Privacy Policy
Last updated: March 2026
1. Introduction
This Privacy Policy explains how Kaskr Ltd ("we", "us", "our"), a company registered in England and Wales (Company Number: 17072705), collects, uses, stores, and protects your personal data when you use the Kaskr platform ("Platform", "Service").
We are committed to protecting your privacy and handling your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Data Controller: Kaskr Ltd Contact: privacy@kaskr.com
2. Data We Collect
2.1 Account Information
When you register for an account, we collect:
- Your name and email address
- Business name and contact details
- Password (stored in hashed form only)
2.2 Subscription and Payment Data
When you subscribe to a paid plan, payment processing is handled by Paddle.com Market Limited ("Paddle"), our Merchant of Record. We do not directly collect or store your payment card details. Paddle may collect billing information including your name, email, billing address, and payment method details in accordance with their own privacy policy.
We receive from Paddle: your subscription plan, billing status, and transaction identifiers.
2.3 Platform Usage Data
When you use the Platform, you may input and store data including but not limited to:
- Recipes, batch records, and brewing process data
- Inventory and stock records
- Vessel and equipment information
- Customer and supplier details
- Quality check and compliance records
- Container tracking data
2.4 Technical Data
We automatically collect certain technical information when you access the Platform, including:
- IP address
- Browser type and version
- Device type and operating system
- Pages visited and features used
- Timestamps of access
2.5 Communications
If you contact us by email or through the Platform, we retain the content of those communications along with your contact details.
3. How We Use Your Data
We process your personal data for the following purposes and on the following legal bases:
| Purpose | Legal Basis |
|---|---|
| Providing and operating the Platform | Performance of contract |
| Managing your account and subscription | Performance of contract |
| Processing payments (via Paddle) | Performance of contract |
| Sending transactional emails (confirmations, alerts, notifications) | Performance of contract |
| Responding to your enquiries and providing support | Legitimate interest |
| Improving and developing the Platform | Legitimate interest |
| Ensuring security and preventing fraud | Legitimate interest |
| Complying with legal and regulatory obligations | Legal obligation |
| Sending product updates and feature announcements | Legitimate interest (with opt-out) |
We will never sell your personal data to third parties.
4. Third-Party Services
We share your data with the following third-party service providers, only to the extent necessary to deliver the Service:
| Provider | Purpose | Data Shared |
|---|---|---|
| Paddle (Paddle.com Market Limited) | Payment processing, billing, tax compliance | Name, email, billing details, subscription data |
| Neon (Neon Inc.) | Database hosting | All platform data (encrypted at rest and in transit) |
| Resend (Resend Inc.) | Transactional email delivery | Email address, name, email content |
| Hostinger | Website hosting | Technical/access data |
| Vercel (Vercel Inc.) | Application hosting and deployment | Technical/access data |
Each provider processes data in accordance with their own privacy policy and applicable data protection agreements. Where data is transferred outside the UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.
5. Data Retention
We retain your personal data for the following periods:
- Account data: For the duration of your account, plus 30 days after termination to allow data export.
- Billing and transaction records: For 7 years after the transaction, as required for tax and accounting obligations.
- Technical and access logs: For up to 12 months.
- Support communications: For up to 24 months after the last communication.
After these periods, data is permanently deleted or anonymised.
6. Data Security
We implement appropriate technical and organisational measures to protect your data, including:
- Encryption of data in transit (TLS) and at rest
- Hashed password storage
- Access controls limiting data access to authorised personnel
- Regular security reviews
While we take reasonable steps to protect your data, no method of electronic storage or transmission is completely secure. We cannot guarantee absolute security.
7. Your Rights
Under the UK GDPR, you have the following rights regarding your personal data:
- Right of access — You can request a copy of the personal data we hold about you.
- Right to rectification — You can ask us to correct inaccurate or incomplete data.
- Right to erasure — You can request deletion of your personal data, subject to legal retention requirements.
- Right to restrict processing — You can ask us to limit how we use your data in certain circumstances.
- Right to data portability — You can request your data in a structured, commonly used, machine-readable format.
- Right to object — You can object to processing based on legitimate interest, including direct marketing.
- Right to withdraw consent — Where processing is based on consent, you may withdraw it at any time.
To exercise any of these rights, contact us at privacy@kaskr.com. We will respond to your request within one month, as required by law.
8. Cookies and Similar Technologies
8.1 What Are Cookies
Cookies are small text files stored on your device when you visit a website. We use cookies and similar technologies to operate the Platform and improve your experience.
8.2 Cookies We Use
Strictly Necessary Cookies These are essential for the Platform to function and cannot be switched off. They include session cookies for authentication, security tokens, and preferences you set within the Platform (such as selected brewery or timezone).
Analytics Cookies We may use analytics cookies to understand how the Platform is used, identify performance issues, and improve the Service. These cookies collect aggregated, anonymised data. We do not use third-party advertising or tracking cookies.
8.3 Managing Cookies
You can control cookies through your browser settings. Blocking strictly necessary cookies may affect the functionality of the Platform.
9. International Transfers
Our primary infrastructure is hosted within secure data centres. Where your data is transferred outside the United Kingdom, we ensure that appropriate safeguards are in place, including Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO) or reliance on adequacy decisions.
10. Children
The Platform is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal data, we will take steps to delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Platform. The "Last updated" date at the top of this page indicates when the policy was last revised.
Your continued use of the Platform after changes are published constitutes acceptance of the updated Privacy Policy.
12. Complaints
If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Telephone: 0303 123 1113
We would appreciate the opportunity to address your concerns before you approach the ICO. Please contact us first at privacy@kaskr.com.
13. Contact
For any questions about this Privacy Policy or your personal data, contact us at:
Kaskr Ltd Company Number: 17072705 Email: privacy@kaskr.com