Log inStart Free Trial

Privacy Policy

Last updated: January 2025

1. Introduction

Paddl ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our hospitality operations software platform and related services.

We process personal data in accordance with UK data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

2.1 Information You Provide

We collect information you provide directly to us, including:

  • Account Information: Name, email address, phone number, job title, and business details when you create an account
  • Business Content: Documents, training materials, checklists, equipment records, and other content you upload to the Service
  • Communications: Information in messages you send to us, including support requests and feedback
  • Payment Information: Billing details processed securely through our payment provider, Stripe

2.2 Information Collected Automatically

When you use our Service, we automatically collect certain information, including:

  • Usage Data: Pages viewed, features used, actions taken, and time spent in the Service
  • Device Information: Device type, operating system, browser type, and screen resolution
  • Log Data: IP address, access times, and referring URLs
  • Cookies: See Section 7 for details on our use of cookies

2.3 Mobile Application Data

When you use our mobile application, we may collect additional information, including:

  • Location Data: With your permission, we collect precise location data when you use the staff check-in feature. Location is only collected when you actively use this feature, not in the background
  • Camera and Photos: When you upload documents, capture signatures, or take photos within the app, we access your camera or photo library only for that specific purpose
  • Push Notification Tokens: We collect device tokens to send you task reminders, shift notifications, and other important updates
  • Device Identifiers: We collect device identifiers for authentication, security, and to maintain your session across app restarts

You can manage location and notification permissions through your device settings at any time.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process your subscription and payments
  • Send you technical notices, updates, and support messages
  • Respond to your comments, questions, and requests
  • Monitor and analyse trends, usage, and activities in connection with the Service
  • Detect, investigate, and prevent fraudulent transactions and other illegal activities
  • Personalise and improve your experience
  • Send you marketing communications (with your consent, where required)

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contract: Processing necessary to perform our contract with you (providing the Service)
  • Legitimate Interests: Processing necessary for our legitimate business interests, such as improving the Service and preventing fraud
  • Consent: Processing based on your consent, such as for marketing communications
  • Legal Obligation: Processing necessary to comply with legal requirements

5. Data Sharing and Disclosure

We may share your information with:

  • Service Providers: Third-party companies that provide services on our behalf, including:
    • Stripe: For payment processing. Stripe processes your payment information in accordance with their Privacy Policy
    • Cloud Infrastructure: For hosting and data storage within the UK/EEA
    • Email Services: For transactional emails such as invitations and password resets
    • AI Services: For powering our AI assistant and content generation features. Your queries are processed but not used to train AI models
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • Legal Requirements: When required by law or to protect our rights and safety
  • With Your Employer: If you are a staff member using the Service, your business administrator may have access to your activity data, check-in records, and task completions

We do not sell your personal data to third parties for their marketing purposes.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. After account termination, we retain data for 30 days to allow for export, then permanently delete it, unless we are required to retain it for legal purposes.

We may retain anonymised, aggregated data indefinitely for analytical purposes.

7. Cookies and Tracking

We use cookies and similar technologies to collect usage information and improve the Service. The types of cookies we use include:

  • Essential Cookies: Required for the Service to function properly
  • Analytics Cookies: Help us understand how you use the Service
  • Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of the Service.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Encryption of data in transit and at rest
  • Regular security assessments and penetration testing
  • Access controls and authentication requirements
  • Employee training on data protection
  • Incident response procedures

While we strive to protect your personal data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

9. International Transfers

Your data is stored on servers located within the UK or European Economic Area. If we transfer data outside these regions, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

10. Your Rights

Under UK data protection law, you have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate or incomplete data
  • Erasure: Request deletion of your personal data in certain circumstances
  • Restriction: Request limitation of processing in certain circumstances
  • Portability: Request transfer of your data to another service provider
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent for processing where consent is the legal basis

To exercise these rights, please contact us at info@paddl-ai.co. We will respond within one month.

11. Children's Privacy

The Service is not intended for children under 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: info@paddl-ai.co

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have not handled your personal data properly. You can contact the ICO at ico.org.uk.