Privacy policy

Last updated: 21 April 2026

Pourmetrics SpotCheck ("we", "us") is a stock spot-check and variance reporting tool for hospitality venues. This policy explains what personal data we collect when you use Pourmetrics SpotCheck, what we do with it, and the rights you have over it. We operate under Irish and EU law, including GDPR.

Who we are

Pourmetrics SpotCheck is operated from Ireland. For any privacy questions, contact info@pourmetrics.ie.

What we collect

• Account data — your name, email address, and authentication credentials, managed by our identity provider Clerk.
• Venue + operational data — your business name, venue name, locations, product catalog entries, spot-check readings, POS imports, and variance reports. You or your staff enter this data in normal use of the product.
• Team membership data — email addresses of staff you invite, the roles assigned to them, and which venues they can access.
• Billing data — handled by our payment processor Stripe. We receive a subscription status and last-four card digits; we do not store your full card number.
• Usage data — basic server logs (IP address, timestamps, pages accessed) for security and debugging. Retained for 30 days.

What we do with it

• Provide the product to you and your team.
• Send operational email — password resets, invitation links, billing receipts, important service notices. We do not send marketing email without your opt-in.
• Improve the product — aggregated, anonymised usage analytics only. We do not sell or share your venue data with third parties.
• Meet legal obligations (tax, response to lawful requests, etc.).

Who we share it with

We share personal data only with sub-processors that help us run the service:

• Clerk — authentication and session management.
• Stripe — subscription billing.
• Cloud hosting providers (currently in EU regions) for the database and application servers.

Each sub-processor is bound by a data processing agreement and can only use your data to provide the service to us. We do not sell personal data to anyone.

Where it's stored

Venue and account data is stored in EU data centres. Some sub-processor services (e.g. Clerk) may process data in the United States under appropriate data-transfer safeguards (Standard Contractual Clauses).

How long we keep it

• Account + venue data: for the lifetime of your subscription plus 90 days.
• Billing records: 7 years (statutory requirement).
• Server logs: 30 days.
• Backups: encrypted, retained 30 days, then destroyed.

Your rights

Under GDPR you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Request deletion of your personal data (subject to statutory retention periods above).
• Export your venue data in a machine-readable format.
• Object to processing or restrict how we use your data.
• Lodge a complaint with the Irish Data Protection Commission.

Email info@pourmetrics.ie to exercise any of these rights. We'll respond within 30 days.

Changes

If we materially change this policy, we'll email account owners at least 14 days before the change takes effect. Non-material updates (typos, contact detail changes) happen without notice.

This is a draft policy. We recommend you have it reviewed by legal counsel before relying on it for a commercial relationship.