Legal
Privacy Policy
Last updated: 25 April 2026
Who we are
Barclo is a trading name of Yellowhite LTD (Company No. 15526944), registered in England and Wales. Our registered address is 71-75 Shelton Street, London, WC2H 9JQ.
We provide cloud-based business management software for pet care professionals. This privacy policy explains how we collect, use, and protect personal data when you use our platform.
Contact us about your data:
Email: [email protected]
Post: Yellowhite LTD, 71-75 Shelton Street, London, WC2H 9JQ
Who this policy covers
This policy applies to:
- Business owners who subscribe to Barclo to manage their pet care business
- Their clients whose data is stored in Barclo by the business owner
- Visitors to our website and booking pages
If you are a client of a pet care business that uses Barclo (for example, you booked a dog walk through their booking page), the business owner is the data controller for your personal data. Barclo is the data processor — we store and process the data on the business owner's behalf, under their instructions. Questions about how a specific business uses your data should be directed to that business.
For Barclo's own subscribers (business owners), we are the data controller.
What data we collect
If you are a business owner (subscriber)
| Data | Why we collect it | Legal basis |
|---|---|---|
| Name, email, phone | Account creation and communication | Contract performance |
| Business name, address, logo | Platform configuration and invoicing | Contract performance |
| Payment card details | Subscription billing via Stripe | Contract performance |
| Bank account details (sort code, account number) | Displayed on your invoices so your clients can pay you | Contract performance |
| VAT number | Displayed on your invoices if you are VAT registered | Contract performance |
| Login credentials (email, hashed password) | Authentication | Contract performance |
| Usage data (pages visited, features used) | Improving the platform | Legitimate interest |
We do not store your card number, CVV, or full card details. All payment processing is handled by Stripe, who are PCI DSS Level 1 certified.
If you are a client of a business using Barclo
The business owner decides what data to collect about you. Typically this includes:
| Data | Why it is collected |
|---|---|
| Name, email, phone | Booking communication |
| Address | Service delivery (e.g., home visits) |
| Pet details (name, breed, size, medical conditions, behaviour notes) | Safe care of your pet |
| Booking history | Service management |
| Payment records | Financial records |
| Emergency contact details | In case of emergency during pet care |
This data is entered by the business owner or by you through their booking page. The business owner controls this data — they decide what to collect, how long to keep it, and when to delete it.
If you visit our website or a booking page
We collect minimal data:
- No cookies are set for tracking or analytics purposes
- No third-party trackers are loaded (Google Analytics, Facebook Pixel, etc.)
- Your IP address is logged in standard web server access logs (retained for 30 days for security purposes)
- Fonts are self-hosted — no data is sent to Google or other font providers
How we use your data
For business owners
- Providing and maintaining your Barclo account
- Processing your subscription payments via Stripe
- Sending transactional emails (booking confirmations, invoices, password resets)
- Providing technical support
- Improving the platform based on usage patterns
We will never sell your data to third parties. We will never send you marketing emails without your explicit consent.
For clients of businesses
We process your data solely on behalf of the business owner, under their instructions. We do not use client data for our own marketing or analytics purposes.
Who we share data with
We share data with the following third-party processors, all of whom are bound by data processing agreements:
| Processor | Purpose | Data shared | Location |
|---|---|---|---|
| Stripe (Stripe Payments Europe Ltd) | Payment processing | Business owner: card details for subscription. Clients: card details for bookings/invoices (when paying by card). | EU (Ireland) + US |
| Brevo (Sendinblue SAS) | Transactional email delivery | Email addresses, names, booking/invoice details included in emails | EU (France) |
We do not share data with advertisers, data brokers, or any other third party.
How long we keep data
Business owner data
- Active account: Data retained for the duration of your subscription
- After cancellation: Account data retained for 60 days (in case you resubscribe), then permanently deleted
- Financial records: Invoice and payment records retained for 6 years (HMRC requirement)
Client data (stored by business owners)
- Retention is managed by the business owner through the platform
- Business owners can delete client data at any time
- When a client requests deletion, the business owner can use the “Erase client” function which permanently deletes personal data while preserving anonymised financial records for HMRC compliance
- Unconverted booking leads are automatically deleted after 12 months
- Expired verification codes and tokens are automatically purged within 24 hours
Website visitor data
- Server access logs: 30 days
- No cookies or tracking data to retain
Your rights (UK GDPR)
You have the right to:
- Access your data — request a copy of all personal data we hold about you
- Correct your data — update inaccurate or incomplete information
- Delete your data — request permanent deletion of your personal data (“right to be forgotten”)
- Export your data — receive your data in a machine-readable format (JSON)
- Object to processing — object to processing based on legitimate interest
- Restrict processing — request that we limit how we use your data
- Withdraw consent — where processing is based on consent, withdraw it at any time
To exercise any of these rights, email [email protected]. We will respond within one calendar month.
If you are a client of a business using Barclo
Your first point of contact should be the business owner (your dog walker, groomer, etc.). They control your data and can action most requests directly through the platform. If you are unable to reach them or are unsatisfied with their response, contact us at [email protected] and we will assist.
Data security
We take the security of your data seriously:
- All data is transmitted over HTTPS (TLS 1.2+)
- Passwords are hashed using bcrypt with a cost factor of 12
- Database access is restricted by Row Level Security — each business can only access their own data
- Payment card data is handled exclusively by Stripe and never touches our servers
- We maintain regular database backups
- We conduct security audits of our codebase
- Access to production systems is restricted to authorised personnel only
International transfers
Your data is stored on servers located in the United Kingdom. Some of our processors (Stripe, Brevo) may process data in the EU or US. Where data is transferred outside the UK, appropriate safeguards are in place (Standard Contractual Clauses or adequacy decisions).
Children
Barclo is a business management platform intended for use by adults. We do not knowingly collect data from anyone under 18. If you believe a child's data has been submitted to us, please contact [email protected].
Changes to this policy
We may update this policy from time to time. We will notify business owners of significant changes via email. The “Last updated” date at the top of this page indicates when the policy was last revised.
Complaints
If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Phone: 0303 123 1113
- Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
We would appreciate the opportunity to address your concerns before you contact the ICO. Please email [email protected] first.