identity documentation (excluding biometric templates), financial information, and operational data processed through the Platform.
Data Processor: A third- party service provider that processes personal data on behalf of StoreNova under a written contract (e.g., cloud hosting providers, analytics providers).
KYC (Know Your Customer): The identity verification checks required by law and by Stripe Connect to confirm Vendor identity and prevent fraud, money laundering, and financial crime.
Merchant of Record (MoR): StoreNova's status as the entity responsible for collecting Customer payments, issuing refunds, and administering financial dispute resolution. This role requires StoreNova to process certain Vendor information for payment and compliance purposes.
Payout: The transfer of cleared funds from StoreNova to a Vendor's designated bank account via Stripe Connect.
Platform: The StoreNova website, mobile applications, Vendor Portal, and backend systems used to operate the marketplace.
Processing: Any operation performed on personal data, including collection, storage, disclosure, analysis, verification, and deletion.
UK GDPR: The United Kingdom General Data Protection Regulation, as incorporated into UK law and supplemented by the Data Protection Act 2018.
To onboard and manage Vendors securely and lawfully, StoreNova collects the following categories of data:
Business & Contact Information: Trading name, business address, registered address, contact name, email address, and phone number.
Identification & Biometrics: Government- issued ID (Passport or Driving Licence), selfie images submitted for identity verification (KYC) and any additional documentation for fraud checks, if required.
Compliance Documentation: Food hygiene certificates, local authority registrations, and proof of right- to- work, and any documents required under food safety, fraud, or financial- crime legislation.
Financial & Transaction Data: Bank account details for payouts, VAT/Tax numbers, Full history of Vendor payouts and earnings, Transaction metadata required for settlement and fraud monitoring.
Communications & Support Data: Messages sent to StoreNova support, Dispute evidence, Administrative notes relating to compliance or account status.
We process Vendor personal data under the following lawful bases:
Contractual Necessity: To onboard you as a Vendor, verify your eligibility, facilitate orders, manage your account and administer payouts via Stripe Connect.
Legal Obligation: To comply with the Money Laundering Regulations, the Economic Crime and Corporate Transparency Act 2023, HMRC tax reporting requirements, food safety and traceability requirements and law enforcement requests.
Legitimate Interests: To prevent fraud and financial crime, maintain the integrity and safety of the marketplace, conduct risk assessments, investigate policy breaches and secure the Platform and Vendor accounts.
Biometric Processing: For face- matching verification, Stripe processes biometric identifiers under its own lawful bases. StoreNova does not store, control, or further process biometric templates.
We do not sell vendor data. We only share data where necessary to operate the Platform:
Payment & Identity Services: Stripe acts as an independent Data Controller for biometric verification and card/payout processing. We share data required to confirm your identity, perform fraud checks, initiate payouts, comply with Stripe onboarding requirements.
Logistics Partners: We share business address, pickup location and relevant contact details with third- party couriers (e.g., Stuart, Gophr) solely for order collection. We reserve the right to change our delivery partners from time to time, at our sole discretion.
Regulatory Bodies: Disclosure to the Food Standards Agency (FSA), HMRC, Police or other enforcement authorities, where required by law or safety investigations.
Service Providers: We use third-party providers for cloud hosting (AWS, Google Cloud), analytics, security monitoring, customer support systems. These providers act under strict data-processing agreements.
International Transfers: Where Vendors access the Platform outside the UK, or where service providers process data internationally, StoreNova applies appropriate safeguards: UK International Data Transfer Agreement (IDTA) and or UK Addendum to the EU Standard Contractual Clauses. These measures ensure an equivalent level of protection to UK GDPR.
We use automated systems to verify your identity. If our system cannot verify your ID or selfie, your application may be automatically suspended. In accordance with the Data (Use and Access) Act 2025, you have the right to request a manual human review of any automated decision that significantly affects your account status. To request review, contact StoreNova Support.
Financial Records: In accordance with UK tax laws, StoreNova retains vendor identification and transaction records for 6 years following the termination of your vendor account.
Identity & Verification Data: Copies of ID documents may be retained to support audit trails and compliance checks. Biometric identifiers used by Stripe are deleted according to Stripe's retention schedule.
Customer Data: Vendors must delete Customer personal data. Vendors are prohibited from retaining, storing, exporting, or re-using customer data. (names/contact/addresses) within 24 hours of successful delivery.
Dispute & Compliance Records: Retained until the investigation is resolved and for a reasonable audit period thereafter.
Retention Schedule: StoreNova maintains a formal Data Retention Schedule, available on request.
Under the UK GDPR, you have the following rights regarding your data:
Access: The right to request a copy of the data we hold about you.
Rectification: The right to correct inaccurate or incomplete information.
Erasure: The right to request deletion, subject to statutory retention periods.
Objection: The right to object to certain processing.
Request human review of automated decisions.
Withdraw consent (where processing is based on consent).
To exercise these rights, you may contact StoreNova's Data Compliance Officer via the app support centre. If you remain unsatisfied, you retain the right to lodge a complaint with the Information Commissioner's Office (ICO).
We implement technical and organisational measures to protect Vendor data, including encryption in transit and at rest, role- based access controls, multi- factor authentication and continuous monitoring and audits. Access to Vendor personal data is strictly limited to authorised personnel.
Data Compliance Officer
Officer: Mr Tunde Olaloye
Email: tunde@storenova.org
Address: StoreNova Ltd, Wharncliffe road, Shipley, Bradford, UK.
This Policy is reviewed every 12 months, or sooner if regulatory or operational changes require it.
Version Control: Version 1.1 | Date: 05 March 2026