chillcheck Beta
Legal

Privacy Policy

How we collect, use, and protect your personal data.

Effective: 27 May 2026 Last updated: 27 May 2026

1. Who we are

ChillCheck is a commercial refrigeration temperature monitoring service operated by Shaylor Consulting ("we", "us", "our"). We are the data controller for personal data collected through this website (chillcheck.online) and our dashboard application (app.chillcheck.online).

We are registered with the Information Commissioner's Office (ICO) as a data controller. Our contact for data matters is hello@chillcheck.online.

2. Data we collect

Account data

When you create an account, we collect your name, email address, and a hashed password. We also record your organisation name and the date the account was created.

Contact data

When you add alert contacts in the dashboard, we store the names, email addresses, and phone numbers you provide. This data is used solely to deliver the alerts you configure.

Billing data

Subscription payments are processed by Stripe. We do not store your card number, expiry date, or CVV — these are handled entirely by Stripe. We retain billing records (amount, date, last four digits of card, billing address) as required for financial record-keeping.

Operational data

The core data the service generates: temperature readings from your sensors, alert history, audit log entries, cabinet and site names, and timestamps. This is not personal data in most cases, but may include personal data where cabinet or site names contain individual names.

Technical data

We automatically collect IP addresses, browser type, session identifiers, and approximate location (derived from IP address) when you access our services. This data is used for security and service operation.

3. Why we collect it (lawful bases)

Under UK GDPR, we rely on the following lawful bases:

Data Lawful basis Reason
Account data Contract (Art. 6(1)(b)) Necessary to create and manage your account
Contact data Contract (Art. 6(1)(b)) Necessary to deliver the alerts you have configured
Billing data Contract + Legal obligation (Art. 6(1)(b), 6(1)(c)) Payment processing; HMRC financial records requirement
Operational data Contract (Art. 6(1)(b)) This is the core service — temperature monitoring and compliance records
Technical data Legitimate interests (Art. 6(1)(f)) Security, fraud prevention, debugging

4. How we use your data

  • To create and manage your account and organisation
  • To monitor temperatures and generate compliance records
  • To send threshold alerts by email, SMS, and voice call to your nominated contacts
  • To process subscription payments and usage billing via Stripe
  • To respond to support and billing enquiries
  • To detect and prevent security incidents and abuse
  • To comply with legal obligations including HMRC record-keeping requirements

We do not use your data for advertising or behavioural profiling. We do not sell your data to third parties. We do not make automated decisions about you that have legal or similarly significant effects.

5. Who we share your data with

We share your data only with the sub-processors required to operate the service. Each is bound by a data processing agreement with us and processes data only on our instructions:

Provider Purpose Location
Supabase, Inc. Database storage and user authentication United States
Vonage (Ericsson) SMS and voice call delivery United Kingdom / EU
Resend, Inc. Transactional email delivery United States
Stripe, Inc. Payment processing United States
Vercel, Inc. Dashboard application hosting United States (with EU edge)

We may also disclose data where required by law, court order, or a regulatory authority.

6. International transfers

Some sub-processors operate outside the United Kingdom. Where personal data is transferred internationally, we rely on Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner, or the UK International Data Transfer Agreement (IDTA), to ensure an equivalent level of protection to that provided by UK GDPR.

7. How long we keep your data

  • Account and operational data: retained for the duration of your subscription. After cancellation, your data is held for 90 days to allow export, then permanently deleted.
  • Billing records: retained for 7 years from the date of the transaction, as required by HMRC.
  • Temperature and audit log records: retained for 3 years from creation, in line with food safety record-keeping guidance. This is a minimum — you may export your records at any time.
  • Inactive accounts: if your account is not subscribed and has had no activity for 90 days, we may delete it and all associated data.

8. Your rights under UK GDPR

You have the following rights in relation to your personal data:

  • Access: request a copy of the personal data we hold about you
  • Rectification: ask us to correct inaccurate or incomplete data
  • Erasure: ask us to delete your data where we no longer have a lawful basis to retain it
  • Restriction: ask us to pause processing while a dispute is resolved
  • Portability: receive your personal data in a structured, machine-readable format
  • Object: object to processing based on legitimate interests

To exercise any right, contact us at hello@chillcheck.online. We will acknowledge your request within 3 business days and respond in full within one month.

You also have the right to lodge a complaint with the Information Commissioner's Office at ico.org.uk.

9. Cookies

Marketing website (chillcheck.online): we do not set any cookies. No analytics, no tracking, no third-party scripts.

Dashboard application (app.chillcheck.online): we use a session cookie set by our authentication provider (Supabase) to keep you logged in. This cookie is strictly necessary for the service to function. It contains a session token only — no personal data — and is deleted when your session ends or you sign out. No analytics or advertising cookies are used in the dashboard.

10. Changes to this policy

We will update this policy when our practices change in a meaningful way. For significant changes, we will notify account holders by email at least 14 days before the changes take effect. The "last updated" date at the top of this page reflects the most recent revision.

11. Contact us

For any questions about this policy or your personal data:

Shaylor Consulting
Email: hello@chillcheck.online
Website: shaylor.consulting

See also: Terms of Service · Data Processing Agreement