How we keep your data secure

The following applies to users of the Goodeats website, Goodies app and any customer who registers their details in store.

  • We never see your full card number, this is handled by our PCI-compliant payment processing integrations.
  • Goodtill’s infrastructure was accredited for PCI compliance back in 2019 and currently valid until July 2024. The audit was carried out by a third party information security company accredited by the PCI council. This included a review of our IT infrastructure, security defences and data handling policies.
  • Security scans are run on Goodtill’s systems every 3 months.
  • Penetration tests are run against Goodtill's servers and applications every year.
  • Goodtill’s software developers are trained in secure software development techniques every 6 months.
  • Automated processes are in place to allow Subject Access Requests and deletion of customer data as defined by GDPR.

If you have any questions, please contact our data controller at