Privacy Policy
Last updated: 1 January 2025
Milex Systems Ltd (trading as SqDine, Company No. 12168672) ("SqDine", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and your rights regarding that data. It applies to all users of the SqDine website and platform.
If you are in the European Economic Area (EEA) or United Kingdom, SqDine acts as the data controller for personal data processed through the Service.
1. Data We Collect
We collect the following categories of personal data:
| Category | Examples | Source |
|---|---|---|
| Account data | Name, email address, profile photo, password (hashed) | You, directly |
| Authentication | IP address, browser user-agent, session token | Automatically, on login |
| Google OAuth | Name, email, Google profile photo | Google, when you sign in with Google |
| Workspace data | Workspace name, timezone, brand logo, colour preferences | You, directly |
| Guest contact data | Guest names, email addresses, phone numbers, location, notes | You, when you add guests |
| Event data | Event titles, dates, venues, capacity, RSVP status | You, when you create events |
| Attendance data | Check-in time, dietary restrictions, menu selections | You or your guests, at check-in |
| Usage data | Actions taken in the app, page views, feature usage | Automatically, via activity logs |
| Communications | Emails sent via SqDine (invitations, reminders, notifications) | You, when you send communications |
2. How We Use Your Data
We use personal data for the following purposes and legal bases:
- Providing and maintaining the Service — contract performance.
- Authenticating your identity and securing your account — contract performance / legitimate interests.
- Sending transactional emails (password reset, booking confirmations, invitation delivery) — contract performance.
- Sending product updates and marketing emails (where you have opted in) — consent.
- Analysing usage to improve features and fix bugs — legitimate interests.
- Complying with legal obligations — legal obligation.
- Preventing fraud and abuse — legitimate interests.
3. Guest Data Responsibility
When you import or create guest contact records within SqDine, you act as a data controller for that guest data. SqDine processes it on your behalf (as data processor). You are responsible for ensuring you have a lawful basis to hold and process your guests' personal data and for obtaining any required consents before adding their information to SqDine.
4. Third-Party Services
We share data with the following sub-processors to deliver the Service:
| Provider | Purpose | Data Shared | Location |
|---|---|---|---|
| Resend | Transactional email delivery | Recipient email, sender name, email content | USA (SCCs applied) |
| Amazon Web Services (S3) | File storage (profile photos, logos) | Uploaded image files | EU (eu-west-2) |
| OAuth sign-in (optional) | Google profile name & email | USA (SCCs applied) | |
| Supabase / PostgreSQL | Database hosting | All structured data | As configured |
We do not sell your personal data to any third party. We do not use your data for advertising purposes.
5. Cookies & Tracking
We use essential cookies to maintain your session and remember your preferences. We may use analytics cookies with your consent. For full details, see our Cookie Policy.
6. Data Retention
We retain personal data for as long as necessary to provide the Service and comply with legal obligations:
- Account data: retained for the lifetime of your account, then deleted within 90 days of account closure.
- Session data: purged automatically after session expiry (typically 30 days).
- Guest contact data: retained until you delete it or close your account.
- Activity logs: retained for 12 months, then automatically purged.
- Financial records: retained for 7 years as required by applicable accounting law.
7. International Transfers
Some of our sub-processors are located outside the EEA. Where we transfer personal data internationally, we ensure appropriate safeguards are in place — such as Standard Contractual Clauses (SCCs) approved by the European Commission — to protect your data to the same standard as within the EEA.
8. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access — request a copy of the data we hold about you.
- Rectification — ask us to correct inaccurate data.
- Erasure — ask us to delete your data ("right to be forgotten").
- Restriction — ask us to limit how we process your data.
- Portability — receive your data in a structured, machine-readable format.
- Objection — object to processing based on legitimate interests.
- Withdraw consent — where processing is based on consent, withdraw it at any time.
To exercise any of these rights, contact us at privacy@sqdine.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.
9. Children's Privacy
The Service is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
10. Security
We implement industry-standard security measures including encryption in transit (TLS), hashed password storage, access controls, and regular security reviews. However, no method of transmission over the internet is completely secure, and we cannot guarantee absolute security.
11. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes by email or via an in-app notice before they take effect. The "Last updated" date at the top of this page reflects the most recent revision.
12. Contact Us
For privacy-related questions or to exercise your rights, contact our Data Protection contact at privacy@sqdine.com. You may also write to: Milex Systems Ltd (Company No. 12168672), 9, 50a The Viewpoint, Sheep Street, Northampton, England, NN1 2LZ.