How we keep your data secure

The following applies to users of the Goodeats website, Goodies app and any customer who registers their details in store.

  • We never see your full card number, this is handled by our PCI compliant payment payment processing integrations.
  • Goodtill’s infrastructure was accredited for PCI compliance in 2019, 2020 and 2021. The audit was carried out by a third party information security company accredited by the PCI council. This included a review of our IT infrastructure, security defences and data handling policies.
  • Security scans are run on Goodtill’s systems every 3 months.
  • Penetration tests are run against Goodtill's servers and applications every year.
  • Goodtill’s software developers are trained in secure software development techniques every 6 months.
  • Automated processes are in place to allow Subject Access Requests and deletion of customer data as defined by GDPR.

If you have any questions, please contact our data controller at gdpr@thegoodtill.com