Privacy Policy

Last updated: 26 March 2026 · Updated 4 May 2026

Section 1 — Introduction

This Privacy Policy explains how Seven Seas Network LTD ("we", "us", "our") collects, uses, stores, and protects personal data when you use the TipPot platform ("Platform"). We are committed to protecting your privacy and handling your personal data responsibly, in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Section 2 — Who We Are

Seven Seas Network LTD is registered in England and Wales. Contact: tippot.support@gmail.com. For data protection matters, you can reach us at the same address. We are registered with the Information Commissioner's Office (ICO) as a data controller under reference ICO:00013968123.

Section 3 — Our Role in Relation to Your Data

For staff and operational data entered by a Venue: the Venue is the Data Controller — they decide how and why your data is used. Seven Seas Network LTD is the Data Processor — we process data on their behalf. For account data and platform operational data: Seven Seas Network LTD is the Data Controller. For questions about how your Venue uses your data, contact your employer or venue manager directly. For questions about your TipPot account, contact us at tippot.support@gmail.com.

Section 4 — What Data We Collect

Account Information: name and email address, role (Admin, Manager, or Staff), password (stored in encrypted form — we cannot access your password).

Operational Data: shift records and dates, hours worked, tip amounts and individual allocations, bonus pot progress and outcomes, tronc period records and payout history.

Technical Data: session tokens and login timestamps, device type and browser information, actions taken within the Platform (audit logs).

We do not collect payment card details or process financial transactions.

Section 5 — How We Use Your Data

We use personal data to: create and manage your account, calculate and record tip distributions on behalf of your Venue, provide shift management and operational tools to your Venue, generate performance insights and analytics, maintain the security and integrity of the Platform, respond to support requests, and comply with legal obligations.

We do not sell your personal data. We do not use your data for advertising purposes.

Section 6 — Legal Basis for Processing

For staff data processed on behalf of a Venue: the Venue's lawful basis as Data Controller applies. For account and platform operations where we are the Data Controller: contract performance (processing is necessary to provide the TipPot service to you), legitimate interests (maintaining audit trails, platform security, and service improvement), legal obligation (retaining financial records as required by HMRC).

Section 7 — Data Sharing

We do not sell or share personal data with third parties for commercial purposes. We may share data with hosting and infrastructure providers necessary to operate the Platform (currently Replit, Inc.). These providers are contractually required to handle data securely and only for the purposes we specify, under a Data Processing Agreement. We may also share with law enforcement or regulatory bodies where required by law. We do not share your data with advertisers, data brokers, or marketing platforms.

Section 8 — Data Retention

Personal account data is retained for as long as your account is active. Following an account deletion or erasure request: personal data (name, email, login credentials) is anonymised within 30 days. Financial records — including tip payout amounts and tronc allocations — are retained for a minimum of 3 years as required by HMRC for payroll record keeping. Names are removed from these records upon an erasure request. Audit logs are retained for security and compliance purposes.

Section 9 — Your Rights Under UK GDPR

You have the following rights:

• Right of Access — you can request a copy of all personal data we hold about you.
• Right to Rectification — you can request correction of inaccurate data.
• Right to Erasure — you can request deletion of your personal data, subject to legal retention requirements.
• Right to Restriction — you can ask us to restrict processing in certain circumstances.
• Right to Portability — you can request your data in a structured, machine-readable format.
• Right to Object — you can object to certain types of processing based on legitimate interests.

To exercise any of these rights, contact us at tippot.support@gmail.com. We will respond within 30 days.

Section 10 — Data Security

We implement appropriate technical and organisational measures to protect personal data, including: encrypted password storage, session-based authentication with automatic expiry, role-based access controls (staff cannot see other staff members' data), audit logging of sensitive actions, and secure HTTPS connections. No system is completely immune to risk. In the event of a data breach that is likely to result in risk to your rights and freedoms, we will notify you and the ICO within 72 hours of becoming aware.

Section 11 — Cookies and Tracking

The Platform uses session cookies necessary for login and security purposes. We do not use advertising cookies or third-party tracking.

Section 12 — International Data Transfers

TipPot is hosted on Replit, Inc., a US-based infrastructure provider. Your data may be processed in the United States. This transfer is covered by Standard Contractual Clauses in accordance with UK GDPR Article 46, as set out in Replit's Data Processing Agreement (available at replit.com/dpa). Replit is contractually prohibited from selling your data and must maintain appropriate security standards.

Section 13 — Automated Decision-Making

The Platform generates analytics and insights based on data entered by your Venue. These are informational only and do not constitute automated decision-making that produces legal or similarly significant effects on individuals.

Section 14 — Minors

We do not knowingly collect personal data directly from individuals under 18 other than through a Venue relationship. Staff Members under 18 are the responsibility of their employing Venue, which must ensure it has a lawful basis for processing their data and has obtained any necessary parental consent.

Section 15 — Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or applicable law. Where changes are significant, we will notify users via the Platform or by email.

Section 16 — Complaints

If you believe we have mishandled your personal data, please contact us first at tippot.support@gmail.com. We will investigate and respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):

• Website: ico.org.uk
• Phone: 0303 123 1113
• Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Section 17 — Contact Details

Seven Seas Network LTD. Email: tippot.support@gmail.com. Effective Date: 26 March 2026 · Last Updated: 4 May 2026.