Privacy Policy

ScudoSystems is an online booking and business management platform. Our contact details are available at scudosystems.com/contact. We are the data controller for information collected through our platform.

We collect the following categories of information:

• Account information — your name, email address, and business details when you sign up.
• Business data — services, staff, schedules, and bookings you create on the platform.
• Customer data — names, phone numbers, and email addresses of your clients submitted through booking pages.
• Payment information — billing details processed securely via Stripe. We do not store card numbers on our servers.
• Usage data — pages visited, features used, browser type, and IP address collected via standard web analytics.
• Communications — messages you send to our support team.

• Provide, operate, and maintain the ScudoSystems platform.
• Process bookings and payments on behalf of your business.
• Send transactional emails (booking confirmations, reminders, receipts).
• Respond to support requests and account queries.
• Improve and develop new platform features.
• Comply with our legal obligations under UK law.

Under the UK GDPR, we process your personal data on the following legal bases:

• Contract performance — to provide the service you have subscribed to.
• Legitimate interests — to improve our product and prevent fraud.
• Legal obligation — to comply with applicable UK laws and regulations.
• Consent — for marketing communications, where you have opted in.

We do not sell your personal data. We share information only with trusted third-party service providers who process data on our behalf:

• Supabase — database and authentication hosting.
• Stripe — subscription billing and secure payment processing for your ScudoSystems plan.
• Resend — transactional email delivery.
• Vercel — application hosting and edge network.

Each provider is bound by data processing agreements and operates under appropriate safeguards.

We retain your account data for as long as your account is active and for up to 7 years after account closure to comply with UK tax and accounting regulations. Booking and customer data may be retained for up to 3 years. You may request deletion of your data at any time (see Your Rights below).

Under UK GDPR, you have the right to:

• Access — request a copy of the personal data we hold about you.
• Rectification — request correction of inaccurate or incomplete data.
• Erasure — request deletion of your data where there is no compelling reason to continue processing.
• Restriction — request we limit processing of your data in certain circumstances.
• Portability — receive your data in a structured, machine-readable format.
• Objection — object to processing based on legitimate interests.

To exercise any of these rights, contact us at hello@scudosystems.com. We will respond within 30 days.

We use cookies and similar technologies to keep you signed in and understand how the platform is used. See our Cookie Policy for full details.

We implement industry-standard security measures including encryption in transit (TLS), encryption at rest, access controls, and regular security reviews. No method of transmission over the internet is 100% secure; however, we strive to protect your data using commercially acceptable means.

Our service providers may process data outside the UK. Where this occurs, we ensure appropriate safeguards are in place, such as UK adequacy decisions or Standard Contractual Clauses.

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or via a notice on the platform. Continued use of ScudoSystems after changes constitutes acceptance of the revised policy.

For privacy-related queries or to exercise your rights, contact us at:

ScudoSystems
Email: hello@scudosystems.com

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.