Privacy Policy

Last updated: 14 May 2026

1. Who We Are

GetItBooked is operated by Made By Caffeinated Ltd., a company registered in England and Wales. We are the data controller for personal data processed through the platform.

Contact: baristas@madebycaffeinated.co.uk

2. Data We Collect

We collect the following personal data:

  • Account data — name, email address, and password (hashed) when you create an operator account.
  • Booking data — customer name, email address, booking date, party size, and payment status submitted through the booking widget.
  • Payment data — processed by Stripe. We store Stripe identifiers (e.g. payment intent IDs) but never store card numbers.
  • Usage data — basic analytics such as pages visited and feature usage to improve the Service, collected only where analytics consent has been given.

3. How We Use Your Data

We process personal data to:

  • Provide and operate the Service
  • Process bookings and payments
  • Send booking confirmations and operational emails
  • Provide customer support
  • Improve and develop the Service
  • Comply with legal obligations

Our legal bases for processing under UK GDPR are: performance of a contract, legitimate interests, and compliance with legal obligations.

4. Data Sharing

We share personal data only with:

  • Stripe — for payment processing (Stripe Privacy Policy)
  • Resend — for transactional and operational emails, such as booking confirmations, cancellations, and account-related notices (Resend Privacy Policy)
  • Operators — booking customers' data is shared with the operator they booked with, who acts as an independent controller for their own customer relationships.
  • Infrastructure and hosting providers — including Cloudflare, AWS, and Neon, who process data on our behalf under appropriate agreements.
  • PostHog — for consent-based product analytics that help us understand page visits and feature usage (PostHog Privacy Policy)

We do not sell personal data to third parties.

5. Data Retention

We retain account data for as long as your account is active. Booking data is retained for 7 years to comply with financial record-keeping obligations. You may request deletion of your account and associated data at any time, subject to legal retention requirements.

6. Your Rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate data
  • Request erasure of your data
  • Restrict or object to processing
  • Data portability
  • Lodge a complaint with the ICO (ico.org.uk)

To exercise any of these rights, email us at baristas@madebycaffeinated.co.uk.

7. Cookies

We use essential cookies required for authentication and session management. If you accept analytics cookies, we also use PostHog to understand page visits and feature usage. Analytics is off by default until you opt in, session recordings are disabled, and you can decline analytics without affecting your use of the Service.

8. International Transfers

The Service uses trusted infrastructure and service providers rather than a dedicated server managed solely by us. These providers include Cloudflare, AWS, Neon, Stripe, Resend, and PostHog where applicable. Your data may be processed outside the UK where those providers operate. Where this occurs, we ensure appropriate safeguards are in place in accordance with UK data protection law.

9. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or an in-app notice. Continued use of the Service after changes constitutes acceptance.

10. Contact

For privacy-related enquiries, contact us at baristas@madebycaffeinated.co.uk.