BetaCaterBid is in early access — you may hit rough edges. Quotes, payments, and bookings are live and real. Spot something off? Contact support

Privacy Policy

What we collect, how we use it, what we never share.

Last updated May 29, 2026

This policy is provided as a reasonable starting template. It is not legal advice. Consult a licensed attorney before relying on it for your business.

What we collect

From Customers: name, email, phone (optional), event details (city, date, guest count, cuisine preferences, dietary needs, event type), payment info via Stripe (we never see card numbers), and any messages you send through the platform.

From Caterers: business name, contact name, email, phone, business address (city), regional cuisine and dietary capabilities, pricing, capacity, your Stripe Connect account ID, and quote / booking history.

Automatic: IP address, browser type, pages visited, referrer, and (if you opt in) analytics events. We do not use third-party advertising cookies.

Security & anti-abuse:for Caterer accounts that enable two-factor authentication (2FA), we store the 2FA data — the authenticator secret and recovery codes. We may run an anti-abuse challenge (CAPTCHA) when you sign up, log in, or submit a request, which shares limited browser/network signals with our challenge provider.

Agreement records: when you accept our Terms, Privacy Policy, food-safety disclaimer, or a per-order Order Agreement, we record the document version, a timestamp, and your IP address as proof of acceptance.

How we use it

  • To match your catering request with Caterers who can serve it.
  • To process payments and payouts via Stripe.
  • To send transactional emails (lead notifications, booking confirmations, chat alerts).
  • To improve the platform — understand what features people use, where the funnel breaks.
  • To respond to your support requests.
  • To comply with legal obligations.

What we share

We share Customer event details with matched Caterers so they can submit quotes. We share Customer contact information with a Caterer only after the Customer accepts that Caterer's quote — not before.

We share data with these service providers solely to operate the platform:

  • Stripe — deposit and balance payments, holds and releases, refunds, Caterer payouts, and sales-tax calculation.
  • Resend — transactional email delivery.
  • Neon — managed Postgres hosting.
  • Cloudflare — anti-abuse CAPTCHA challenges (when enabled) on sign-up, login, and request submission.
  • Anthropic — AI-assisted clarifying questions during intake (we send only your chatbot answers, never your contact details).

We do not sell your data. We do not share it with advertisers or data brokers.

Email notifications

Every transactional email includes an unsubscribe link. Clicking it (or visiting /unsubscribe) stops all notifications to that recipient. We will still send essential booking-confirmation emails since they contain receipts.

Cookies and tracking

We use a session cookie to keep you logged in (Caterer accounts only). We do not use third-party advertising cookies. If we add privacy-respecting analytics (Plausible), it will be cookie-free.

Data retention

We retain account data while your account is active. We retain booking records (for accounting, tax, and dispute resolution) for 7 years. Chat messages are retained for the duration of the booking plus 12 months. Deleted accounts have personal data purged within 30 days, except records we must retain for legal compliance.

Your rights

Depending on where you live, you may have the right to access, correct, or delete the personal data we hold about you, and to object to certain processing. To exercise any of these rights, send us a privacy request through our contact form.

Children

CaterBid is intended for users 18 and older. We do not knowingly collect data from children under 13. If you believe a child has provided us data, please contact us.

Security

We use industry-standard practices to protect your data — TLS in transit, encryption at rest, scoped database access, and rotation of credentials. Caterer accounts can enable two-factor authentication for extra protection; when they do, we store the authenticator secret and recovery codes solely to operate that protection. No system is perfectly secure; we'll notify affected users without undue delay if we learn of a breach involving personal data.

Changes

We'll announce material changes via email and a site banner at least 30 days before they take effect.

Contact

Privacy questions or requests: use our contact form.