Catertrackr

    For Catering Equipment Firms

    Privacy Policy

    Last updated: January 2025

    1. Introduction

    CaterTrackr Ltd ("we", "our", "us", or "Company") is committed to protecting your privacy and ensuring transparency about how we handle personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service management platform ("Service").

    This policy applies to all users of the Service, including company administrators, engineers, and customers who access the customer portal. By using the Service, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy.

    We process personal data in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable data protection laws.

    2. Data Controller Information

    CaterTrackr Ltd is the data controller for the personal data we collect through the Service. If you have any questions about this Privacy Policy or our data practices, you can contact us at:

    CaterTrackr Ltd
    Data Protection Officer
    Email: privacy@catertrackr.com
    General Enquiries: support@catertrackr.com
    United Kingdom

    3. Information We Collect

    We collect different types of information depending on how you interact with the Service:

    3.1 Account and Registration Information

    When you create an account, we collect:

    • Personal identifiers: Name, email address, phone number
    • Company information: Company name, business address, industry sector
    • Account credentials: Encrypted passwords and authentication data
    • Role and permissions: Your user role within the organization

    3.2 Service Data (Business Data You Provide)

    When you use the Service, we store the business data you enter, including:

    • Customer records: Your customers' names, contact details, addresses, and site information
    • Equipment data: Asset details, manufacturer information, model numbers, serial numbers, installation dates, warranty information, and service history
    • Job information: Job descriptions, priorities, status, scheduled dates, and completion notes
    • Documentation: Photos, signatures, parts lists, and attached files
    • Time and billing: Engineer working hours, labour costs, parts costs, and invoicing information

    Important: You are responsible for ensuring you have appropriate lawful basis and consent to store your customers' personal data in the Service. We process this data on your behalf as a data processor.

    3.3 Payment Information

    We use Stripe, a PCI-DSS compliant payment processor, to handle subscription payments. We do not store your complete credit card numbers on our servers. We receive and store:

    • Last four digits of your payment card (for reference)
    • Card type and expiration date
    • Billing address
    • Payment history and invoice records

    Full payment card details are processed and stored securely by Stripe in accordance with their privacy policy.

    3.4 Technical and Usage Data

    We automatically collect certain technical information when you use the Service:

    • Device information: Browser type and version, operating system, device type
    • Network information: IP address, internet service provider
    • Usage patterns: Pages visited, features used, time spent, click patterns
    • Performance data: Load times, errors, diagnostic information
    • Session information: Login times, session duration, authentication events

    3.5 Location Data

    We may collect location data in limited circumstances:

    • Geocoded addresses: When you enter customer addresses, we convert them to geographic coordinates for mapping purposes
    • Approximate location: We may infer your general location from your IP address for security and analytics purposes

    We do not track real-time GPS location of users unless explicitly enabled for specific features (with your consent).

    3.6 Mobile Application Data

    When you use our mobile application (iOS or Android), we collect:

    • Device identifiers: A unique device identifier for authentication and troubleshooting purposes
    • Camera and photo access: When you grant permission, we access your camera to capture job photos for documentation. Photos are uploaded to our secure servers and associated with your service records
    • Offline data storage: Job data is cached locally on your device to enable offline access in areas with poor connectivity. This data is stored in your device's local storage and automatically synced when you reconnect
    • Push notifications: If enabled, we collect push notification tokens to send you alerts about job assignments and status updates
    • Network status: We detect your connectivity status to manage offline functionality and data synchronisation

    Offline functionality: Our mobile app is designed for field engineers who may work in areas with limited connectivity. When offline, you can view cached job data and make changes that are stored locally. When connectivity is restored, these changes are automatically synchronised with our servers. Cached data expires after 24 hours and is automatically removed from local storage.

    3.7 Communications

    When you contact us for support or other purposes, we retain records of:

    • Email correspondence
    • Support ticket content
    • Feedback and feature requests

    4. Legal Basis for Processing

    Under UK GDPR, we process your personal data based on the following legal grounds:

    • Contract performance: Processing necessary to provide the Service you have subscribed to (Article 6(1)(b))
    • Legitimate interests: Processing necessary for our legitimate business interests, such as improving the Service, fraud prevention, and security (Article 6(1)(f))
    • Legal obligation: Processing required to comply with legal requirements, such as tax and accounting obligations (Article 6(1)(c))
    • Consent: Where you have given explicit consent for specific processing activities, such as marketing communications (Article 6(1)(a))

    5. How We Use Your Information

    We use the information we collect for the following purposes:

    5.1 Service Provision

    • Creating and managing your account
    • Providing access to the Service features
    • Processing and storing your business data
    • Enabling collaboration between team members
    • Generating reports and analytics within the Service

    5.2 Billing and Payments

    • Processing subscription payments
    • Managing invoices and billing history
    • Communicating about payment issues or changes
    • Providing billing-related customer support

    5.3 Service Notifications

    • Sending job status updates and notifications
    • Delivering system notifications (maintenance, security alerts)
    • Communicating important account information
    • Sending password reset and authentication emails

    5.4 Customer Support

    • Responding to your enquiries and requests
    • Troubleshooting technical issues
    • Providing onboarding assistance
    • Following up on feedback

    5.5 Service Improvement

    • Analysing usage patterns to improve features
    • Identifying and fixing bugs and performance issues
    • Developing new features based on user needs
    • Conducting research and analysis (using aggregated, anonymised data)

    5.6 Security and Fraud Prevention

    • Detecting and preventing unauthorized access
    • Monitoring for suspicious activity
    • Enforcing our Terms of Service
    • Protecting against fraud and abuse

    5.7 Legal Compliance

    • Fulfilling tax and accounting obligations
    • Responding to lawful requests from authorities
    • Establishing, exercising, or defending legal claims

    6. Data Sharing and Disclosure

    We do not sell your personal data. We may share your information in the following circumstances:

    6.1 Service Providers (Sub-processors)

    We work with trusted third-party service providers who assist in operating the Service. These providers are contractually obligated to protect your data and use it only for the purposes we specify:

    ProviderPurposeLocation
    StripePayment processingUSA (with EU data protection)
    ResendEmail deliveryUSA (with EU data protection)
    Google Cloud PlatformCloud infrastructure and storageUK/EU regions
    NeonDatabase hostingUSA (with EU data protection)
    OpenStreetMap NominatimAddress geocodingVarious

    6.2 Your Customers

    If you enable the customer portal feature, your customers will have limited access to view:

    • Their own equipment records and service history
    • Status of jobs related to their equipment
    • Scheduled maintenance information

    You control what information is visible to your customers through your account settings.

    6.3 Within Your Organization

    Information is shared among users within your company account based on their roles and permissions. Administrators can see all company data, while engineers see only their assigned work.

    6.4 Legal Requirements

    We may disclose information when required by law, including:

    • In response to valid legal process (court orders, subpoenas)
    • To protect our rights, property, or safety
    • To protect the rights, property, or safety of our users or others
    • To detect, prevent, or address fraud, security, or technical issues

    6.5 Business Transfers

    If CaterTrackr Ltd is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your data.

    7. Data Security

    We implement comprehensive technical and organizational measures to protect your data:

    7.1 Technical Measures

    • Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher
    • Encryption at rest: Database and file storage are encrypted
    • Secure authentication: Passwords are hashed using industry-standard algorithms (bcrypt)
    • Session management: Secure session tokens with automatic expiration
    • Access controls: Role-based permissions limit data access

    7.2 Organizational Measures

    • Regular security assessments and code reviews
    • Employee training on data protection
    • Incident response procedures
    • Vendor security assessments

    7.3 Security Incident Response

    In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

    • Notify the relevant supervisory authority within 72 hours
    • Notify affected individuals without undue delay if there is a high risk
    • Take immediate steps to contain and remediate the breach
    • Document the breach and our response

    8. Data Retention

    We retain your data for as long as necessary to fulfill the purposes described in this Privacy Policy:

    • Active account data: Retained for the duration of your subscription
    • After account termination: Data available for export for 30 days, then scheduled for deletion
    • Backup retention: Backups are retained for up to 30 days and then automatically purged
    • Billing records: Retained for 7 years for tax and legal compliance
    • Support communications: Retained for 3 years or as required for legal purposes
    • Anonymised analytics: May be retained indefinitely for service improvement

    You may request earlier deletion of your data by contacting us, subject to our legal and contractual obligations.

    9. Your Rights

    Under UK GDPR and applicable data protection laws, you have the following rights regarding your personal data:

    9.1 Right of Access

    You have the right to request a copy of the personal data we hold about you, along with information about how we process it.

    9.2 Right to Rectification

    You have the right to request correction of inaccurate or incomplete personal data. You can update most information directly in your account settings.

    9.3 Right to Erasure ("Right to be Forgotten")

    You may request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.

    9.4 Right to Restriction of Processing

    You may request that we limit how we use your data while we verify its accuracy or consider your objection to processing.

    9.5 Right to Data Portability

    You have the right to receive your data in a structured, commonly used, machine-readable format and to transmit it to another controller. We provide data export functionality within the Service.

    9.6 Right to Object

    You may object to processing based on legitimate interests, and we will cease processing unless we demonstrate compelling legitimate grounds.

    9.7 Rights Related to Automated Decision-Making

    You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. We do not currently make such automated decisions.

    9.8 Right to Withdraw Consent

    Where we rely on consent for processing, you may withdraw that consent at any time. This will not affect the lawfulness of processing before withdrawal.

    9.9 Exercising Your Rights

    To exercise any of these rights, please contact us at privacy@catertrackr.com. We will respond to your request within one month. In complex cases, this may be extended by two further months, and we will inform you of any extension.

    We may need to verify your identity before processing your request. If we cannot verify your identity or the request is manifestly unfounded or excessive, we may refuse or charge a reasonable fee.

    9.10 Complaints

    If you are not satisfied with our response or believe we are processing your data unlawfully, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

    Information Commissioner's Office
    Wycliffe House, Water Lane
    Wilmslow, Cheshire SK9 5AF
    Website: www.ico.org.uk
    Helpline: 0303 123 1113

    10. Cookies and Similar Technologies

    We use cookies and similar technologies for the following purposes:

    10.1 Essential Cookies

    These cookies are necessary for the Service to function:

    • Session cookies: Maintain your login session
    • Security cookies: Help detect and prevent security threats
    • Preference cookies: Remember your settings (e.g., theme preference)

    10.2 Analytics Cookies

    We may use analytics cookies to understand how visitors use the Service. This helps us improve features and user experience. Analytics data is aggregated and does not identify individual users.

    10.3 Managing Cookies

    You can control cookies through your browser settings. Note that disabling essential cookies may prevent you from using some features of the Service.

    10.4 No Advertising Cookies

    We do not use cookies for advertising purposes or share cookie data with advertising networks.

    11. International Data Transfers

    Some of our service providers are located outside the UK. When we transfer personal data internationally, we ensure appropriate safeguards are in place:

    • Adequacy decisions: Transfers to countries with adequate data protection as recognised by the UK
    • Standard contractual clauses: Legally-approved contracts that protect your data
    • Additional safeguards: Technical and organizational measures as needed

    Following the UK's departure from the EU, we continue to comply with UK GDPR requirements for international transfers.

    12. Children's Privacy

    The Service is designed for business use and is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal data, please contact us at privacy@catertrackr.com, and we will take steps to delete such information.

    13. Third-Party Links and Services

    The Service may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you access.

    14. Marketing Communications

    We may send you marketing communications about new features, updates, or related services if you have consented or where we have a legitimate interest and you have not opted out.

    You can opt out of marketing communications at any time by:

    • Clicking the "unsubscribe" link in any marketing email
    • Updating your preferences in your account settings
    • Contacting us at privacy@catertrackr.com

    Note that opting out of marketing does not affect transactional communications (such as billing notices or service alerts).

    15. Changes to This Privacy Policy

    We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:

    • We will update the "Last updated" date at the top of this page
    • We will notify you by email or through a notice in the Service
    • For significant changes, we may provide additional notice or seek your consent

    We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

    16. Mobile App Privacy (App Store Disclosures)

    This section provides additional disclosures required for mobile app stores (Apple App Store and Google Play Store).

    16.1 Data Collection Categories

    Our mobile application collects the following categories of data:

    • Contact Information: Name, email address, phone number (required for account functionality)
    • Identifiers: User ID, device identifier (used for account authentication and troubleshooting)
    • Usage Data: App interactions, feature usage patterns (used for app improvement)
    • User Content: Photos, notes, signatures (user-generated job documentation)
    • Location: Approximate location from IP address; geocoded customer addresses (used for mapping features)

    16.2 Data Linked to You

    The following data is linked to your identity: name, email, phone number, user content (photos, notes, signatures), and usage data.

    16.3 Data Not Used for Tracking

    We do not use your data to track you across apps or websites owned by other companies for advertising purposes. We do not sell your data to third parties.

    16.4 Managing Mobile App Permissions

    You can manage app permissions through your device settings:

    • Camera: Required for capturing job photos; can be disabled in device settings
    • Photos: Required for uploading existing images; can be disabled in device settings
    • Notifications: Optional; can be disabled in device settings

    Disabling certain permissions may limit app functionality (e.g., you cannot capture job photos without camera access).

    16.5 Deleting Mobile App Data

    Uninstalling the app will delete all locally cached data from your device. To delete your account and all associated data from our servers, please contact privacy@catertrackr.com or use the account deletion feature in the app settings.

    17. Data Processing Agreement

    Where you use the Service to process personal data of your customers or other data subjects, you act as the data controller and we act as your data processor. In this capacity:

    • We process data only on your documented instructions
    • We ensure our personnel are bound by confidentiality obligations
    • We implement appropriate security measures
    • We assist you in responding to data subject requests
    • We notify you of any personal data breaches
    • We delete or return data upon termination of the Service

    Enterprise customers may request a formal Data Processing Agreement. Please contact legal@catertrackr.com for more information.

    18. Contact Us

    If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

    CaterTrackr Ltd
    Data Protection Officer
    Email: privacy@catertrackr.com
    General Support: support@catertrackr.com
    Legal Enquiries: legal@catertrackr.com
    United Kingdom

    We aim to respond to all privacy-related enquiries within 5 business days.