Privacy Policy
Last updated: 8 July 2026
1. Who we are
Caterdock is operated by Food by Jules Comm. V, Invalidenstraat 52, 9041 Ghent (Oostakker), Belgium — company number (KBO) / VAT BE 0738.963.816. Responsible person: Jules Vangroenweghe. Contact: jules@sircatering.be.
2. Controller or processor?
Caterdock is a multi-tenant platform for catering businesses. That means two roles apply:
- —Food by Jules Comm. V is the controller for your account data, waitlist sign-ups, billing data, support communication and technical logs.
- —Your organization is the controller for personal data it enters into its own workspace — such as client, supplier and staff details. For that data, Caterdock acts strictly as a processor: we store and process it only on your organization's instructions to provide the service, and never use it for our own purposes.
3. What data we process
- —Account data: name, email address, business name, language preference.
- —Workspace data: recipes, mise-en-place lists, events, quotes, invoices, order lists, client and supplier records, and documents you upload or scan.
- —Waitlist sign-ups: name, email, optional company and country, language, and a hashed IP address.
- —Technical data: server logs for security and debugging, and hashed IP addresses used for rate-limiting. We do not store raw IP addresses for these purposes.
- —Google Calendar data (optional): only if you connect your calendar. Access tokens are stored encrypted; you can revoke the connection at any time in Settings.
- —Payment data (once paid subscriptions are active): handled by Stripe — we never store full card numbers.
We do not use your data for advertising and we never sell it to third parties.
4. Purposes and legal bases (GDPR art. 6)
- —Performance of a contract: providing and operating the Caterdock service, support, and account management.
- —Legitimate interest: security, abuse prevention (e.g. rate-limiting with hashed IPs), debugging and improving the service.
- —Consent: the optional analytics cookie, and emails to waitlist subscribers about the launch. You can withdraw consent at any time.
- —Legal obligation: bookkeeping and invoicing records once billing is active.
5. Subprocessors
We use a small set of service providers to run Caterdock:
- —Vercel — application hosting and content delivery (US/EU; EU Standard Contractual Clauses and the EU–US Data Privacy Framework apply).
- —Supabase — database, authentication and file storage (EU region).
- —Google — calendar synchronization (only if you connect it) and Google Analytics (only with your cookie consent).
- —Anthropic — AI processing for AI features (menu suggestions, document scanning, the AI assistant). Content is sent for processing only and is not used to train models.
- —Stripe — payment processing, once paid subscriptions are active.
6. Retention
- —Account and workspace data: for as long as your account is active. After account deletion, data is removed within 30 days; residual copies in backups expire within a further 30 days.
- —Waitlist data: until the launch communication is complete, or earlier on request.
- —Technical logs: short rotation periods, only as long as needed for security and debugging.
- —Invoicing records (once billing is active): 7 years, as required by Belgian accounting law.
7. Your rights
Under the GDPR you have the right to:
- —Access the personal data we hold about you
- —Have inaccurate data corrected
- —Have your data erased
- —Receive your data in a portable format (data portability)
- —Object to, or ask us to restrict, certain processing
- —Withdraw consent at any time, where processing is based on consent
To exercise these rights, email jules@sircatering.be. We respond within 30 days. If your organization is the controller (see section 2), we will refer your request to them and assist where needed.
You can also lodge a complaint with the Belgian Data Protection Authority (Gegevensbeschermingsautoriteit), Drukpersstraat 35, 1000 Brussels, gegevensbeschermingsautoriteit.be.
8. Data location and security
- —Database and file storage hosted with Supabase in the EU
- —Encryption in transit (HTTPS/TLS) and at rest
- —Row-level security: every workspace (tenant) is strictly isolated at the database level
- —Hashed IP addresses instead of raw IPs for rate-limiting
- —Google access tokens stored encrypted; connections revocable at any time
10. Google API data
Caterdock uses the Google Calendar API for event synchronization. Use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
11. Changes to this policy
We may update this policy as Caterdock evolves. Material changes will be announced in the app or by email. The date at the top always reflects the latest version.
12. Contact
Questions about privacy? Email jules@sircatering.be.