At Setora, we believe your data belongs to you - not us. Here’s exactly how we handle it.
What Data We Collect
When you use Setora, we collect only what’s needed to run your booking system:
- Business information - your shop name, address, contact details, and opening hours
- Customer booking data - names, phone numbers or email addresses, and appointment history
- Payment records - transaction references (we never store card details directly)
What We Don’t Do
- Optional cookies only, with your consent - we use optional cookies on the marketing website (live chat and Google Ads attribution) only with your explicit consent. You can decline these and the site works fully without them. We do not use cookies on your booking pages.
- No selling data - your customer list is yours, full stop
- No profiling - we don’t build advertising profiles from your customers’ data
Your Rights Under GDPR
As a UK-based service, we comply fully with UK GDPR. You and your customers have the right to:
- Access - request a full copy of all data we hold
- Rectification - correct any inaccurate information
- Erasure - request deletion of all your data (“right to be forgotten”)
- Portability - export your data in a standard format so you’re never locked in
- Restriction - ask us to limit how we process your data
- Objection - object to any processing you’re not comfortable with
How to Make a Request
Email us at hello@setora.co.uk with your request. We’ll respond within 30 days, usually much sooner.
Data Retention
- Active accounts - we keep your data for as long as your account is active
- Cancelled accounts - we delete your data within 30 days of cancellation, unless we’re legally required to retain certain records (e.g. financial records for HMRC)
- Customer booking data - managed by you. You can delete individual customer records at any time from your dashboard
Data Portability - No Lock-In
We think vendor lock-in is wrong. You can export your full customer list, booking history, and business data at any time in CSV format. If you ever leave Setora, your data leaves with you.
Sub-Processors
We use a minimal number of third-party services to operate Setora:
| Service | Purpose | Location |
|---|---|---|
| Laravel Cloud | Application backend | EU (London) |
| Vercel | Marketing site & booking platform hosting | EU/UK |
| Stripe | Payment processing | EU/UK |
| Clerk | Authentication | EU/UK |
| Crisp IM S.A.S. | Live chat widget (marketing site) | France/EU |
All sub-processors are GDPR-compliant and process data under appropriate safeguards.
Data Security
We protect your data with encryption in transit (TLS) and at rest, role-based access controls, and regular security reviews. We will never access your account data without your explicit permission.
Changes to This Policy
If we make significant changes, we’ll notify you by email at least 14 days in advance.
Contact
Email: hello@setora.co.uk
Address: Setora Technology Ltd, 61 Bridge Street, Kington, HR5 3DJ, United Kingdom
See also: Privacy Policy · Terms & Conditions