Privacy Policy
Version 3.0 · Effective 23 April 2026
Your privacy matters
1. About this Policy
This Privacy Policy describes how Ciaran Fitzgerald, a sole trader carrying on business under the trading name "CaterKin" ("CaterKin", "we", "us", "our"), collects, uses, shares and protects personal data when you use caterkin.com, our iOS and Android apps, and related services (the "Platform"). CaterKin is in the process of incorporating as an Irish limited company; when incorporation is complete, this Policy will be updated to identify the new entity as controller and to publish its registered office address. Your rights under this Policy will transfer automatically and you will be notified in advance.
CaterKin is the data controller for the personal data described here, except where this Policy specifically identifies another controller.
Contact us at [email protected] or [email protected] at any time with questions or requests about this Policy.
This Policy operates alongside our Terms of Service and Cancellation Policy.
2. Scope and Terminology
This Policy applies to all natural persons whose personal data we process through the Platform, including Renters, Hosts, visitors, account holders and contacts named in support tickets.
"Personal data" and "Processing" have the meanings given by the GDPR (Regulation (EU) 2016/679).
3. What Personal Data We Collect
3.1 Identity data
Full name, email address, hashed password (email/password sign-up only), profile photograph (optional), role (Renter/Host/Admin), Platform user ID.
3.2 Contact data
Phone number in E.164 format (e.g. +353…) — required to receive masked calls and notifications.
3.3 Host profile, listings and operational data
Business name, years of experience, biography, country of residence, service-area coordinates and radius, cuisines, service types, dietary accommodations, allergen handling, pricing rules, portfolio photos. Host Application materials: photograph of a government-issued ID, HACCP certificate or HSE acknowledgement letter, insurance certificate if supplied, business-structure declaration. Stripe Connect: account ID and capability flags (charges_enabled, payouts_enabled, stripe_connected_at). Bank account numbers and ID documents are held by Stripe, not by CaterKin.
3.4 Booking, transaction and financial data
Booking dates, times, duration, guest count, event address, special requests and dietary notes; total amount, commission, processing fees, payout amount, refund amount; Stripe payment intent / transfer / payout IDs; dispute reason, evidence files and resolution.
3.5 Communications data
Messages between Users with timestamps and read status; in-app, email and push notification records; voice-call metadata (participants, proxy number, duration, connection outcome) — call audio is not recorded; support tickets.
3.6 Technical and device data
Device type and OS, app version, IP address and access timestamps, rough geographic region, push-notification tokens (FCM/APNs/Expo), mobile crash and performance traces via Sentry (sendDefaultPii off, session replay off).
3.7 Analytics and marketing data (cookie-consent-gated)
Page and screen views, clicks, session duration (Google Analytics 4); conversion events (Meta Pixel); aggregated session recordings with form-input masking and heatmaps (Hotjar). These load only if you opt in via our cookie banner.
3.8 Location data
Host service-area coordinates and radius (centroid of chosen city or address); Renter event address (shared with the confirmed Host only); IP-derived country/region for fraud/locale. We do not continuously track precise device location.
We do not knowingly collect special-category data (ethnicity, health, religion, politics, biometric, genetic, sexual-orientation). Please do not submit it via free-text fields. If you disclose allergen-related health information in a booking note, we process it only to deliver the Service.
4. Where Data Comes From
Directly from you — most data is supplied at registration, profile edits, Host Application, Listing, booking, messaging, support and dispute.
Automatically — technical/device data (IP, logs, crash traces) and, if you consent, analytics data.
From other Users — when another User books with you, messages you, reviews you or files a dispute about a Booking.
From third-party services you authorise — Google (sign-in, optional Calendar sync), Apple (sign-in, possibly with a @privaterelay.appleid.com email alias), Stripe (connected-account status, payouts, disputes, identity-verification outcome).
5. Why We Process Personal Data (GDPR Article 6)
| Purpose | Legal basis |
|---|---|
| Account, authentication, core Platform features (search, book, pay, message, review) | Contract — Art. 6(1)(b) |
| Processing payments and payouts | Contract and Legal obligation — Art. 6(1)(b) and (c) |
| Stripe Connect identity verification, AML | Legal obligation — Art. 6(1)(c) |
| Food-safety and allergen-handling records | Legal obligation and Legitimate interests — Art. 6(1)(c) and (f) |
| Safety, fraud prevention, abuse detection, dispute resolution | Legitimate interests — Art. 6(1)(f) |
| Service communications (booking confirmations, receipts, alerts) | Contract — Art. 6(1)(b) |
| Marketing communications (newsletter, nudges) | Consent — Art. 6(1)(a) |
| Analytics (GA4, Meta Pixel, Hotjar, PostHog) | Consent — Art. 6(1)(a) |
| Crash and performance monitoring (Sentry) | Legitimate interests — Art. 6(1)(f), with PII scrubbing |
| Compliance with court orders and regulator requests | Legal obligation — Art. 6(1)(c) |
| Establishing, exercising or defending legal claims | Legitimate interests — Art. 6(1)(f) |
Where we rely on legitimate interests, a Legitimate Interests Assessment has been conducted. You can request a summary at [email protected]. Where we rely on consent (analytics, marketing), you can withdraw it at any time.
6. Content Moderation and Platform Integrity Monitoring
To keep the marketplace safe and trustworthy, CaterKin staff may review in-app messages and enquiry and booking data — including the content of conversations between Users — to investigate suspected fraud, payment circumvention (attempts to take a transaction off-Platform to avoid fees or buyer/host protections) and off-Platform solicitation, and to enforce our Terms of Service. We rely on our legitimate interests for this processing — Art. 6(1)(f) — namely protecting Users from fraud and abuse, preventing circumvention of the protections the Platform provides, and operating a viable marketplace. A Legitimate Interests Assessment has been carried out for this activity.
Where a message breaches our Terms — for example, by soliciting payment or contact outside the Platform — we may remove it from the conversation. Such reviews are conducted by a limited number of authorised staff under role-based access controls and are logged.
You have the right to object to processing based on legitimate interests (see §12). This activity does not involve solely automated decisions producing legal or similarly significant effects (see §11).
7. Who We Share Personal Data With
We do not sell personal data. Personal data is shared with the following categories of recipients.
7.1 Other Users
Renters see a Host's display name, avatar, Listing Content, approximate service area, cuisine and event tags, ratings and reviews. Hosts see, for confirmed Bookings, a Renter's display name, avatar, event address, guest count, dietary notes and special requests. We do not share email addresses or phone numbers between Users. Messaging goes through the Platform; voice calls go through Twilio-masked numbers.
7.2 Infrastructure and core Platform
- Supabase — database, authentication, edge functions, storage, realtime messaging. Residency: EU-West-1 (Ireland).
- Render — web hosting of caterkin.com. Residency: Oregon, USA — Standard Contractual Clauses in place.
7.3 Payments and identity
- Stripe (Stripe Payments Europe Ltd.) — payments, Stripe Connect payouts, Stripe Connect identity verification, webhooks. Card numbers, bank account numbers and government-ID images are held by Stripe, not by CaterKin. Stripe operates under its own DPAs, SCCs and the EU–US Data Privacy Framework.
Veriff, previously used for identity verification, was retired in April 2026. We no longer send identity data to Veriff.
7.4 Communications
- Resend — transactional email (booking confirmations, receipts, password resets, dispute notifications, onboarding nudges). SCCs in place.
- Twilio (Twilio Ireland Ltd.) — number-masked PSTN voice calling. Residency: Ireland region. Audio is not recorded.
- Firebase Cloud Messaging (Google Ireland Ltd.) — Android push notifications.
- Apple Push Notification service (Apple Inc.) — iOS push notifications.
- Expo — mobile OTA updates and push routing. SCCs in place.
7.5 Authentication providers
- Google — "Sign in with Google" and optional Google Calendar sync for Hosts.
- Apple — "Sign in with Apple" (email may be a private-relay alias).
7.6 Maps and places
- Google Maps / Places API — address autocomplete, geocoding, map rendering.
7.7 Error monitoring
- Sentry — mobile crash and error reporting. Residency: EU (Germany).
sendDefaultPiidisabled; session replay disabled.
7.8 Analytics and marketing (consent-gated)
- Google Analytics 4 — aggregated product analytics.
- Meta Pixel — conversion measurement and advertising audiences.
- Hotjar — UX analytics, heatmaps, session recordings with sensitive fields masked.
- PostHog (PostHog Inc., EU region — Frankfurt) — product analytics: event capture (e.g. Listing Viewed, Booking Confirmed), funnels, and session recordings. Web: session recordings with all input fields masked, gated by the Behavioural toggle below. Mobile: event capture is on by default after sign-in; session recordings are opt-in via a one-time in-app consent prompt and apply heavy masking — all text inputs, message bodies, profile photos, listing images, ID documents, and the Stripe payment sheet are excluded from recordings. You can revoke mobile session-recording consent at any time by emailing [email protected]. DPA in place. Per PostHog's privacy policy.
These services are not loaded unless you consent in the cookie banner (see §14).
7.9 Authorities, advisers and acquirers
Regulators, law enforcement and courts (where we are required to disclose by law or valid court order); professional advisers (auditors, lawyers, accountants under duty of confidentiality); acquirers and investors in the course of due diligence or a corporate transaction (we take reasonable steps to ensure your rights continue to be honoured).
8. International Data Transfers
Our primary database and storage are in the European Union (Supabase EU-West-1, Ireland). Several sub-processors may process data outside the EEA, including in the United States (Stripe, Render, Resend, Google, Apple, Expo, Meta).
For transfers outside the EEA we rely on: adequacy decisions of the European Commission (including the EU–US Data Privacy Framework where the recipient is certified); Standard Contractual Clauses approved by the European Commission, supplemented by appropriate technical and organisational safeguards; and, where relevant, your explicit consent.
You can request a copy of the safeguards used for a specific transfer at [email protected].
9. Data Retention
| Category | Typical retention |
|---|---|
| Account profile data | While active + wind-down after deletion; anonymised thereafter |
| Booking, payment and payout records | 7 years from end of relevant tax year (Revenue Commissioners requirement) |
| Dispute records | 7 years (tied to the underlying Booking) |
| Messages between Users | Life of the Booking relationship; anonymised or removed shortly after account deletion |
| Twilio call metadata | Same period as the related Booking, up to 2 years for abuse-prevention |
| Sentry crash events | Sentry defaults (~30 days for traces; longer for issues) |
| Server / access logs | Up to 90 days (longer if required for a security investigation) |
| Marketing consent records | 2 years from last activity |
| Cookie consent records | 12 months, then re-prompted |
| Backups | Rolling encrypted backups, up to 35 days |
After the retention period ends, we delete or irreversibly anonymise data.
10. Data Security
We maintain technical and organisational measures including:
- TLS 1.2+ for all data in transit;
- encryption at rest for the production database and file storage;
- Row-Level Security (RLS) policies at the database layer, enforced in every exposed schema;
- strict least-privilege administrator access with role-based access controls and audit logging;
- chunked, encrypted on-device storage of mobile session tokens;
- signed and dedicated webhook handling for payments, with idempotency guards;
- rate limiting on authentication, messaging and payment endpoints;
- regular dependency and security reviews.
If we discover a breach likely to result in a risk to your rights and freedoms, we will notify the Data Protection Commission within 72 hours and, where the risk is high, notify you as soon as reasonably practicable.
11. Automated Decision-Making
We do not make decisions based solely on automated processing that produce legal or similarly significant effects concerning you. Stripe, our payments sub-processor, may use automated fraud-detection systems; if Stripe declines a transaction on that basis, you can request a human review directly with Stripe.
12. Your Rights Under the GDPR
Subject to legal restrictions, you have the right to:
- access the personal data we hold about you and to receive a copy;
- rectify inaccurate data;
- erase your data (right to be forgotten) where applicable;
- restrict processing in specific circumstances;
- portability — receive your data in a structured, commonly used, machine-readable format (JSON);
- object to processing based on legitimate interests, including objection to direct marketing at any time;
- withdraw consent at any time, without affecting the lawfulness of prior processing;
- not be subject to solely automated decisions producing legal or similarly significant effects.
How to exercise a right. From the app or web:
- Download your data — Settings → Privacy & Security → "Download my data" triggers our
export-user-dataedge function and returns a JSON file. - Delete your account — Settings → Privacy & Security → "Delete my account", type
DELETEto confirm. Invokesdelete-accountwhich checks for active bookings, deletes messages, reviews, notifications, saved listings, referral and verification records, anonymises historical bookings, and marks your Stripe Connect account for deactivation. Some records are retained in anonymised form to preserve historical bookings the other User is party to and to meet our legal retention obligations. - Rectify profile information from your profile page.
- Withdraw analytics consent from the cookie banner.
- Withdraw marketing consent from the unsubscribe link in any marketing email.
You can also email [email protected] or [email protected]. We respond within one month, extendable by up to two further months for complex requests. We will not charge for a request unless it is manifestly unfounded or excessive.
Right to complain. You can lodge a complaint with the Irish Data Protection Commission at any time: 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland · +353 1 765 0100 · www.dataprotection.ie. If you are resident outside Ireland, you may complain to the supervisory authority in your country of residence.
13. Children
The Platform is intended for users aged 18 or over. We do not knowingly collect personal data from children under 18. If you believe we have collected personal data from a child under 18, contact [email protected] and we will delete it promptly.
14. Cookies and Similar Technologies
We use cookies, local storage and similar technologies to operate the Platform, remember preferences and — with your consent — measure usage and run marketing.
The cookie banner on caterkin.com distinguishes three categories:
- Strictly necessary — always on (session, authentication, CSRF, load-balancing). No consent required.
- Analytics & ads — Google Analytics 4, Meta Pixel and PostHog. Default off; load only after consent.
- Behavioural — Hotjar session recordings. Default off; load only after consent.
Your cookie choices are stored in your browser's local storage under caterkin_cookie_consent with a timestamp and boolean flags for each category. You can clear this at any time from the banner's "Manage preferences" link or by clearing site data.
On mobile we do not use web-browser cookies; we use operating-system push tokens, encrypted on-device storage, and app-scope identifiers.
We respect Global Privacy Control signals where they clearly indicate withdrawal of consent to non-essential processing.
15. Mobile App Permissions
The iOS and Android apps ask for the following device permissions, all of which you can grant or deny at the OS level:
- Camera / Photo Library — upload avatars, listing photos, portfolio photos and dispute evidence.
- Location Services — prefill your location in search and Host service-area setup. Coarse location only; no continuous tracking.
- Microphone — active voice calls via Twilio only.
- Push Notifications — booking, message, dispute and payment alerts.
- Contacts, Bluetooth, Motion, Biometrics — not used.
16. Host-Specific Disclosures
Because Hosts act as independent businesses, we process some additional data about Hosts: HSE / food-safety evidence (HACCP certificate, HSE letter, business-structure declaration, insurance certificate if applicable), Stripe Connect identity-verification outcomes and account capability flags, earnings summaries and payout history (retained under the 7-year tax-records rule), and Host Application answers (retained after an unsuccessful or withdrawn application for abuse-prevention).
Hosts are responsible for the personal data they see in Renters' booking notes (e.g. allergies, dietary health information, event address) and must use that data only to deliver the Booking and not for any other purpose. Hosts must delete or anonymise such information after the Booking is complete unless there is a specific, legitimate reason to retain it.
17. Renter-Specific Disclosures
Renters' event addresses are shared only with the specific Host whose Booking has been confirmed and are retained in the Booking record for dispute and audit purposes. Renters' payment credentials are tokenised by Stripe; CaterKin does not see or store card numbers.
18. Marketing Communications
Transactional emails (booking confirmations, receipts, dispute notices, policy changes, security alerts) are sent regardless of marketing opt-in because they are necessary to perform our contract with you.
Marketing emails and Host onboarding nudges (e.g. listing-creation encouragement, Founding Chef reminders, product launches) are sent only where you have consented, and always with a one-click unsubscribe. Host onboarding nudges are throttled to a defined cadence (presently 24h and 48h after connecting your Stripe account) and pause automatically once you have created a Listing or opted out.
Email-for-message notifications are throttled: for any given sender–recipient pair, we send at most one email every 60 minutes — subsequent messages in the same window only produce a push notification.
19. Changes to this Privacy Policy
We may update this Policy from time to time. Where changes are material, we will give you at least 14 days' notice by email and by in-Platform notice. The current version and revision history will always be available at caterkin.com/privacy-policy.
20. Contact Us
General privacy enquiries and requests: [email protected]
Data Protection Officer (voluntary privacy contact): [email protected]
Supervisory authority (Ireland): Data Protection Commission — Ireland · 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
A postal address for service of data-protection notices on CaterKin will be published in this section once CaterKin completes its incorporation as an Irish limited company.
Document version 3.0 · Effective 23 April 2026 · Previous version 2.0 (9 April 2026)