LEGAL

Privacy Policy

Last updated: 24 April 2026

This Privacy Policy explains how [LEGAL ENTITY NAME] (“PitBoss HQ,” “we,” “us,” or “our”) collects, uses, shares, and protects personal information when you use the PitBoss HQ service (the “Service”), visit pitbosshq.com, or otherwise interact with us.

This Policy works alongside our Terms of Service. Capitalised terms not defined here have the meanings given in the Terms.

1. Who We Are and Our Role

PitBoss HQ is a software-as-a-service platform for event entertainment operators. We process two broad categories of personal information, and our legal role differs for each.

When you (the account holder) sign up and use the Service,we are the “data controller” of your personal information — meaning we decide what information to collect about you and how to use it, within the limits of this Policy and applicable law.

When you enter information about your own customers, staff, suppliers, or other third parties into the Service,you are the data controller of that information and we are the “data processor” — meaning we store and process that information on your behalf, according to your instructions and these Terms. You are responsible for ensuring you have the appropriate legal basis for collecting and using that information.

2. Information We Collect

2.1 Information you provide directly

  • Account information: name, email address, business name, business address, phone number, country, and password (stored as a salted hash).
  • Billing information: we use Stripe to process payments. Stripe collects your payment card details directly — we never see or store full card numbers. We receive limited information from Stripe such as the last four digits of your card, the card brand, billing address, and a customer ID.
  • Service data: the bookings, customer records, products, invoices, staff records, supplier records, and other content you enter into the Service.
  • Communications: when you email us, request support, or fill in a form on our website, we collect the content of those communications and any attachments you send.

2.2 Information we collect automatically

  • Usage data: pages viewed, features used, actions taken in the Service, timestamps, and the IP address you connect from.
  • Device data: browser type, operating system, screen size, and device identifiers.
  • Cookies and similar technologies: see Section 8 below.
  • Log and security data: server logs, error reports, and authentication events.

2.3 Information from third parties

We may receive limited information about you from our payment processor (Stripe) and from our other service providers. This is generally limited to what is needed to operate the Service.

3. How We Use Your Information

We use personal information for the following purposes:

  • To provide, operate, and maintain the Service.
  • To process subscription payments and prevent fraud.
  • To authenticate your account and protect the security of your data.
  • To send transactional and service-related emails (e.g. account confirmations, password resets, billing receipts, security alerts, important Service updates).
  • To respond to support requests and other communications you send us.
  • To improve the Service, including by analysing usage patterns and diagnosing technical issues.
  • To comply with legal obligations, resolve disputes, and enforce our agreements.
  • With your consent, to send marketing communications (which you can unsubscribe from at any time).

We do not sell your personal information. We do not share your personal information with third parties for their own marketing purposes. We do not use your personal information or Service data to train artificial intelligence models.

4. Legal Bases for Processing (UK and EU)

If you are in the United Kingdom or European Union, we rely on the following legal bases under UK GDPR and EU GDPR:

  • Performance of a contract — to provide the Service you have subscribed to.
  • Legitimate interests — to operate, improve, and secure the Service; to communicate with you about the Service; and to protect against fraud and abuse.
  • Consent — for marketing communications and for non-essential cookies. You can withdraw consent at any time.
  • Legal obligation — to comply with applicable laws, court orders, and regulatory requirements.

5. Service Providers and Where Your Data Is Stored

We use the following categories of third-party service providers to operate the Service. Each acts as our processor and is contractually bound to protect your information.

  • Cloud hosting and content delivery providers — to host the Service and deliver pages and assets to your browser.
  • Database hosting providers — to store the data you and your tenants enter into the Service.
  • Stripe, Inc. (United States) — payment processing. Stripe is a separate data controller for payment data. See Stripe’s Privacy Policy at stripe.com/privacy.
  • Email delivery providers — to send transactional emails such as account confirmations, billing receipts, and notifications.
  • Image and content delivery providers — to host and deliver images uploaded to the Service.
  • Email mailbox providers — to receive and respond to your messages to hello@pitbosshq.com.
  • Domain registrars and DNS providers — to operate pitbosshq.com and related domains.

Where data is stored. Our primary infrastructure and service providers are located in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States.

We may add or replace service providers from time to time. Where we do, we will update this Policy to reflect the change.

6. When We Share Information

We share personal information only in the following circumstances:

  • With service providers as described in Section 5, strictly to operate the Service.
  • With your consent or at your direction.
  • To comply with law — for example, in response to a court order, subpoena, or other legal process. Where lawful, we will notify you before disclosing your information in response to such a request.
  • To protect rights, property, or safety — to investigate fraud, abuse, or security incidents, or to protect ourselves, our users, or the public.
  • In a business transfer — if PitBoss HQ is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before any transfer occurs.

We do not sell, rent, or trade personal information.

7. How Long We Keep Information

We retain personal information for as long as needed to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements.

Account and Service data after cancellation: we follow the data-retention schedule set out in Section 5 of our Terms of Service. In summary: 30 days of read-only access, followed by up to 5 months of soft archive, followed by permanent deletion at day 181, unless you request earlier deletion.

Other information. Logs, security data, and similar information are typically retained for up to 12 months. Billing and tax records may be retained for up to 7 years to comply with US, UK, and Australian tax requirements.

8. Cookies and Similar Technologies

We use cookies and similar technologies to operate and secure the Service.

  • Strictly necessary cookies — required to authenticate your session, remember your preferences, and provide core functionality. These cannot be disabled while using the Service.
  • Analytics cookies — if used, help us understand how the Service is used so we can improve it. These are only set with your consent where required by law.

Most browsers allow you to refuse or delete cookies through your browser settings. Note that disabling strictly necessary cookies will prevent the Service from working.

9. Your Rights

Depending on where you live, you may have the following rights in relation to your personal information:

  • Access — request a copy of the personal information we hold about you.
  • Rectification — ask us to correct inaccurate or incomplete information.
  • Erasure (“right to be forgotten”) — ask us to delete your personal information, subject to certain legal exceptions.
  • Restriction — ask us to limit how we use your personal information.
  • Portability — receive your personal information in a structured, machine-readable format.
  • Objection — object to processing based on our legitimate interests, or to processing for direct marketing.
  • Withdraw consent — where we rely on your consent, you can withdraw it at any time.
  • Complain to a regulator — UK residents may complain to the Information Commissioner’s Office (ico.org.uk); EU residents may complain to their local data protection authority.

California residentshave additional rights under the California Consumer Privacy Act (CCPA) and CPRA, including the right to know what personal information we collect about you, the right to delete that information, the right to correct inaccuracies, and the right to opt out of any “sale” or “sharing” of personal information (we do not sell or share personal information for cross-context behavioural advertising).

To exercise any of these rights, email us at hello@pitbosshq.com. We may need to verify your identity before responding. We will respond within the timeframes required by applicable law (generally within 30 days). You will not be discriminated against for exercising your rights.

10. Security

We use commercially reasonable technical and organisational measures to protect personal information, including encrypted connections (HTTPS/TLS), hashed passwords, role-based access controls, and regular backups.

No system is perfectly secure. If we become aware of a personal-data breach that affects you, we will notify you and the relevant regulators within the timeframes required by applicable law.

11. Children’s Privacy

The Service is intended for business use only and is not directed to children. We do not knowingly collect personal information from anyone under the age of 18. If you believe we have collected information from a child, please contact us at hello@pitbosshq.com and we will delete it.

12. Data Processing for Customers (Tenants)

If you are a paying customer of PitBoss HQ (a “tenant”), and you use the Service to process personal information about your own customers, staff, or other third parties, the following terms apply, in addition to anything else in this Policy:

  • You are the data controller; we are the data processor.
  • We process that personal information only on your documented instructions and as necessary to provide the Service.
  • We require all our service providers to maintain confidentiality and appropriate security.
  • We will assist you, where reasonably practicable, in responding to requests from your own customers exercising their rights.
  • On termination, we will delete or return personal information in accordance with our retention schedule (Section 7).

These Terms together constitute a Data Processing Agreement (DPA) sufficient for most small-business use cases. If your business or jurisdiction requires a separate signed DPA, contact us at hello@pitbosshq.com.

13. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email (using the address associated with your account) at least 30 days before the changes take effect, and we will update the “Last updated” date at the top of this page. Continued use of the Service after the effective date constitutes acceptance of the updated Policy.

14. Contact Us

Questions, requests, or concerns about this Privacy Policy or your personal information? Email us at hello@pitbosshq.com. We aim to respond to all enquiries within 5 business days.