1. Who we are

CiCwtch is operated by Nathan Jones trading as CiCwtch, based in Wales, United Kingdom. Privacy contact: [email protected].

2. Who this policy applies to

• Business Users using CiCwtch;
• staff, workers, and contractors invited into a CiCwtch workspace;
• Client’s Clients whose information is stored or processed through CiCwtch; and
• website visitors and support contacts.

3. Data protection roles

• CiCwtch is a controller for account, billing, support, security, compliance, and HMRC reporting data.
• The Business User is the controller for client, staff, booking, service, and operational data they put into the platform.
• CiCwtch is a processor when it handles that data on behalf of the Business User.

Where CiCwtch acts as processor, processing is governed by the Data Processing Addendum.

4. Categories of data we process

• account and contact data such as names, business names, email addresses, telephone numbers, postal addresses, login details, and preferences;
• service and booking data such as client contact details, dog information, care instructions, service records, addresses, access notes, messages, photos, and invoices;
• location and device data such as GPS routes, timestamps, device and browser information, IP addresses, crash data, and audit logs;
• payment and financial data such as transaction metadata, payout identifiers, subscription status, fees, and tax identifiers needed for billing, support, compliance, and HMRC reporting.

CiCwtch does not store full card numbers or full bank credentials on its own systems.

5. Sensitive and high-risk information

Some data used in CiCwtch may be sensitive in practice. This may include animal health information, emergency contact details, home access information, and staff location data. Where special category personal data is processed, an appropriate lawful basis and any extra condition required by law must apply.

6. Why we use personal data

• to create and manage accounts;
• to provide, secure, and improve the platform;
• to run bookings, schedules, and service records;
• to support communication between businesses, staff, and end users;
• to enable GPS and visit verification features;
• to process subscriptions, invoices, and platform fees;
• to provide support and respond to requests;
• to detect fraud, misuse, and harmful or illegal activity;
• to monitor reliability, accessibility, and performance; and
• to comply with legal, tax, and regulatory obligations, including HMRC reporting.

7. Lawful bases under UK GDPR Article 6

• Contract;
• Legal obligation;
• Legitimate interests;
• Consent where required; and
• Vital interests in emergency situations.

8. Data sharing

• Stripe – payments, identity verification, and financial connections;
• hosting and infrastructure providers;
• security and content delivery services;
• communications providers;
• mapping and location services;
• analytics and diagnostics, where enabled;
• Apple and Google for app distribution and billing where relevant; and
• HMRC or other authorities where required by law.

9. International transfers

Where data is processed outside the UK or EEA, we use safeguards required by law, such as adequacy decisions or Standard Contractual Clauses.

10. Data retention periods

Account and workspace data is kept while the account is active and for a reasonable period afterwards. Tax, accounting, and payment records are usually kept for at least 6 years. Security logs may be kept for incident investigation, compliance, and legal defence.

11. Data subject rights

• access;
• correction;
• deletion;
• restriction;
• objection;
• portability; and
• complaint to the ICO or relevant EU supervisory authority.

12. Automated decision-making

CiCwtch may use automated tools to support spam detection, fraud prevention, content risk review, and similar safety or operational functions. These tools support human review and judgement.

13. Children’s data

The platform is not intended for direct use by children. We do not knowingly collect personal data directly from children acting on their own behalf.

14. Emergency Data Sharing and Protection of Vital Interests

We may disclose personal information, including live or historical GPS location data, name, contact details, and account activity, to police, emergency responders, or other relevant authorities without prior consent where we have a good faith belief that such disclosure is strictly necessary to prevent an imminent risk to life or serious physical injury, respond to an active missing person report, or assist law enforcement in the immediate prevention or detection of a serious violent crime.

Legal basis: UK GDPR Article 6(1)(d) and relevant exemptions under the Data Protection Act 2018.

15. Changes

We may update this policy from time to time.

This document should be read alongside:

• Cookie Policy
• Data Processing Addendum
• Data Retention Summary
• HMRC Reporting & Tax Transparency Notice
• AI & Automation Transparency
• Complaints Policy
• Glossary

1. Contracting entity and acceptance

These Terms form a contract between you, as the Business User, and Nathan Jones trading as CiCwtch. By creating an account, purchasing a subscription, downloading the app, or using the platform, you agree to these Terms.

2. Eligibility and business use only

CiCwtch is provided for business use only. You must be at least 18 years old and have legal capacity to enter into a binding agreement.

3. Description of the service

CiCwtch provides software tools for dog walking and related pet care administration.

• CiCwtch is not a marketplace;
• CiCwtch is not an agent;
• CiCwtch is not responsible for services delivered by you to your clients.

4. Account responsibilities

You must keep account details accurate and secure, manage staff access, and tell us promptly if you suspect unauthorised access.

5. Subscription model

Subscriptions may be purchased through Apple App Store, Google Play, or direct card payment where available. App Store subscriptions are billed and renewed under the relevant app store rules. Direct subscriptions renew automatically unless cancelled before the next billing date.

6. Access across platforms

CiCwtch may be accessed through web and mobile applications, subject to subscription status, technical availability, and app store rules.

7. Data ownership

You retain ownership of the data you upload or generate. You grant CiCwtch a licence to host, store, process, transmit, and display that data to operate the service, back it up, support it, prevent abuse, and comply with legal obligations.

8. Payment handling clarification

Payments between you and your clients are processed by Stripe. You enter into a direct contractual relationship with Stripe. CiCwtch does not hold or control client funds and acts only as a technical service provider.

9. Chargebacks

You are responsible for payment disputes, including refund claims and chargebacks, between you and your clients.

10. Acceptable use restrictions

You must comply with the Acceptable Use Policy and must not break the law, misuse data, interfere with security, or facilitate fraud or crime.

11. Suspension, termination, and service changes

We may suspend, restrict, or terminate access if you breach these Terms, fail to pay fees that are due, create legal or security risk, or if we are required to act by law or by a key service provider. We may update, improve, replace, or discontinue parts of the service.

12. No warranty

To the extent permitted by law, CiCwtch is provided on an as available and as is basis.

13. Liability limitation

Nothing in these Terms excludes or limits liability that cannot lawfully be excluded or limited. Subject to that, we are not liable for indirect or consequential loss, loss of profit, loss of business, loss of opportunity, or loss of goodwill. Our total liability is limited to £1,000 or the total subscription fees you paid in the previous 12 months, whichever is greater.

14. Indemnity

You agree to indemnify CiCwtch against claims, losses, liabilities, damages, costs, and expenses arising from your breach of these Terms, misuse of the platform, failure to comply with law, services you provide to your clients, or unlawful use of personal data.

15. Governing law and dispute resolution

These Terms are governed by the laws of England and Wales. If a dispute arises, both sides should first try to resolve it by contacting the other and giving a reasonable opportunity to respond.

16. Changes

We may update these Terms from time to time.

This document should be read alongside:

• Privacy Policy
• Payments & Billing Policy
• Data Processing Addendum
• Acceptable Use Policy
• Service Availability & Support Summary
• Security Overview
• AI & Automation Transparency
• Glossary

1. About these Terms

These Terms apply to you as a client of a dog walking business that uses CiCwtch.

2. Your contract

Your contract is with the dog walking business you engage, not with CiCwtch. The business is responsible for delivering the service and managing the customer relationship.

3. Platform role

CiCwtch provides software tools that allow businesses and their clients to communicate, manage bookings, and handle payments. CiCwtch does not provide dog walking services, does not employ dog walkers, and does not supervise how services are delivered.

4. Payment explanation

Payments for services are processed by Stripe. Payments are made to the business providing the service. CiCwtch does not receive or hold your payment.

5. Refunds and disputes

If you have a problem with a service or payment, you must contact the dog walking business directly. Refunds, cancellations, service complaints, and payment disputes are handled by the business.

6. Acceptable use and account rules

You must not use the platform unlawfully, send abusive or harmful messages, misuse personal data, or attempt to interfere with the platform. If you are given an account, you must keep your login details secure.

7. Limitation of liability and consumer rights acknowledgement

Nothing in these Terms limits your legal rights as a consumer. To the extent permitted by law, CiCwtch is not responsible for services provided by dog walking businesses, disputes between you and a business, or loss resulting from how services are delivered in the real world.

8. Termination rights

Your access may end if your relationship with the business ends, your account is removed by the business, or you breach these Terms.

9. Contact and complaints route

If you have a complaint about the platform itself, contact [email protected]. If your complaint relates to a service, contact the business directly.

This document should be read alongside:

• Privacy Policy
• Cookie Policy
• Acceptable Use Policy
• Complaints Policy
• AI & Automation Transparency
• Glossary

1. What this policy covers

This policy explains how CiCwtch uses cookies and similar technologies on its website and web applications. It should be read alongside the Privacy Policy.

2. Cookie categories

Strictly necessary

These are essential for login, session management, security filtering, fraud prevention, and core functionality.

Functional

These remember choices such as language, display, and interface preferences.

Analytics

These help us understand how the service is used and how it performs.

3. Purpose of each category

• Strictly necessary – service operation and security;
• Functional – improved usability;
• Analytics – performance, accessibility, and service improvement.

4. Third parties

Some cookies or similar technologies may be set by third parties, including Stripe, analytics providers, security providers, and infrastructure or content delivery providers.

5. Cookie duration

Cookies may be session cookies or persistent cookies. Retention varies depending on purpose and provider.

6. Consent mechanism

Where the law requires consent, non-essential cookies will not be used unless you agree. You may be able to accept all cookies, reject non-essential cookies, or manage preferences.

7. How to withdraw consent

You can change your preferences at any time through the cookie settings tool, where available, or through your browser settings.

8. Link to cookie settings tool

Where a cookie preferences tool is available in the product or website footer, you can use it to review and change your cookie choices.

This document should be read alongside:

• Privacy Policy
• Glossary

1. High-level security approach

CiCwtch applies a layered security approach designed to protect confidentiality, integrity, and availability and to reduce the risk of unauthorised access.

2. Encryption in transit and at rest

Encryption in transit is used for data moving between users, systems, and service providers. Encryption at rest is used where supported and appropriate in the hosting environment.

3. Access controls

Access to systems and data is limited to authorised users and personnel. Controls include role-based access, authentication controls, and review and removal of access where no longer required.

4. Hosting environment

CiCwtch is hosted using modern cloud infrastructure and managed services. This overview does not disclose architecture diagrams, exact controls, or tooling specifics.

5. Data isolation

CiCwtch uses multi-tenant separation controls so that customer data is logically segregated between workspaces at a high level.

6. Monitoring & logging

We maintain monitoring and logging processes to detect unusual activity, support investigations, and maintain appropriate audit trails.

7. Incident response commitment

CiCwtch maintains processes to identify, contain, assess, remediate, and recover from security incidents. Personal data breaches are handled in line with the Privacy Policy and Data Processing Addendum.

8. Vulnerability management approach

We take reasonable steps to identify and address vulnerabilities, including review of dependencies, application of security updates, and monitoring of known issues affecting relevant components.

This document should be read alongside:

• Privacy Policy
• Data Processing Addendum
• Sub-Processor List
• Service Availability & Support Summary
• Data Retention Summary
• Glossary

1. Roles

• You are the controller.
• CiCwtch is the processor.

2. Subject matter and duration

This DPA applies to processing carried out on your behalf through the CiCwtch platform for as long as you use the service and until relevant data is returned or deleted, subject to lawful retention obligations.

3. Nature and purpose of processing

Processing may include hosting, storage, organisation, retrieval, display, transmission, backup, support, and security monitoring so that the platform can be provided to you.

4. Types of personal data

• names and contact details;
• addresses and access information;
• service records and booking data;
• animal care information;
• communications and notes;
• location data where enabled;
• device and usage data connected to your workspace.

5. Categories of data subjects

• your clients;
• your staff and contractors;
• other individuals whose data you upload.

6. Processor obligations

• process data only on your documented instructions unless required by law to do otherwise;
• ensure confidentiality obligations apply to relevant personnel;
• implement appropriate security measures;
• assist with data subject requests where required and reasonable;
• assist with breach information where needed.

7. Breach notification

CiCwtch will notify you without undue delay after becoming aware of a personal data breach affecting your controlled data.

8. Sub-processors

CiCwtch may use sub-processors for hosting, infrastructure, payments, communications, and diagnostics. CiCwtch will ensure they are subject to appropriate contractual obligations and will maintain a public Sub-Processor List.

9. International transfers

Where data is transferred outside the UK or EEA, CiCwtch will use appropriate safeguards such as Standard Contractual Clauses, adequacy decisions, or equivalent lawful mechanisms.

10. Data return and deletion

At the end of the service, and subject to law, you may request return or secure deletion of data processed on your behalf.

11. Audit rights

CiCwtch will provide reasonable information needed to demonstrate compliance. Audit rights are limited, controlled, and proportionate and may be satisfied through written responses, summaries, certifications, or third-party reports instead of direct system access.

This document should be read alongside:

• Platform Terms of Service
• Privacy Policy
• Sub-Processor List
• Data Retention Summary
• Security Overview
• Glossary

1. Provider list

2. Changes

We may update this list from time to time.

This document should be read alongside:

• Privacy Policy
• Data Processing Addendum
• Security Overview
• Glossary

1. Subscription billing

Subscriptions may be billed through Apple App Store, Google Play Store, or direct card billing where available. Subscriptions renew automatically unless cancelled. App Store subscriptions are managed under the store’s own rules.

2. Pricing clarity

Pricing is shown before purchase. Prices may be stated inclusive or exclusive of VAT.

3. Taxes

Business Users remain responsible for their own VAT treatment and tax compliance.

4. Failed payments

If a subscription payment fails, we may retry the charge, restrict features, suspend access, or terminate the account if payment is not brought up to date.

5. Refund policy for platform fees

Refunds for subscription fees are handled through Apple or Google for App Store purchases, or in accordance with applicable law and our published refund position for direct payments.

6. Platform does not process or hold end-user payments

CiCwtch is a software provider only. CiCwtch does not act as a bank, payment institution, or e-money provider and does not hold or receive end-user funds.

7. Stripe Connect explanation

Where CiCwtch supports payments between dog owners and dog walking businesses, the payment flow is handled by Stripe. Business Users contract directly with Stripe and Stripe handles KYC, AML, payout handling, and payment execution. CiCwtch acts only as a technical service provider and sends instructions to Stripe via API.

8. Chargeback handling responsibility

Chargebacks, Direct Debit claims, service refunds, and related disputes are the responsibility of the Business User and the payment provider. CiCwtch is not responsible for the underlying dispute or any funds withheld by Stripe.

This document should be read alongside:

• Platform Terms of Service
• Privacy Policy
• HMRC Reporting & Tax Transparency Notice
• End User Terms
• Glossary

1. Target uptime

CiCwtch aims to provide reliable service. Our target availability is 99.9% uptime measured over a monthly period. This is a target, not a guarantee.

2. Planned maintenance windows

We may carry out maintenance to improve or secure the platform. Significant maintenance will usually be scheduled outside peak usage times where practical. Emergency maintenance may occur without notice.

3. Support response expectations

• Critical issues – response within a reasonable timeframe;
• High priority issues – response typically within 1–2 business days;
• General issues – response within a reasonable timeframe.

4. No guarantee clause

The platform is provided on an as available basis. This document does not create a contractual uptime guarantee, service credits, penalty regime, or additional liability beyond the Platform Terms.

This document should be read alongside:

• Platform Terms of Service
• Security Overview
• Complaints Policy
• Glossary

1. Retention principles

• data is kept only for as long as necessary;
• retention is based on legal, operational, and contractual requirements;
• data is deleted or anonymised when no longer needed; and
• longer retention may apply where the law requires it.

2. Typical retention ranges

• Account and profile data – for the duration of the account and a limited period afterwards;
• Service and booking data – while the account is active and afterwards where needed for records, disputes, or legal obligations;
• Communications and support records – for a reasonable period to support service, complaints, and legal defence;
• Financial and tax data – at least 6 years where law requires;
• Technical logs and security data – for as long as necessary for security, monitoring, and compliance.

3. Deletion approach

When data is no longer required, CiCwtch will delete it securely or anonymise it so it can no longer identify individuals. Deletion may occur automatically, following account closure, or following a valid request, subject to legal obligations.

4. Backup retention

Data may remain in secure backups for a limited period after deletion. Backup copies are kept for recovery purposes only and are not used for active processing.

This document should be read alongside:

• Privacy Policy
• Data Processing Addendum
• HMRC Reporting & Tax Transparency Notice
• Glossary

1. Prohibited activities

• unlawful use – conduct that breaches any applicable law or regulation;
• harassment – threatening, abusive, discriminatory, or harmful behaviour;
• misuse of data – including access without permission, unlawful sharing, or use outside legitimate service delivery;
• system abuse – including attempts to gain unauthorised access, interfere with security, introduce malware, or disrupt the platform.

2. Enforcement actions

CiCwtch may take action where this policy is breached. This may include warnings, content review or removal, access restrictions, suspension, account termination, and reporting unlawful conduct to relevant authorities.

3. Suspension and termination triggers

Triggers may include repeated policy breaches, serious misuse of personal data, platform attacks, fraud, harassment, or other conduct creating legal, security, or safety risk.

4. Reporting abuse mechanism

Concerns about misuse or harmful behaviour can be reported to [email protected].

This document should be read alongside:

• Platform Terms of Service
• End User Terms
• Privacy Policy
• Safeguarding & Responsible Use Policy
• AI & Automation Transparency
• Complaints Policy
• Glossary

1. Expectation of lawful and ethical service delivery

Business Users are expected to deliver services lawfully, ethically, and professionally, with proper regard to the welfare of animals, the privacy of households, and the safety of staff and clients.

2. No liability for real-world services

CiCwtch is a software provider only. CiCwtch does not supervise or control service delivery and is not responsible for real-world care, handling, attendance, or other service outcomes.

3. Professional conduct expectations

• respect client property and privacy;
• follow agreed care instructions;
• use access information lawfully and securely;
• maintain appropriate insurance and compliance where required; and
• act honestly and professionally with clients and staff.

4. Reporting concerns mechanism

Concerns about platform misuse, unsafe conduct linked to platform use, or suspected abuse of access information can be reported to [email protected].

This document should be read alongside:

• Acceptable Use Policy
• Platform Terms of Service
• Complaints Policy
• Glossary

1. How to submit a complaint

You can submit a complaint to [email protected]. Please include your name, contact details, a clear description of the issue, and any relevant dates or screenshots.

2. Acknowledgement timeframe

We aim to acknowledge complaints within 2 business days.

3. Resolution timeframe

We aim to provide a substantive response within 10 business days. Where that is not possible, we will keep you informed.

4. Escalation steps

If you are not satisfied with the outcome, you may request a further internal review.

5. External escalation bodies

• ICO – for data protection complaints;
• consumer protection bodies or advice services – for consumer rights concerns.

CiCwtch does not currently participate in formal ADR schemes unless required by law.

This document should be read alongside:

• Privacy Policy
• Platform Terms of Service
• End User Terms
• Glossary

1. WCAG standard targeted

CiCwtch aims to meet WCAG 2.1 Level AA where reasonably achievable.

2. Known limitations

Some areas may not yet be fully accessible. This may include dynamic components, third-party integrations outside our control, or legacy or beta features still being improved.

3. Ongoing improvement commitment

We continue to review and improve accessibility as the platform evolves.

4. Contact method

If you experience an accessibility issue, contact [email protected].

5. Escalation route

If you are not satisfied with our response, you may seek advice from the Equality Advisory and Support Service (EASS) or the relevant body in your jurisdiction.

This document should be read alongside:

• Complaints Policy
• Glossary

1. Where automation is used

CiCwtch may use automated systems and AI features to support message drafting, workflow automation, platform safety checks, and data organisation.

2. Limitations of automation

Automated or AI-generated outputs may be incomplete, inaccurate, or unsuitable for a particular situation.

3. No reliance disclaimer

You must not rely on automation as legal, financial, tax, medical, veterinary, or safeguarding advice. Automation is a support tool only.

4. Human oversight statement

Users remain responsible for reviewing and approving automated outputs before they are sent or relied on. AI features are designed to assist human decision-making, not replace it.

This document should be read alongside:

• Platform Terms of Service
• End User Terms
• Acceptable Use Policy
• Privacy Policy
• Glossary

1. Statement of reporting obligations

CiCwtch may be required to report information to HMRC under UK platform reporting rules derived from OECD model rules. This applies to Business Users.

2. What data may be reported

• name or business name;
• address and contact details;
• tax identifiers such as UTRs or VAT numbers where applicable;
• platform account identifiers;
• income or transaction summaries;
• fees or commissions deducted; and
• other information required by law.

3. When reporting occurs

Reporting is expected to occur on a periodic basis, usually annually, in line with HMRC deadlines. CiCwtch may collect and verify information on an ongoing basis to prepare for reporting.

4. Responsibility of the client for tax compliance

You are responsible for providing accurate information, keeping tax details up to date, maintaining your own records, and complying with your own tax obligations.

5. No tax advice disclaimer

CiCwtch does not provide tax, legal, accounting, or financial advice.

6. MTD integration explanation

CiCwtch may offer tools that support digital record keeping and integration relevant to HMRC’s Making Tax Digital programme. These tools support compliance but do not guarantee compliance and do not replace professional advice.

7. Data sharing with HMRC

CiCwtch may share relevant data directly with HMRC where required by law. This processing is carried out under the legal basis of legal obligation.

This document should be read alongside:

• Privacy Policy
• Payments & Billing Policy
• Platform Terms of Service
• Data Retention Summary
• Glossary

1. Purpose of this glossary

This glossary explains key legal, payment, data protection, and platform terms used in CiCwtch documents. It is written to support plain English understanding. It does not replace the legal documents themselves.

2. Terms

• Business User – a dog walking or related pet care business using CiCwtch.
• Client’s Client – the end user or dog owner who receives services from a Business User.
• Controller – the person or organisation that decides why and how personal data is used.
• Processor – the person or organisation that handles personal data on behalf of a controller.
• Personal data – information that identifies or can identify a living person.
• Lawful basis – the legal reason that allows personal data to be used.
• Sub-processor – a third party used by a processor to help provide a service.
• Standard Contractual Clauses (SCCs) – a recognised contractual safeguard used for some international transfers of personal data.
• HMRC – His Majesty’s Revenue and Customs, the UK tax authority.
• MTD – Making Tax Digital, HMRC’s digital tax record and reporting programme.
• Stripe – the third-party payment provider used for payment processing and connected account services.
• Technical service provider – a service that provides software or technical support without acting as the regulated payment service provider.
• Vital interests – a legal basis used where processing is necessary to protect someone’s life or prevent serious physical harm.
• As available – a service standard meaning the platform is offered without a guarantee of continuous uptime.
• Indemnity – a contractual promise to cover another party’s losses in defined circumstances.
• Indirect loss – a type of loss that does not flow directly and immediately from the event complained of.

This document should be read alongside:

• Privacy Policy
• Platform Terms of Service
• Data Processing Addendum
• Payments & Billing Policy
• HMRC Reporting & Tax Transparency Notice
• End User Terms
• Cookie Policy
• Sub-Processor List
• Acceptable Use Policy
• Security Overview
• Service Availability & Support Summary
• Data Retention Summary
• Safeguarding & Responsible Use Policy
• AI & Automation Transparency
• Complaints Policy