Legal

Privacy Policy

Last updated: 30 March 2026

1. Who we are

VenueHarbour is operated by VenueHarbour Ltd ("we", "us", "our"). We provide an all-in-one hospitality management platform for restaurants, bars, beach clubs, and multi-venue groups. Our platform is hosted on Microsoft Azure West Europe (Netherlands).

If you have any questions about this policy, contact us at hello@venueharbour.com.

2. What data we collect

We collect and process the following categories of personal data:

  • Contact information — name, email address, and (where provided) phone number, collected when you request a demo, contact us, or create an account.
  • Account and usage data — login credentials, configuration settings, activity logs, and usage patterns generated when using the platform.
  • Guest data — personal data about your venue's guests (names, email addresses, dietary preferences, booking history) that you upload or generate through the platform. You are the data controller for this data; we act as data processor.
  • Payment information — billing name and address. We do not store card numbers or payment instrument details — all payment processing is handled by Stripe, Inc.
  • Technical data — IP address, browser type, device information, and cookies. See our Cookie Policy for details.

3. How we use your data

We use your personal data to:

  • Provide, operate, and improve the VenueHarbour platform
  • Process and respond to demo requests and support enquiries
  • Send service-related communications (account alerts, invoices, security notices)
  • Send marketing communications where you have given consent or where we have a legitimate interest
  • Comply with legal and regulatory obligations

4. Legal basis for processing

We rely on the following legal bases under UK GDPR and EU GDPR:

  • Contract — processing necessary to perform our service agreement with you
  • Legitimate interests — improving our platform, preventing fraud, and direct marketing to existing customers
  • Consent — for marketing emails to prospective customers and for non-essential cookies
  • Legal obligation — where we are required to process data by law

5. Third-party processors

We share data with trusted third-party processors who help us deliver the service:

  • Stripe, Inc. — payment processing (US, EU Standard Contractual Clauses apply)
  • SendGrid (Twilio Inc.) — transactional and marketing email delivery
  • Twilio Inc. — SMS notifications
  • Microsoft Azure — cloud infrastructure (hosted in West Europe, Netherlands)
  • Pusher Ltd. — real-time event delivery for floor plan and availability updates

All processors are bound by data processing agreements. Personal data is not sold to third parties.

6. International transfers

All primary data storage occurs within the European Economic Area (Azure West Europe, Netherlands). Where data is transferred outside the EEA (e.g. to Stripe or Twilio), we rely on Standard Contractual Clauses approved by the European Commission.

7. Data retention

We retain your personal data for as long as your account is active. Following account closure, we retain data for up to 24 months for legal and dispute resolution purposes, after which it is securely deleted. Guest data (for which your venue is controller) can be deleted at any time on request.

8. Your rights

Under UK/EU GDPR you have the right to:

  • Access a copy of your personal data
  • Correct inaccurate or incomplete data
  • Request erasure of your data ("right to be forgotten")
  • Restrict or object to processing
  • Data portability (receive your data in a structured, machine-readable format)
  • Withdraw consent at any time (where processing is consent-based)

To exercise any of these rights, email us at hello@venueharbour.com. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) in the UK or your local data protection authority.

9. Security

We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit (TLS), encryption at rest, access controls, and regular security reviews. No system is completely secure; if you become aware of any security issue please contact us immediately.

10. Changes to this policy

We may update this policy from time to time. We will notify registered users of material changes by email. The "last updated" date at the top of this page indicates when the policy was last revised.

11. Contact

VenueHarbour Ltd
Email: hello@venueharbour.com