Privacy Policy

Last updated: 10 September 2025

Effective date: 10 September 2025

1. Introduction

timepup ("we", "our", or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our business management platform and services.

We are the data controller for the personal data we process about you. Our Data Protection Officer can be contacted at dpo@timepup.com.

2. Information We Collect

2.1 Personal Information You Provide

  • Account Information: Name, email address, phone number, business details
  • Profile Information: Professional details, business description, location
  • Business Data: Services offered, pricing, availability, staff information
  • Client Data: Client contact details, appointment history, preferences
  • Communication Data: Messages, support requests, feedback
  • Payment Information: Billing details (processed securely by Stripe)

2.2 Information We Collect Automatically

  • Usage Data: How you interact with our platform, features used, time spent
  • Device Information: Browser type, operating system, device identifiers
  • Location Data: IP address, general geographic location
  • Technical Data: Log files, error reports, performance metrics

2.3 Information from Third Parties

  • Authentication Providers: Google OAuth (if you sign in with Google)
  • Payment Processors: Stripe payment confirmations and transaction data
  • SMS Services: Delivery confirmations from Twilio

3. How We Use Your Information

3.1 Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contract: To provide our services and fulfill our obligations to you
  • Consent: For marketing communications and non-essential features
  • Legitimate Interests: To improve our services, prevent fraud, ensure security
  • Legal Obligation: To comply with applicable laws and regulations

3.2 Purposes of Processing

  • Provide and maintain our business management platform
  • Process appointments, bookings, and payments
  • Send service-related communications and notifications
  • Provide customer support and respond to inquiries
  • Improve our services and develop new features
  • Ensure platform security and prevent fraud
  • Send marketing communications (with your consent)
  • Comply with legal obligations and resolve disputes

4. Information Sharing and Disclosure

4.1 Third-Party Service Providers

We share your data with trusted third-party processors who help us provide our services:

  • Supabase: Database hosting and authentication (United States)
  • Vercel: Web hosting and content delivery (United States)
  • Stripe: Payment processing (United States)
  • Twilio: SMS and communication services (United States)
  • Resend: Email delivery services (United States)
  • Mapbox: Mapping and location services (United States)

All third-party processors are bound by Data Processing Agreements (DPAs) and must comply with GDPR requirements when processing your data.

4.2 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your personal data may be transferred. We will notify you before your data becomes subject to a different privacy policy.

4.3 Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request, or to protect our rights, property, or safety.

5. Data Retention

We retain your personal data only for as long as necessary:

  • Account Data: Until you delete your account, plus 30 days for recovery
  • Business Records: 7 years for accounting and tax purposes
  • Marketing Data: Until you withdraw consent or 3 years of inactivity
  • Support Communications: 2 years for quality assurance
  • Legal Compliance: As required by applicable laws

6. Your Rights Under GDPR

You have the following rights regarding your personal data:

6.1 Right of Access

You can request a copy of all personal data we hold about you.Download your data

6.2 Right to Rectification

You can correct inaccurate or incomplete personal data.Update your profile

6.3 Right to Erasure (Right to be Forgotten)

You can request deletion of your personal data in certain circumstances.Delete your account

6.4 Right to Restrict Processing

You can request that we limit how we use your personal data in certain situations.

6.5 Right to Data Portability

You can request your data in a structured, machine-readable format to transfer to another service.

6.6 Right to Object

You can object to processing based on legitimate interests or for marketing purposes.

6.7 Right to Withdraw Consent

You can withdraw consent for marketing communications at any time.Manage preferences

6.8 Right to Lodge a Complaint

You can file a complaint with the Information Commissioner's Office (ICO) in the UK or your local data protection authority.

7. Data Security

We implement robust security measures to protect your data:

  • Encryption in transit and at rest
  • Regular security audits and penetration testing
  • Access controls and staff training
  • Secure authentication and authorization
  • Regular backups and disaster recovery procedures
  • Incident response and breach notification procedures

8. International Data Transfers

Some of our service providers are located outside the UK/EU. We ensure adequate protection through:

  • Standard Contractual Clauses (SCCs)
  • Data Processing Agreements with GDPR compliance requirements
  • Additional safeguards where necessary

9. Cookies and Tracking

We use cookies and similar technologies to improve your experience. See our Cookie Policy for details.

10. Children's Privacy

Our services are not intended for children under 16. We do not knowingly collect personal data from children under 16. If you believe we have collected such data, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or through our platform. Your continued use of our services constitutes acceptance of the updated policy.

12. Contact Us

For any privacy-related questions or to exercise your rights, contact us:

13. Regulatory Information

  • ICO Registration Number: [To be obtained]
  • Data Protection Authority: Information Commissioner's Office (ICO)
  • ICO Website: ico.org.uk
This site uses tracking technologies. You may opt in or opt out of the use of these technologies.