Privacy Policy

BrewView Ltd (Company No. 17107854) is the data controller responsible for your personal data. We operate the BrewView platform at brewview.uk — a business analytics service for the hospitality industry.

For privacy matters, contact us at legal@brewview.uk.

This Privacy Policy applies to the following categories of people who interact with BrewView:

• Website Visitors: anyone who visits brewview.uk without signing in.
• Admin Users: individuals designated by an organisation to manage BrewView accounts, invite team members, and configure integrations.
• Staff Users: employees or team members invited by an Admin User to access the BrewView dashboard.
• Integration Contacts: individuals whose data appears within connected third-party platforms (e.g. Xero, Lightspeed) that an organisation has authorised BrewView to sync.

This policy does not apply to data that BrewView processes on behalf of its customers as a data processor — for example, end-customer transaction records within integrated platforms. For such data, the relevant organisation is the data controller.

The information we collect depends on how you interact with BrewView:

Website Visitors

• Technical data: IP address, browser type, device information, pages visited, and referral source.
• Cookies and similar technologies (see Section 10).

Admin Users and Staff Users

• Account data: name, work email address, and role within your organisation.
• Authentication data: login timestamps, session identifiers, and OAuth provider identifiers (Google or Microsoft) if you use social sign-in.
• Usage data: features accessed, pages visited within the dashboard, and interactions with the Service — used to improve the platform.
• Technical data: IP address, browser type, and device information.

Integration Contacts

• Business data: financial records, transaction data, sales figures, and other information imported from platforms your organisation has connected (e.g. Xero, Lightspeed). This data is controlled by your organisation and processed by BrewView on their behalf.

We use the information we collect to:

• Provide, operate, maintain, and improve the Service;
• Authenticate users and manage accounts and access permissions;
• Process and display financial analytics from connected integrations;
• Send service-related communications such as account invitations, security alerts, and important product updates;
• Detect, investigate, and prevent fraud, abuse, and security incidents;
• Comply with applicable legal obligations;
• Produce anonymised, aggregated industry benchmarks and reports (see Section 8).

BrewView processes personal data under the following legal bases:

• Contract: processing necessary to deliver the Service your organisation has subscribed to.
• Legitimate interests: improving the Service, ensuring platform security, and producing aggregated analytics that do not identify individuals or individual businesses. We balance these interests against your rights.
• Legal obligation: where we are required to process data to comply with applicable law.
• Consent: where we rely on your consent (for example, for optional marketing communications). You may withdraw consent at any time without affecting the lawfulness of prior processing.

Where BrewView acts as a data processor on behalf of a customer organisation, the organisation's own legal bases and privacy policies apply to that processing.

We do not sell your personal data or your business's identifiable data. We share data only in the following circumstances:

• Service providers: we engage trusted third-party providers to help operate the platform. These include Supabase (database and authentication), Resend (transactional email), Cloudflare (security and bot protection), and Microsoft Power BI (analytics dashboards). Each provider processes data only on our instructions and under appropriate data processing agreements.
• Integration partners: data is shared with platforms such as Xero and Lightspeed solely to fulfil the sync your organisation has authorised. You may revoke this authorisation at any time through your account settings.
• Legal and regulatory authorities: we may disclose data where required by law, court order, or to protect the rights, property, or safety of BrewView, our users, or others.
• Business transfers: see Section 13.

Some of our service providers operate outside the UK or EEA. Where personal data is transferred internationally, we ensure appropriate safeguards are in place — such as Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office (ICO), or reliance on adequacy decisions where applicable.

You may request details of the specific safeguards in place for any transfer by contacting legal@brewview.uk.

BrewView may produce and commercially distribute anonymised, aggregated industry reports — for example, average revenue trends across the hospitality sector by region or season. These reports are derived from data connected to our platform but are designed so that no individual business can be identified.

Before any such reports are published or distributed, we ensure:

• Data is aggregated across a sufficient number of businesses so that no individual business is identifiable;
• No business name, trading name, or other direct identifier is included;
• The output complies with UK GDPR anonymisation standards.

This processing is carried out under our legitimate interests. If you have concerns about this, please contact legal@brewview.uk.

We will send you service-related communications that are necessary to operate your account — such as account invitations, password resets, and security notices. These cannot be opted out of while your account is active.

Where we send optional communications such as product updates or industry insights, you may opt out at any time by clicking the unsubscribe link in the email or by contacting legal@brewview.uk. Opting out of marketing communications will not affect service-related messages.

We use cookies and similar technologies to operate the Service:

• Essential cookies: required to keep you signed in and maintain your session. The Service cannot function without these.
• Analytics cookies: we may use privacy-respecting analytics tools to understand how the platform is used, with no advertising or cross-site tracking.

You can manage or disable cookies through your browser settings. Disabling essential cookies will prevent you from signing in to the Service.

BrewView implements industry-standard technical and organisational measures to protect your data. These include encrypted data storage, HTTPS for all data in transit, strict access controls, and bot protection via Cloudflare.

Access to personal data within BrewView is limited to personnel who need it to operate or improve the Service, and is subject to confidentiality obligations.

No method of transmission over the internet is 100% secure. While we work hard to protect your data, we cannot guarantee absolute security. If you become aware of any security concern, please notify us promptly at legal@brewview.uk.

We retain personal data for as long as your account is active or as needed to provide the Service. If your organisation's subscription ends, we will retain data for up to 12 months before deletion, unless:

• a longer retention period is required by applicable law; or
• you request earlier deletion (see Section 14).

Anonymised, aggregated data derived from your business data may be retained indefinitely as it no longer constitutes personal data.

If BrewView is involved in a merger, acquisition, reorganisation, or sale of assets, personal data held by us may be transferred to a successor entity as part of that transaction. We will notify you via email or a prominent notice on the Service before your data is transferred and becomes subject to a different privacy policy.

Under UK GDPR, you have the right to:

• Access the personal data we hold about you;
• Rectify inaccurate or incomplete data;
• Erase your data (right to be forgotten), subject to legal obligations;
• Restrict or object to certain processing;
• Data portability — receive your data in a structured, commonly used, machine-readable format;
• Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact legal@brewview.uk. We will respond within 30 days. We may need to verify your identity before processing your request.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of material changes by email or via the Service before the changes take effect. The "Last updated" date at the top of this page indicates when the policy was last revised.

Your continued use of the Service after material changes take effect constitutes acceptance of the updated policy.

For any privacy questions, to exercise your rights, or to raise a concern:

Email: legal@brewview.uk