Legal

PRIVACY POLICY

Last updated: 15 April 2026

1. Who we are

Chocka is operated by Useful for Humans Ltd, registered in England and Wales. Our registered address is Unit 82a James Carter Road, Bury St Edmunds, IP28 7DE.

For data-protection purposes we are the controller. You can reach us at hello@chocka.co.uk.

2. What data we collect

When you sign up or use Chocka we may collect:

  • Account information — your name and email address, collected when you create an account.
  • Google Business Profile data — business name, address, categories, opening hours, photos, reviews, review replies, Google Business Profile Insights (views, searches, calls, direction requests), and posts. This data is accessed via the Google Business Profile API using OAuth 2.0 with your explicit consent.
  • Payment information — processed by Stripe. We do not store card numbers; Stripe handles this as a PCI-DSS-compliant processor.
  • Communication data — emails sent via Resend and SMS sent via Twilio, including delivery status and timestamps.
  • Usage data — pages visited, features used, and performance metrics to help us improve the service.

3. How we use your data

We process your data for the following purposes:

  • Managing your Google Business Profile — publishing posts, replying to reviews, and updating profile information on your behalf.
  • Weekly management and automation — reading your profile data to generate performance scores, rankings, and weekly summary reports.
  • Sending notifications — email and SMS alerts about new reviews, performance changes, and account updates.
  • Processing payments — managing your subscription and billing.
  • Improving the service — analysing aggregate usage patterns to develop new features and fix issues.

4. Lawful basis for processing

Under UK GDPR we rely on the following lawful bases:

  • Contract — processing necessary to deliver the Chocka service you have subscribed to (Art. 6(1)(b)).
  • Consent — accessing your Google Business Profile data via OAuth, and sending marketing communications (Art. 6(1)(a)). You can withdraw consent at any time.
  • Legitimate interests — improving our service, preventing fraud, and ensuring security (Art. 6(1)(f)).

5. Third parties we share data with

We share data only where necessary to operate the service. We do not sell your data.

  • Google — to read and write your Business Profile data via their API.
  • Stripe — to process subscription payments securely.
  • Resend — to deliver transactional and notification emails.
  • Twilio — to send SMS notifications.

Each third party processes data under their own privacy policy and in compliance with applicable data-protection law. Where data is transferred outside the UK, appropriate safeguards are in place (such as Standard Contractual Clauses).

6. Data retention

We retain your account data for as long as your subscription is active. If you cancel your account we will delete your personal data within 30 days, unless we are required by law to retain it for longer (for example, financial records kept for HMRC purposes).

Google Business Profile data fetched during your subscription is removed from our systems within 30 days of cancellation. Aggregated, anonymised data used for rankings may be retained indefinitely as it cannot identify you.

7. Your rights under UK GDPR

You have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Erasure — ask us to delete your data (“right to be forgotten”).
  • Restriction — ask us to limit how we process your data.
  • Portability — receive your data in a structured, machine-readable format.
  • Object — object to processing based on legitimate interests.
  • Withdraw consent — where processing is based on consent, withdraw it at any time without affecting the lawfulness of earlier processing.

To exercise any of these rights, email hello@chocka.co.uk. We will respond within one month.

If you are not satisfied with our response you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.

8. Cookies

Chocka uses essential cookies required for the service to function (for example, session authentication). We do not use advertising or tracking cookies. Third-party services embedded in the site may set their own cookies — refer to their respective privacy policies for details.

9. Security

We take appropriate technical and organisational measures to protect your data, including encryption in transit (TLS) and at rest, access controls, and regular security reviews. No system is 100% secure, but we work to protect your information and will notify you and the ICO of any significant breach as required by law.

10. Changes to this policy

We may update this policy from time to time. If we make significant changes we will notify you by email. The “last updated” date at the top of this page indicates when the policy was last revised.

11. Contact

If you have any questions about this privacy policy or how we handle your data, contact us at:

Useful for Humans Ltd

Unit 82a James Carter Road

Bury St Edmunds, IP28 7DE

hello@chocka.co.uk