Privacy Notice

Last updated: 23 June 2026

Who we are

Companion Care CRM is operated by Aimee Chada (“we”, “us”, “our”). For the personal data we handle through the Service, we act as the data controller.

Personal data we collect

  • Account data: name, email address, login credentials, profile details.
  • Business data you enter: client records, visit notes, schedules, invoices, expenses, mileage logs, messages, leads, reviews.
  • Support data: messages you send us through the contact form or email.
  • Usage and device data: IP address, browser type, pages visited, actions taken, approximate location, and similar telemetry to keep the Service secure and improve it.
  • Cookies: see “Cookies” below.

Payment card and billing details are collected and processed by Paddle as the Merchant of Record — we do not store full payment card details on our systems.

How we use your data and the legal basis

  • Provide the Service (account creation, hosting your data, delivering features) — performance of our contract with you.
  • Security and fraud prevention — our legitimate interest in keeping the Service safe.
  • Customer support — performance of our contract and our legitimate interest in helping you.
  • Product improvement and analytics — our legitimate interest in improving the Service.
  • Marketing communications — with your consent, where required, and you can opt out at any time.
  • Legal compliance — where we are required to keep records or respond to lawful requests.

Who we share data with

  • Service providers / subprocessors such as our hosting, database, email delivery, and analytics providers, under appropriate data-protection terms.
  • Paddle, our Merchant of Record, for processing payments, managing subscriptions, calculating and remitting taxes, and issuing invoices.
  • Professional advisers (e.g. legal, accounting) where reasonably necessary.
  • Authorities where we are required to disclose information by law.

We do not sell your personal data.

International transfers

Some of our providers may process data outside the UK or European Economic Area. Where this happens, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions to protect your data.

Data retention

We keep personal data only for as long as we need it for the purposes described above, to meet legal or accounting requirements, or to resolve disputes. When data is no longer needed we delete or anonymise it. If you delete your account, we will delete or anonymise your data within a reasonable period, except where we are required to retain it (for example, billing records).

Your rights

Subject to local law, you may have the right to access, correct, delete, restrict, or port your personal data, to object to certain processing, and to withdraw consent at any time. UK and EEA users have the right to complain to their local supervisory authority (in the UK, the Information Commissioner’s Office). We aim to respond to requests within one month.

Security

We use appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls, and regular review of our systems. No system is perfectly secure, so we cannot guarantee absolute security.

Cookies

We use essential cookies needed to run the Service (for example, to keep you signed in) and limited analytics cookies to understand how the Service is used. You can manage cookies through your browser settings.

Contact

For privacy questions or to exercise your rights, please contact us.