Important: Caterix is a B2B application — access is granted exclusively by your company administrator. We do not sell, trade, or transfer your personal data to third parties.
1 Who We Are
Caterix is a B2B catering management application operated as a closed-access platform. Access is granted and revoked exclusively by the company administrator — public self-registration is intentionally unavailable.
2 Information We Collect
Account Information
- Email address — used for authentication via Firebase Authentication
- User identifier assigned by the system
- Role and permission level assigned by the administrator
Business Operation Data
- Orders, inventory records, and supplier information you create within the App
- Product and material lists, menus, and cost data
- Document and invoice images uploaded to Firebase Storage (if applicable)
Device & Technical Data
- FCM device token for push notifications
- Crash reports and diagnostic data (Firebase Crashlytics)
- App usage analytics (Firebase Analytics)
- Device model, OS version (collected automatically)
Camera & Media
If you choose to upload product images, we request camera or photo library access only with your explicit permission. Images are stored securely in Firebase Storage and are not used for any purpose other than display within the App.
3 How We Use Your Information
- Authenticate and manage your user account
- Provide and maintain the App's core features (orders, inventory, reporting)
- Send push notifications related to your orders and stock levels
- Provide AI-assisted insights using aggregated, anonymised business data
- Detect and fix crashes and technical issues
- Respond to support requests
- Comply with applicable legal obligations
Your data is never used for advertising, marketing profiling, or sold to any third party.
4 Data Sharing
We do not sell or rent your personal information. Data may be shared only in the following circumstances:
- Google Firebase (Google LLC): Authentication, Firestore database, Cloud Storage, Analytics and Crashlytics — our core infrastructure provider. Google Privacy Policy
- Google Gemini AI: Used only when the AI assistant feature is invoked, and only with anonymised, aggregated stock context — no personal identifiers are shared.
- Legal requirements: If required by applicable law, court order, or governmental authority, we may disclose data to the extent required.
All sub-processors process data under agreements that impose data protection obligations at least equivalent to those in this Policy.
5 Data Security
All data is stored in Google Firebase infrastructure, which holds SOC 2 Type II certification and applies industry-standard security controls.
- All data in transit is encrypted with TLS 1.2+
- Data at rest is encrypted by Firebase
- Firestore Security Rules restrict each user's access to their own organisation's data only
- Passwords are never stored in plain text — Firebase Authentication handles hashing
- Role-based access control is enforced at both the application and database level
6 Data Safety Summary
The following table summarises the data we collect, as reported in the Google Play Data Safety section:
| Data Type | Collected | Shared | Purpose |
|---|---|---|---|
| Email address | Yes | No | Account management |
| User ID | Yes | No | App functionality |
| Photos / images | Optional | No | Product images |
| App activity (analytics) | Yes | No | Crash & diagnostics |
| FCM device token | Yes | No | Push notifications |
| Location | No | No | — |
| Contacts | No | No | — |
| Financial information | No | No | — |
All data is transmitted over encrypted connections (HTTPS). Users can request deletion of their account and associated data at any time.
7 Data Retention
Data is retained as long as your organisation's account remains active. Upon account termination:
- Personal account data is deleted within 30 days of the request
- Business operation records (orders, stock logs) may be archived for up to 2 years to comply with applicable legal requirements
- Backups are purged within 90 days of account deletion
To request account and data deletion, email ardadinc.dev@gmail.com or contact your organisation's Caterix administrator.
8 Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access — request a copy of the personal data we hold about you
- Rectification — request correction of inaccurate or incomplete data
- Erasure — request deletion of your personal data ("right to be forgotten")
- Objection — object to processing of your data
- Portability — receive your data in a structured, machine-readable format
- Restriction — request that we limit processing while a dispute is resolved
To exercise any of these rights, contact us at ardadinc.dev@gmail.com. We will respond within 30 days.
9 Children's Privacy
Caterix is a business-to-business application intended exclusively for professional use. It is not directed at, nor does it knowingly collect personal data from, children under the age of 13 (or the applicable minimum age in your jurisdiction). If we become aware that personal data of a child has been collected without appropriate consent, we will delete it promptly.
10 Changes to This Policy
We may update this Privacy Policy from time to time. We will notify users of material changes through an in-app notice or by email at least 14 days before the changes take effect. The "Last updated" date at the top of this page always reflects the most recent revision.
Continued use of the App after the effective date constitutes acceptance of the updated Policy.
11 Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please reach out:
For Turkish users: also see our Gizlilik Politikası and KVKK Aydınlatma Metni.