Privacy Policy

We take your privacy seriously. This policy explains what information we collect, how we use it, and your rights regarding that information.

Talachero LLC, operator of Catertoo - May 2026

Information We Collect

We collect information you provide directly - such as your name, email address, business details, and billing information when you register or update your account. We also collect information generated through your use of the service, including client records, event data, proposals, and payment activity that you enter into the platform.

How We Use Your Information

We use the information we collect to provide, maintain, and improve the platform; to process payments and send transactional emails; to respond to your support requests; to send product and policy updates you have opted into; and to detect and prevent fraud or abuse.

Data Isolation and Security

Each catering business operates in an isolated data environment. Your client records, events, proposals, and financial data are never accessible to other businesses on the platform. All data is encrypted in transit using TLS and at rest at the storage layer. Passwords are hashed and never stored in plain text.

Payment Data

We do not store raw payment card numbers. Payment processing is handled by Stripe, Inc., a PCI DSS Level 1 certified processor. When you connect a Stripe account, you are subject to Stripe's own privacy policy. We receive only the minimal metadata needed to record and display transaction status.

Service Providers and Subprocessors

We rely on a small set of vendors to operate the service. Current subprocessors include: Fly.io (application hosting and managed databases, primary region in California, USA); Stripe, Inc. (payment processing and Connect onboarding); our transactional email provider for account, billing, and notification emails; and Google LLC for analytics and conversion measurement on our public marketing pages only, as described under "Cookies and Analytics." All subprocessors are bound by written agreements requiring confidentiality and a level of data protection consistent with this policy. We will update this section as our infrastructure evolves.

Sharing of Information

We do not sell your personal information. We share data only with the service providers listed above, and only to the extent necessary to operate the platform on your behalf. We may disclose information if required by law or to protect the rights and safety of our users or the public.

Data Retention

We retain your account data for as long as your subscription is active and for up to ninety (90) days following the end of your subscription, after which we will delete or anonymize the data, except where a longer period is required by law (for example, tax or financial records) or necessary to resolve a pending dispute. You may request earlier deletion of your account and associated data at any time by contacting privacy@catertoo.com, subject to those same legal retention requirements.

Your Rights

Depending on your location, you may have the right to access, correct, or delete your personal information; to restrict or object to certain processing; and to data portability. To exercise any of these rights, contact us at privacy@catertoo.com. We will respond within 30 days.

California Privacy Rights

If you are a California resident, the California Consumer Privacy Act (as amended by the California Privacy Rights Act) gives you additional rights. In the past twelve months we have collected the following categories of personal information about California residents: identifiers (such as name, email, and business name), commercial information (such as subscription and billing records), internet or other electronic network activity (such as log and usage data), and inferences drawn from the foregoing to operate and improve the service. We collect this information from you directly, from your use of the service, and from our service providers (such as Stripe). We use it for the purposes described in "How We Use Your Information." We do not sell or share your personal information for cross-context behavioral advertising, and we do not knowingly process the sensitive personal information of California residents beyond what is necessary to provide the service. California residents may request to know, delete, or correct their personal information, and may designate an authorized agent to act on their behalf, by contacting privacy@catertoo.com. We will not discriminate against you for exercising these rights.

European Privacy Rights

If you are located in the European Economic Area, the United Kingdom, or Switzerland, the General Data Protection Regulation (and equivalent UK and Swiss laws) give you additional rights. Talachero LLC, the operator of Catertoo, is the controller of personal information you provide directly to us. We process personal information on the following legal bases: performance of our contract with you, our legitimate interests in operating and improving the service, your consent where required, and compliance with legal obligations. You have the right to access, correct, delete, restrict, port, or object to the processing of your personal information, and the right to lodge a complaint with your local supervisory authority. To exercise these rights, contact privacy@catertoo.com. Personal information may be transferred to and processed in the United States, where data-protection laws may differ from those in your jurisdiction; where required, we rely on Standard Contractual Clauses or other lawful transfer mechanisms.

Children's Privacy

The service is intended for use by businesses and is not directed at children under the age of 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided personal information to us, please contact privacy@catertoo.com and we will delete it.

Security Incidents

We maintain administrative, technical, and physical safeguards designed to protect personal information. In the event of a confirmed personal-data breach that affects you, we will notify you and any required regulatory authority without undue delay and in accordance with applicable law, and we will share the information you need to assess the impact and respond.

Cookies and Analytics

We use session cookies necessary for authentication and application state. We also use Google Analytics (GA4) and Google Ads conversion tracking on our public marketing pages to measure aggregate traffic and advertising performance; IP addresses are anonymized before they reach Google. Inside the authenticated application, GA4 page-view tracking is deliberately disabled, but the Google Ads tag is loaded so we can record a small number of milestone conversion events - specifically account creation and the creation of your first client. We never send your client records, event details, proposals, invoices, or financial data to any third party. You can opt out of Google Analytics in any browser via browser-level tracking controls or Google's opt-out add-on at https://tools.google.com/dlpage/gaoptout.

Changes to This Policy

We may update this privacy policy as the service evolves. We will notify you of material changes by email or in-app notice before they take effect. The date at the top of this page reflects when the policy was last revised.

Contact

Questions, concerns, or requests relating to your privacy? Contact our privacy team at privacy@catertoo.com.