Privacy Policy

This Privacy Policy describes how CaterShift (trading name of Ashton IT Services Ltd, registered in England and Wales, Company No. 15787405) collects, uses, and protects your personal data when you use our services or visit our website.

1. Information We Collect

We may collect personal information including but not limited to:

• Full name and contact details (email address, phone number)
• Business details (company name, location)
• Login credentials and user preferences
• Payment and billing information (processed by our payment provider, Stripe)
• Usage and technical data (IP address, browser, device type, pages viewed)

2. How We Use Your Information

We use your information to:

• Provide, secure, and maintain our services (authentication, account management)
• Process payments and manage subscriptions via Stripe
• Respond to support enquiries and provide customer success
• Improve our website and app (diagnostics, performance, UX)
• Comply with legal obligations and enforce our terms

3. Legal Bases (UK GDPR)

• Contract: to provide the CaterShift service you sign up for.
• Legitimate interests: security, fraud prevention, product improvement (where proportionate).
• Consent: for non-essential third-party media (e.g., YouTube) loaded only if you choose to play a video.
• Legal obligation: tax, accounting, and regulatory record-keeping.

4. Sharing Your Information

We do not sell your personal information. We share limited data with trusted providers:

• Stripe (payments & fraud prevention)
• Supabase (database & authentication)
• YouTube (embedded videos; cookies may set only if you click “Allow & Play”)
• Regulators and authorities where required by law

5. Data Storage, Security & Transfers

We use reputable cloud providers with strong security. Access is restricted to authorised personnel. Where data is transferred outside the UK/EEA, we rely on appropriate safeguards (e.g., Standard Contractual Clauses or UK IDTA).

6. Cookies & Similar Technologies

We use cookies and similar technologies to operate our site and app. By default, we only set essential cookies required to provide the service. We do not currently use analytics or advertising cookies.

6.1 Essential (Strictly Necessary)

These cookies are required for our site/app to function and are set without consent.

• Supabase Auth: keeps you logged in and secures your session.
• Stripe: enables secure checkout and fraud prevention.

6.2 Embedded Media (Optional, Per-Video)

We may display YouTube videos using privacy-enhanced mode (youtube-nocookie.com). We show a local preview with an “Allow & Play” button. The YouTube player only loads — and YouTube may set its own cookies — if you choose to play the video. If you do not click “Allow & Play”, no YouTube content or cookies are loaded.

6.3 Managing Your Choice

• You can choose whether to play embedded videos. This choice is separate from essential cookies.
• You can block cookies in your browser; essential cookies are required to use the app.

7. Retention

We keep personal data only for as long as necessary for the purposes above. Account, billing, and support records are retained to meet legal/financial obligations, then securely deleted or anonymised.

8. Your Rights (UK GDPR)

• Access, rectification, erasure
• Restriction or objection to processing
• Data portability
• Withdraw consent at any time (for consent-based processing such as embedded media)

9. Third-Party Policies

• Stripe Privacy Policy
• Supabase Privacy
• Google/YouTube Privacy

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the latest version here with the effective date.

11. Contact Us

Questions about privacy or cookies? Email support@catershift.com