GDPR Statement

The Cafe App Ltd
Effective Date: 1st May 2025

1. Who We Are

The Cafe App Ltd is a UK-registered company that develops and manages mobile and web applications for public use. We are the data controller of personal information collected through our apps, websites, and services.

For data protection queries, you can contact us at:
📧 AppSupport@thecafeapp.com

2. What Data We Collect

We may collect the following types of personal data, depending on the service or product you use:
- Name, email address, and contact information
- Location data (with your consent)
- Login credentials (encrypted)
- App usage analytics and crash logs
- Payment or billing information (if applicable)
- Any content or communications you choose to share within the app

We do not knowingly collect data from children under the age of 13 without parental consent.

3. How We Use Your Data

Your personal data is used for the following purposes:
- To provide and maintain our apps and services
- To communicate with you, including responding to queries
- To personalise user experience and improve app performance
- To comply with legal obligations
- To prevent fraud, abuse, or misuse of our services

We do not sell your data to third parties.

4. Your Rights Under GDPR

You have the following rights regarding your personal data:
- Access – Request a copy of the personal data we hold about you
- Correction – Request correction of inaccurate or incomplete data
- Erasure – Request deletion of your data ("right to be forgotten")
- Restriction – Request restriction of processing under certain conditions
- Objection – Object to processing, including for direct marketing
- Data Portability – Request transfer of your data to another provider

To exercise any of these rights, please contact us at AppSupport@thecafeapp.com.

5. Data Retention

We retain your personal data only as long as necessary to provide our services or comply with legal obligations. After that, data is securely deleted or anonymised.

6. Data Security

We use appropriate technical and organisational security measures to protect your data, including encryption, secure servers, access controls, and regular reviews of our data protection practices.

7. Third-Party Services

Where our apps or services rely on third-party providers (e.g. payment processors, analytics platforms), we ensure they also comply with UK GDPR through appropriate contractual safeguards (such as Data Processing Agreements).

8. International Data Transfers

Where data is transferred outside the UK, we ensure adequate protection is in place, such as UK-approved standard contractual clauses or verified adequacy decisions.

9. Complaints

If you have concerns about how we handle your data, please contact us directly. You also have the right to lodge a complaint with the UK’s Information Commissioner’s Office (ICO):
🔗 https://ico.org.uk/