CaterCloud

Privacy Policy

Last updated: 15 May 2026

Pivot Digital Pty Ltd (trading as CaterCloud; "we", "us", "our") operates the CaterCloud platform, a catering business management service. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By creating an account or using CaterCloud you consent to the practices described in this policy.

We are committed to compliance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), including the Notifiable Data Breaches (NDB) scheme. Where applicable, we also observe the requirements of the EU General Data Protection Regulation (GDPR) for users accessing the Service from within the European Economic Area.

1. Information We Collect

1.1 Information you provide directly

  • Account details: name, email address, password (hashed — never stored in plaintext), business name, and ABN (where provided)
  • Profile information: phone number, business address, logo, photos, and social media handles
  • Business data: events, contacts, quotes, invoices, staff details, menus, packages, wage rates, and financial records you create or import
  • Payment information: subscription payment credentials are processed securely by Stripe — we do not store full card numbers, CVV codes, or full bank account details
  • Communications: messages, support requests, feedback, and survey responses you send us
  • Verification information: if required, government-issued ID or business registration documents for account verification purposes

1.2 Information from Google Sign-In

If you sign in with Google, we receive your name, email address, and profile picture from Google. We use this solely to create and authenticate your CaterCloud account. We do not access your Google Drive, Gmail, Google Contacts, or any other Google service beyond the basic profile information described above.

Google Limited Use disclosure: CaterCloud's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Data received from Google Sign-In is used solely to create and authenticate your account. It is not used for advertising, profiling, or shared with third parties for any purpose unrelated to account authentication and the provision of the Service.

You can revoke CaterCloud's access to your Google account at any time via myaccount.google.com/permissions. Revoking access does not delete your CaterCloud account — you can continue to authenticate with your email and password, or re-grant Google access at any time.

1.3 Information collected automatically

  • Log data: IP address, browser type and version, pages visited, referring URL, time and date of visits, session duration
  • Device information: operating system, device type, screen resolution, and device identifiers
  • Usage data: features accessed, actions taken within the platform (e.g. quote created, event status changed), and performance metrics
  • Cookies and similar tracking technologies — see Section 7 for details

1.4 Information from third-party integrations

When you connect third-party services (Xero, Square, Stripe), we receive data from those services as authorised by you during the OAuth connection flow. For example, when you connect Xero, we receive invoice and payment data from your Xero account for the purpose of syncing it with your CaterCloud records. Each integration is governed by the respective provider's privacy policy in addition to ours. You can revoke any integration at any time from within the platform settings or directly from the third-party provider.

1.5 Location data

When you use the Event Discovery feature, we collect the address of your operation (which you provide in operation settings) and geocode it — converting it to latitude and longitude coordinates — using the Nominatim geocoding service (powered by OpenStreetMap). These coordinates are used to identify public events near your operation's location. Your exact coordinates are not shared publicly. You can disable Event Discovery at any time from your operation settings.

1.6 Staff data

When you add team members or staff to your account, we collect their name, email address, phone number, role, and availability. This information is stored under your tenant and is used to power scheduling, shift assignments, shift notifications (email and SMS), and wage cost reporting. Staff data is shared with the relevant staff member only as directed by you — for example, when you send them a shift confirmation or roster notification.

1.7 Customer and end-user data

Your customers' personal information — including their name, email address, phone number, company name, and event details — is stored under your tenant. You are the data controller for this information; CaterCloud acts only as a data processor on your instructions. We process your customers' data only to provide the Service to you. We do not contact your customers independently, use their data for our own marketing, or share it with third parties except as part of delivering the Service (e.g. sending a quote email via Resend, or an SMS notification via MessageMedia, at your direction).

1.8 Calendar and scheduling data

CaterCloud publishes a read-only ICS calendar feed of your events. You can subscribe to this feed from Google Calendar, Outlook, Apple Calendar, or any compatible calendar application. This feed is generated from your CaterCloud event data and is hosted by us — we do not call Google Calendar's API or modify any external calendar on your behalf. The ICS feed URL is unique to your account; treat it as confidential.

1.9 Financial data

Quote values, invoice amounts, payment statuses, deposit records, wage costs, and cost-of-goods entries are stored to power the financial reporting features of the Service (P&L reports, wage cost summaries, event-level margin analysis). Full credit card or bank account numbers are never stored by CaterCloud — Stripe handles all payment tokenisation and card data storage under its own PCI DSS compliant environment.

1.10 Google Analytics

We use Google Analytics 4 (GA4) to collect anonymised usage statistics about how the Service is accessed and used. GA4 collects information such as pages visited, session duration, device type, and browser type. This data is associated with a randomly generated analytics identifier — it is not linked to your CaterCloud account, name, or email address. We do not send personally identifiable information to Google Analytics.

We do not use Google Analytics Remarketing, Google Ads, or any advertising targeting features. We do not use Facebook Pixel or any other advertising network analytics. You can opt out of Google Analytics using the Google Analytics Opt-out Browser Add-on. See also §7b for cookie-level details.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing the Service: creating your account, operating the platform, processing your data, and delivering all features described in §1 of our Terms of Service
  • Processing payments: managing your subscription billing through Stripe, sending invoices and receipts, and handling failed payment recovery
  • Transactional communications: sending quotes, invoices, booking confirmations, payment receipts, and shift notifications on your behalf (via Resend for email and MessageMedia for SMS — only when you trigger such an action)
  • Service communications: sending product updates, security notices, maintenance alerts, and important account information
  • Customer support: responding to your enquiries, troubleshooting issues, and handling complaints
  • Product improvement: analysing anonymised, aggregated usage patterns to understand how the Service is used and where to invest in improvements
  • AI features: when you use AI-assisted features (quote drafting, menu analysis, event discovery), the content you submit is sent to Anthropic for processing. Anonymised and aggregated data (e.g. menu item names, event types) may be used to improve AI suggestions internally; raw customer PII is not sent to Anthropic without your explicit action
  • SMS notifications: shift reminders, booking confirmations, and other SMS messages are sent via MessageMedia only when you explicitly trigger an SMS action from within the platform
  • Geocoding: operation addresses are geocoded via Nominatim (OpenStreetMap) for the Event Discovery feature — only address strings are sent; no account identity is attached
  • Security and fraud prevention: detecting and preventing unauthorised access, abuse, fraud, and security incidents; monitoring for Terms of Service violations
  • Legal compliance: meeting our obligations under applicable law, including the Australian Privacy Act, tax law, and anti-money-laundering obligations

We do not use your data to serve third-party advertising. We do not sell, rent, or trade your personal information to any third party for their own marketing purposes.

3. How We Share Your Information

3.1 Sub-processors and service providers

We use trusted third-party service providers ("sub-processors") to operate the platform. Each provider is engaged under a data processing agreement and is bound by confidentiality and data protection obligations:

  • Vercel — web hosting, deployment, and global CDN (data processed in US and global edge locations). Vercel hosts the Next.js application layer.
  • Supabase / AWS ap-southeast-2 (Sydney) — primary database and file storage. Your account data, events, contacts, quotes, invoices, menus, and files are stored in the Sydney AWS region. Backups are encrypted and retained for 30 days.
  • Stripe — subscription billing, payment link processing, and payment tokenisation. Stripe is PCI DSS Level 1 certified. We share only the minimum data required to process your subscription and to enable Stripe payment links you send to your customers.
  • Resend — transactional email delivery (quotes, invoices, booking confirmations, shift notifications sent on your behalf). Email content is logged by Resend for delivery tracking.
  • MessageMedia — SMS delivery for Australian phone numbers. SMS messages are sent only when you explicitly trigger an SMS action from the platform.
  • Anthropic — AI feature inference. When you use AI-powered features, the content you submit is processed by Anthropic's API. Anonymised prompts only — we do not send your customers' personally identifiable information to Anthropic without your explicit action. Anthropic does not use API-submitted content to train its models.
  • Sentry — error and performance monitoring. Sentry receives stack traces and application error logs. We configure Sentry to exclude personally identifiable information from error payloads; however, if a user-provided value appears in a stack trace variable, it may be captured. Sentry data is retained for 90 days.
  • Google — two services: (1) Google Sign-In: receives your name, email, and profile picture for account authentication only (see §1.2); (2) Google Analytics 4: receives anonymised usage metrics (see §1.10). Google acts as an independent data controller for data processed through its own services. We do not access any other Google API.
  • Nominatim / OpenStreetMap — geocoding service for the Event Discovery feature. We send operation address strings to Nominatim to obtain latitude/longitude coordinates. No account identity or personal data is attached to geocoding requests.

3.2 Your customers and contacts

Information you enter about your customers is shared with those customers only as directed by you — for example, when you send a quote email, an invoice, a booking confirmation, or an SMS notification from the platform.

3.3 Legal requirements

We may disclose your information if required by law, court order, regulatory authority, or government demand, or where we reasonably believe disclosure is necessary to protect the rights, property, or safety of CaterCloud, our users, or the public. We will endeavour to notify you of such requests where legally permitted to do so.

3.4 Business transfers

If CaterCloud is acquired by or merges with another entity, or if substantially all of our assets are sold or transferred, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a materially different privacy policy, and you will have the opportunity to delete your account if you do not wish to continue.

3.5 Staff and team member access

Users you invite to your CaterCloud account can access data according to the role you assign them. Owners and admins have full read/write access to all data in your tenant. Managers have access to event and staff management functions. Staff have limited operational access (e.g. their own shifts and event details). Viewers have read-only access. You control role assignments and are responsible for keeping them current (e.g. revoking access when a team member leaves).

4. Data Storage and Security

4.1 Storage locations

Your primary account data is stored on servers in Australia (AWS ap-southeast-2, Sydney) via Supabase. Application-layer processing is distributed globally via Vercel's edge network, which may involve servers in other jurisdictions (principally the United States). By using the Service, you consent to this cross-border processing.

4.2 Security measures

We implement the following technical and organisational security measures:

  • Multi-tenant data isolation: each account's data is scoped by a unique tenant ID. Every database query enforces a tenantId filter derived from the authenticated session — it is not possible to supply a tenant ID through any API request. No account can access another account's data.
  • Encryption at rest: database storage is encrypted at rest by Supabase/AWS using AES-256
  • Encryption in transit: all connections to the Service use TLS 1.2 or higher. Unencrypted HTTP connections are redirected to HTTPS
  • Application-layer encryption: sensitive credentials (e.g. OAuth tokens for Xero, Square, Stripe integrations, SMS API keys) are encrypted with AES-256-GCM before storage in the database
  • Password hashing: user passwords are hashed using bcrypt with per-user salts. We never store plaintext passwords and cannot retrieve your password
  • Role-based access controls: permissions are enforced server-side on every API request based on the authenticated user's role. Front-end gating is supplementary only
  • Audit logging: significant account actions (e.g. role changes, data exports, integrations connected/disconnected) are logged with user ID and timestamp
  • Dependency monitoring: we monitor for security vulnerabilities in our software dependencies and apply patches promptly

No method of data transmission or storage is 100% secure. While we use commercially reasonable means to protect your data, we cannot guarantee absolute security against all threats. If you discover a security vulnerability in the Service, please report it responsibly to info@catercloud.io.

5. Data Retention

  • Active accounts: your personal information and business data are retained for as long as your account is active and your subscription is current.
  • After cancellation or termination: your account enters a 30-day export window during which you can export all your data using the built-in export tools (Events, Contacts, Quotes, Financial reports — CSV/JSON format). After 30 days, your data is queued for permanent deletion. Full deletion is completed within 90 days of the queue date.
  • Legal hold — financial records: invoice records, payment records, and financial transaction data may be retained for up to 7 years as required under Australian tax law (Income Tax Assessment Act 1997 and related legislation), even after account deletion. These records are retained in anonymised or minimised form where possible.
  • Database backups: encrypted database backups are retained for 30 days, after which they are permanently purged from all backup stores.
  • AI interaction logs: content sent to Anthropic for AI feature processing is not retained by CaterCloud beyond the API request/response cycle. Anthropic's own data retention policies apply to data processed through their API.
  • Error logs (Sentry): error and performance data captured in Sentry is retained for 90 days.
  • Analytics data (Google Analytics): anonymised analytics data is retained by Google in accordance with Google's data retention settings (we configure a 14-month retention window).

6. Your Rights

Under the Australian Privacy Act 1988 (Cth) and, where applicable, the GDPR, you have the following rights in relation to your personal information:

Access

You have the right to request a copy of the personal information we hold about you. Email info@catercloud.io with the subject line "Data Access Request". We will provide your data in CSV/JSON format within 30 days. Most of your business data is also directly accessible and exportable from within the platform at any time.

Correction

You can correct or update most of your personal information directly within the platform (account settings, profile settings). For records you cannot self-edit, email info@catercloud.io with the details of the correction required.

Deletion

You can delete your account and request deletion of your personal data by emailing info@catercloud.io with the subject line "Account Deletion Request". Account deletion and personal data deletion are completed within 90 days, subject to any legal holds described in §5. We recommend exporting your data before requesting deletion.

Portability

You can export your data at any time using the built-in export tools in the platform (Events, Contacts, Quotes, Financial reports — exported in CSV or JSON format). For a full account export, email info@catercloud.io.

Objection to processing

Where we process your personal information on the basis of our legitimate interests, you have the right to object. Email info@catercloud.io with a description of the processing you object to. We will assess your objection and respond within 30 days.

Opt-out of marketing

You can opt out of marketing communications at any time by clicking the unsubscribe link in any marketing email, or by adjusting your notification preferences in account settings. Opting out of marketing does not affect transactional emails (e.g. subscription receipts, security alerts) which are necessary for the operation of your account.

Google Sign-In revocation

If you signed in with Google, you can revoke CaterCloud's access to your Google account at any time via myaccount.google.com/permissions. Revoking access does not delete your CaterCloud account — you can re-authenticate with your email and password, or re-grant Google access at any time.

Lodging a complaint

If you believe we have handled your personal information in a way that is inconsistent with the Australian Privacy Act or the APPs, you may lodge a complaint with us first by emailing info@catercloud.io. We will respond within 30 days. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or by phone on 1300 363 992.

7. Cookies

We use cookies and similar browser storage technologies. We use three categories of cookies:

7.1 Essential / session cookies

These cookies are required for the Service to function. They keep you authenticated between page loads and protect against cross-site request forgery (CSRF). They cannot be disabled without breaking core functionality such as logging in. These cookies are session-scoped or have a short expiry (typically 30 days for "keep me signed in" sessions).

7.2 Preference cookies

These cookies store your UI preferences such as sidebar collapse state, theme selection, and notification dismissals. They can be cleared via your browser settings; doing so will reset your UI preferences but will not affect your account data or login status.

7.3 Analytics cookies

We use Google Analytics 4 (GA4), which sets analytics cookies to distinguish unique users and sessions. These cookies do not contain personally identifiable information and are not used for advertising or cross-site tracking. We do not use Google Ads, Facebook Pixel, or any other advertising network cookies. See §7b for how to opt out of analytics cookies.

You can manage or delete cookies at any time through your browser settings. Note that disabling essential cookies will prevent you from logging in to the Service.

7a. Data Breach Notification

In the event of an eligible data breach affecting your personal information as defined under the Notifiable Data Breaches (NDB) scheme (Part IIIC of the Australian Privacy Act 1988), we will:

  • Notify affected users as soon as practicable after becoming aware of the breach, and no later than 30 days after becoming aware (or within 72 hours where the GDPR applies)
  • Notify the Office of the Australian Information Commissioner (OAIC) as required
  • Provide details in our notification of: the nature of the breach, the categories of data affected, the likely consequences, and the steps we have taken or propose to take in response
  • Take prompt remedial action to contain the breach and prevent further unauthorised access

If you become aware of or suspect a security breach involving your CaterCloud account, please contact us immediately at info@catercloud.io.

7b. Google Analytics Opt-Out

Google Analytics sets cookies (typically named _ga and _gid) to distinguish users across sessions and measure usage. These cookies do not contain personally identifiable information and are not used for advertising targeting.

You can opt out of Google Analytics measurement in the following ways:

  • Install the Google Analytics Opt-out Browser Add-on (available for Chrome, Firefox, Safari, Opera, and Edge)
  • Clear and block _ga cookies via your browser's cookie management settings
  • Use a browser extension that blocks tracking scripts globally

Opting out of Google Analytics does not affect your use of the CaterCloud Service or your account data.

8. Children's Privacy

CaterCloud is a business management platform intended exclusively for adults operating catering businesses. The Service is not directed at children under the age of 16. We do not knowingly collect, solicit, or process personal information from children under 16. If we become aware that we have inadvertently collected personal information from a child under 16, we will take prompt steps to delete that information. If you believe we may have collected information from a child, please contact us at info@catercloud.io.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes to our data practices, service features, or legal obligations. We will notify you of material changes by:

  • Sending an email to the address associated with your account, and/or
  • Displaying a prominent notice within the platform

We will provide at least 14 days' advance notice before a material change takes effect. Continued use of the Service after the effective date of a change constitutes your acceptance of the updated policy. We recommend reviewing this page periodically. The "Last updated" date at the top of this page reflects when material changes were last made.

10. International Users

CaterCloud is operated from Australia and is primarily designed for Australian businesses. If you access the Service from outside Australia, please be aware that your information may be transferred to, stored, and processed in Australia and the United States (and potentially other countries where our sub-processors operate). By using the Service, you consent to such transfers.

Where we transfer personal information outside Australia, we take steps to ensure it receives a comparable level of protection, including by engaging sub-processors under data processing agreements that meet the requirements of the Australian Privacy Principles.

11. Contact and Complaints

For any privacy-related questions, requests, or complaints, please contact our privacy officer:

  • Email: info@catercloud.io
  • Subject line: Privacy — [nature of enquiry]
  • Website: catercloud.io

We will acknowledge your request within 5 business days and aim to respond fully within 30 days. For complex requests we may extend this to 60 days with notice.

If you are not satisfied with our response, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC):

  • Website: oaic.gov.au
  • Phone: 1300 363 992
  • Post: GPO Box 5218, Sydney NSW 2001
Privacy Policy — CaterCloud | CaterCloud