How we protect your data across the NextPour ecosystem.
We process minimal data necessary to facilitate robust tabletop ordering, digital payments, and venue administration. We do not store raw credit card numbers. All transactional processing is heavily encrypted and offloaded directly to PCI-DSS compliant providers (Stripe).
To provide you with the most advanced operational insights and to continually optimize the NextPour ecosystem, we aggregate heavily anonymized, non-personally identifiable transactional metrics.
This macro-level market telemetry allows us to generate industry-wide benchmarks, helping venues understand broader consumer trends, demand forecasting, and operational health at a regional level. No personal customer data (PII) or specific venue identifiers are ever exposed in these aggregated network models.
To deliver a lightning-fast customer experience and preserve active shopping carts, NextPour utilizes strictly necessary browser-level caching (including Local Storage and Session Storage). Furthermore, we process essential telemetry data (such as IP addresses, device types, and browser metrics) purely to detect fraud, maintain session stability, and protect the platform from malicious activity. By using our platform, you consent to this essential operational data processing.
NextPour operates on enterprise-grade cloud infrastructure and database management protocols. While we enforce rigorous encryption-at-rest and in-transit, no digital ecosystem is entirely immune to sophisticated cyber threats. We work closely with our infrastructure partners (e.g., AWS, Vercel, Supabase) to ensure compliance but do not assume direct financial liability for systemic data breaches occurring at the global infrastructure level.
Under UK GDPR and the Data Protection Act 2018, you possess the absolute right to request an exported copy of your venue's data profile, and the "Right to be Forgotten" (complete digital erasure) at any time. Address these requests to dpo@nextpour.co.uk.