Privacy Policy
This policy explains how Prodara Ltd collects, uses, stores and protects personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1.1 Who we are
Prodara Ltd is the data controller for personal data processed in connection with the Prodara software and services. Registered office: 50 Princes Street, Ipswich, IP1 1RJ. Contact: hello@prodaraos.co.uk.
We are in the process of registering with the Information Commissioner's Office (ICO) as a data controller. Once registered, our ICO registration number will be published on our website.
1.2 What data we collect
- ›Account & contact information: names, job titles, email addresses and telephone numbers of customer contacts and authorised users.
- ›User activity data: login times, actions performed within the Prodara desktop and web applications, and audit log entries.
- ›Business operational data: production records, batch records, quality control data, complaints records, supplier information and staff records entered by customers. This data is provided by and remains the property of the customer.
- ›Technical data: IP addresses, browser type, device information and usage analytics collected when accessing Prodara web applications.
- ›Payment & billing data: invoicing contact details and payment records. We do not store payment card details.
1.3 How we use your data
We use personal data to provide, operate and maintain the service; to manage your account, process invoices and communicate about your subscription; to provide technical support; to monitor system performance, security and integrity; and to comply with legal obligations.
We do not sell, rent or share your personal data with third parties for marketing purposes.
1.4 Legal basis for processing
Contract: processing necessary to perform our contract with you. Legitimate interests: to operate and improve our services, ensure security and prevent fraud. Legal obligation: where required by law.
1.5 Data storage & infrastructure
Customer data is stored on Google Cloud Platform infrastructure: Google Cloud SQL (PostgreSQL) for structured operational data, Google Cloud Storage for files and attachments, and Google Secret Manager for credentials and configuration. Google Cloud Platform is certified to ISO 27001, SOC 2 and other internationally recognised security standards.
Each customer's data is held in a dedicated, isolated database — never pooled with other customers' data.
1.6 Data retention
We retain personal data for as long as your subscription is active. On termination, we will provide an export of your data on request and delete it within 30 days unless otherwise required by law. See Section 5 for full details.
1.7 Your rights
Under UK GDPR you have the right to access, correct, delete, restrict or port your personal data, and to lodge a complaint with the ICO at ico.org.uk. To exercise any of these rights, contact us at hello@prodaraos.co.uk.
1.8 Changes to this policy
We may update this policy from time to time. The current version will always be available at prodaraos.co.uk. We will notify active customers of material changes by email.
Terms & Conditions
These Terms and Conditions govern the subscription to and use of the Prodara software and services. By subscribing to Prodara you agree to these terms in full.
2.1 The service
Prodara Ltd provides a food manufacturing management software platform comprising a Windows desktop application, browser-based progressive web applications for production, warehouse, quality control and clock in/out, a PostgreSQL database on Google Cloud SQL, and file storage on Google Cloud Storage. The service is provided on a subscription basis, invoiced monthly in advance.
2.2 Subscription & payment
Subscriptions are invoiced monthly, with payment due within 14 days of invoice date. Founding cohort customers are guaranteed their initial rate permanently, subject to fair use limits. In the event of non-payment, we reserve the right to suspend access after 7 days' notice.
2.3 Your responsibilities
You are responsible for maintaining the confidentiality of your user credentials, ensuring all users within your organisation comply with these Terms, and the accuracy and legality of data you enter into Prodara.
2.4 Intellectual property
Prodara software is the intellectual property of Prodara Ltd. Your subscription grants a non-exclusive, non-transferable licence for internal business use only. All data entered by your organisation remains your property.
2.5 Limitation of liability
Prodara Ltd shall not be liable for any indirect, incidental or consequential damages. Our total liability in any calendar month shall not exceed the subscription fee paid in that month.
2.6 Termination
Either party may terminate with 30 days' written notice. On termination, we will provide a data export on request within 14 days, after which data will be deleted.
2.7 Governing law
These Terms are governed by the laws of England and Wales.
Fair Use Policy
Prodara is offered at a flat monthly rate with no per-user charges. This policy defines fair use limits to ensure consistent service quality for all customers.
4.1 What fair use means
Prodara is designed for small food manufacturing businesses. The vast majority of customers will never approach these limits. This policy is not intended to restrict normal business use.
4.2 Usage limits
4.3 Exceeding fair use
If usage consistently exceeds these limits, we will contact you to discuss a bespoke arrangement. We will not suspend your service without prior discussion and reasonable notice.
4.4 Founding cohort
Founding cohort customers are permanently locked in at their agreed rate, provided usage remains within fair use limits.
Data Retention Policy
This policy explains how long Prodara retains different types of data and your responsibilities regarding data management.
5.1 Retention periods
5.2 Automated purging
Prodara will provide an optional automated data purge function in system settings, allowing administrators to define a retention period and trigger purges. Until available, data purging may be requested via support.
5.3 Your responsibilities
Ensure your retention settings comply with applicable food safety standards (SALSA, BRCGS, ISO 22000 etc.) and legal requirements. Export and archive any records you are legally required to retain before requesting a data purge.
SALSA Issue 6 and most food safety standards require traceability records to be retained for a minimum period, typically one year beyond product shelf life. A 3-year retention period exceeds this for most short-shelf-life products, but you should verify your specific obligations.
5.4 Data on termination
On termination, we retain data for 30 days to allow export requests. After 30 days, all data is permanently deleted.
Service Level Agreement
This SLA defines our commitments to service availability, support response times and remedies when things go wrong.
6.1 Service availability
We target 99.5% monthly uptime for Prodara web applications and database services, excluding scheduled maintenance. The following are excluded from uptime calculations: scheduled maintenance (notified in advance where possible); Google Cloud Platform incidents, telecommunications failures, internet outages and force majeure events; and outages caused by customer actions or misconfiguration.
6.2 Support response times
6.3 Service credits
If we fail to meet the 99.5% uptime target in any calendar month (excluding excluded events), we will apply a service credit of 10% of that month's subscription fee against your next invoice.
6.4 Planned maintenance
We will provide at least 24 hours' notice of planned maintenance, scheduled outside 09:00–17:30 GMT Monday to Friday where possible.
Acceptable Use Policy
This policy defines what you may and may not do with Prodara. It applies to all users within your organisation.
7.1 Permitted use
You may use Prodara for the legitimate internal business purposes of your organisation, specifically the management of food or supplement manufacturing operations.
7.2 Prohibited use
You must not use Prodara to:
- ×Process data on behalf of third parties without our prior written consent.
- ×Attempt to gain unauthorised access to our systems or other customers' data.
- ×Introduce malware, viruses or other malicious code.
- ×Reverse engineer, decompile or disassemble the Prodara software.
- ×Use the service in violation of any applicable law or regulation.
- ×Share login credentials between individuals.
- ×Attempt to circumvent or disable any security features.
7.3 Consequences of misuse
Breach of this policy may result in immediate suspension or termination of your subscription without refund.
Security Policy
This policy describes the security measures Prodara Ltd implements to protect your data.
8.1 Infrastructure security
All Prodara services run on Google Cloud Platform (ISO 27001, SOC 1/2/3 certified), providing physical security, network security including DDoS protection, and firewall controls.
8.2 Data security
- ›All data in transit is encrypted using TLS 1.2 or higher.
- ›Data at rest is encrypted using AES-256 by Google Cloud SQL and Google Cloud Storage.
- ›Database credentials and API keys are stored in Google Secret Manager.
- ›Each customer's data is stored in a dedicated PostgreSQL database instance.
- ›Each customer has a dedicated Google Cloud Storage bucket.
8.3 Application security
The Prodara desktop application is code-signed using an OV code signing certificate. Web applications are deployed on Google Cloud Run with HTTPS enforced. An audit log records all significant user actions within the system.
8.4 Security incidents
In the event of a security incident affecting your data, we will notify you within 72 hours of becoming aware, in accordance with UK GDPR. Report suspected incidents to hello@prodaraos.co.uk.
8.5 Your responsibilities
Maintain strong, unique passwords for all Prodara user accounts; keep the desktop application updated to the latest version; and ensure devices used to access Prodara are protected by appropriate security measures.
Onboarding & Offboarding
This policy describes what happens when you start and end your Prodara subscription.
9.1 Onboarding
When you subscribe to Prodara, we will:
- ›Provision a dedicated PostgreSQL database instance on Google Cloud SQL.
- ›Create your dedicated Google Cloud Storage bucket for file storage.
- ›Deploy your four web applications (Production, Warehouse, QC and Clock In/Out) to Google Cloud Run.
- ›Provide your custom-compiled Prodara desktop application installer (.exe) for Windows.
- ›Provide initial setup guidance and documentation.
Onboarding is typically completed within 5 business days of subscription confirmation. There are no implementation or setup fees.
9.2 Software updates
Prodara desktop application updates are released periodically. The system will notify users on login when a new version is available. Web application updates are deployed automatically.
9.3 Offboarding
On termination of your subscription:
- ›We will provide a full data export (CSV/PDF) within 14 days of termination, on request.
- ›Your web applications will be taken offline within 7 days of the subscription end date.
- ›Your database and storage will be retained for 30 days, then permanently deleted.
- ›We will confirm deletion by email on request.
9.4 Data export
Your data belongs to you. A full export in CSV and PDF formats is available on request within 14 days of termination, so you retain the records you need for compliance and continuity.
Questions about any of these?
We're happy to talk through anything before you commit.