Privacy Policy
Last updated: 26 April 2026
This Privacy Policy explains how Digital Team Group Limited ("we", "us", "our") collects, uses and protects your personal information when you use the At9 booking management app and the at9.app website (together, the "Service"). We are committed to protecting your privacy and handling your data with care.
By using At9, you agree to the collection and use of information in accordance with this policy.
Quick summary: We collect only the data we need to run your bookings, never sell your personal information, store data securely in the UK and EU, and you can export or delete your data at any time.
1. Who we are
Data Controller: Digital Team Group Limited
Registered address: Elmpark House, 3 Elmpark View,
York, YO31 1DY
Company number: 17078703
Privacy contact:
contact@at9.app
2. The data we collect
Information you provide
- Account information: name, email address, password (stored hashed), business name, business type and country.
- Booking data: customer names, contact details, booking dates and times, room or resource assigned, notes you add to bookings.
- Subscription information: billing name, address, and payment details (handled by our PCI-compliant payment processor — we never see or store your card numbers).
- Communications: any messages you send to our support team.
Information collected automatically
- Device information: device model, operating system version (iOS/Android), unique device identifier, app version.
- Usage data: features you use, in-app navigation, session duration, errors and crash reports.
- Log data: IP address, request timestamps, referring URLs.
What we do not collect
We do not access your contacts, photos, location, microphone or camera unless you explicitly grant permission for a specific feature in the app.
3. How we use your data
We use the information we collect to:
- Provide, operate and maintain the At9 Service.
- Process and manage bookings on your behalf.
- Process subscription payments and renewals.
- Send transactional emails and in-app notifications (booking confirmations, password resets, billing receipts, account updates).
- Improve and develop the Service through usage analytics and crash reports.
- Provide customer support and respond to enquiries.
- Detect, prevent and address fraud, security incidents and abuse.
- Comply with legal obligations.
4. Legal basis for processing (UK and EU users)
Under the UK GDPR and EU GDPR, we process your personal data on the following legal bases:
- Performance of a contract: to deliver the Service you've subscribed to.
- Legitimate interests: to improve the Service, prevent fraud and analyse usage in an aggregated, anonymised form.
- Consent: where we ask for specific consent (for example, optional marketing communications). You can withdraw consent at any time.
- Legal obligation: where required by law (for example, tax records).
5. Sharing your data
We do not sell your personal information. We share data only with:
- Service providers we use to operate the Service — for example cloud hosting, payment processing, email delivery and crash reporting. These providers act as data processors and are bound by data processing agreements.
- Legal authorities where required by law, court order or to protect our rights.
- With your consent, where you specifically authorise sharing with a third party.
6. Storage and security
Your data is stored on secure servers located in the United Kingdom and the European Union. We implement appropriate technical and organisational measures to protect it, including:
- Encryption in transit using TLS.
- Encryption at rest for sensitive data.
- Strict access controls and multi-factor authentication for staff.
- Regular security reviews and dependency monitoring.
- Daily encrypted backups.
7. Data retention
We retain personal data only as long as necessary to provide the Service and to meet our legal obligations:
- Active accounts: data retained for as long as your subscription is active.
- After cancellation: a 30-day window during which you can re-activate or export your data, after which all personal data is deleted within 90 days.
- Backups: retained for up to 12 months and then automatically purged.
- Billing records: retained for up to 7 years to meet UK accounting and tax requirements.
8. Your rights
Under data protection law you have the right to:
- Access the personal data we hold about you.
- Rectify any inaccurate or incomplete data.
- Erase your data ("right to be forgotten").
- Restrict our processing of your data.
- Data portability — receive a copy of your data in a structured, machine-readable format.
- Object to processing based on legitimate interests.
- Withdraw consent at any time where we rely on consent.
To exercise any of these rights, email contact@at9.app. We will respond within 30 days.
You also have the right to lodge a complaint with the UK Information Commissioner's Office at ico.org.uk.
9. Cookies and similar technologies
Our website uses a small number of cookies for essential functionality, anonymised analytics and remembering your preferences. The mobile app uses unique device identifiers for security and crash reporting. We do not use the iOS Identifier for Advertisers (IDFA) or the Google Advertising ID for cross-app tracking.
10. Third-party services
We use the following categories of third-party services. Each has its own privacy policy that you may wish to review:
- Hosting: [e.g. Amazon Web Services, region: London]
- Payment processing: [e.g. Stripe]
- Email delivery: [e.g. Postmark]
- Crash reporting: [e.g. Sentry]
- Analytics: [e.g. Plausible — privacy-friendly, no cookies]
11. Apple App Store privacy disclosures
In accordance with Apple's App Store requirements, the following data categories are collected by At9:
- Contact info (linked to identity): name, email address.
- User content (linked to identity): booking notes and customer records you create.
- Identifiers (linked to identity): user account ID, device ID.
- Usage data (not linked to identity): product interaction.
- Diagnostics (not linked to identity): crash data, performance data.
None of this data is used for tracking purposes as defined by Apple.
12. Google Play Data Safety disclosures
In accordance with Google Play's Data Safety section, At9 discloses the following:
- All data collected is encrypted in transit using TLS.
- You can request that all your data be deleted at any time via the in-app account settings or by emailing us.
- Data is never sold to third parties.
- Data is not used for advertising or marketing purposes by third parties.
13. Children's privacy
At9 is intended for business users aged 18 and over. We do not knowingly collect personal data from children under 18. If we become aware that we have collected such data, we will delete it without delay.
14. International data transfers
Your data is primarily stored within the United Kingdom and the European Economic Area. Where data is transferred outside these regions (for example, to a US-based service provider), we rely on appropriate safeguards including the European Commission's Standard Contractual Clauses and adequacy decisions where applicable.
15. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through an in-app notification at least 30 days before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision.
16. Contact us
For any privacy-related questions, requests or concerns, please contact us:
Email:
contact@at9.app
Post: Digital Team Group Limited, Elmpark House, 3
Elmpark View, York, YO31 1DY