CardRate by SeamlessCompare

Legal

Privacy policy

Last updated: 21 May 2026

This policy explains how Seamless Hospitality Technology Limited (“CardRate”, “we”, “us”) collects and uses your personal data when you use cardrate.co.uk (the “Site”), and your rights under the UK GDPR and the Data Protection Act 2018.

CardRate is the data controller for the personal data described here. We're a company registered in Scotland. If anything below is unclear, contact us at privacy@cardrate.co.uk.

What CardRate is

CardRate is a comparison tool for UK card payment providers, built for hospitality businesses. We rank providers by how well they fit your venue and processing profile. We earn a commission from providers when a merchant signs up through us — this is disclosed throughout the Site and never influences the ranking. See our methodology and terms.

Personal data we collect

We collect the following, depending on how you use the Site:

  • Comparison details — the venue type, approximate monthly card volume, current card provider, and features you select in the comparison wizard. This is business information, but we associate it with you once you give us your email.
  • Contact details — your email address (when you ask us to email your results or submit an enquiry), and for providers we onboard directly, your name, business name and phone number.
  • Usage data — pages visited, referring website, approximate location (from your IP), device and browser type, and the events you trigger on the Site (e.g. completing a comparison, clicking through to a provider).
  • Session recordings — we use PostHog to record anonymised playback of site sessions for product improvement. Form inputs (such as your email) are masked in these recordings.

How we use it and our legal basis

  • To run the comparison and show your results — necessary to provide the service you requested.
  • To email your results and respond to enquiries — your consent, given when you submit your email, or our legitimate interest in following up an enquiry.
  • To submit your details to a provider you've chosen— necessary to take steps you've asked for before entering an arrangement with that provider.
  • To send relevant follow-up about card payments and hospitality — your consent, which you can withdraw any time via the unsubscribe link in any email.
  • To understand and improve the Site (analytics, session replay) — your consent for non-essential cookies and tracking, and otherwise our legitimate interest in operating and improving the service.

Who we share it with

We use the following processors and partners. We don't sell your data.

  • Card payment providers — when you choose to sign up with or be introduced to a provider (e.g. Teya, Dojo, SumUp, Zettle), we share the details needed to set up your account. From that point the provider is an independent data controller of your information under its own privacy policy.
  • ActiveCampaign — our CRM and email platform, which stores your contact record and the comparison details associated with it.
  • PostHog — product analytics and session replay (EU-hosted).
  • Google Analytics and Meta (Facebook) Pixel — website analytics and advertising measurement, loaded subject to your consent.
  • Storyblok (content) and Vercel (hosting) — the infrastructure that runs the Site.

International transfers

Some of our processors are based outside the UK (for example in the US or EU). Where personal data is transferred outside the UK, we rely on appropriate safeguards such as the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or an adequacy decision.

How long we keep it

We keep your contact record and comparison history for as long as you remain an active contact and for up to 24 months after your last interaction, after which we delete or anonymise it — unless we need to keep it longer to meet a legal obligation or resolve a dispute. Analytics data is retained according to each platform's standard retention (typically 12–14 months for identifiable event data).

Your rights

Under UK data protection law you have the right to:

  • access the personal data we hold about you;
  • have inaccurate data corrected;
  • have your data erased (the “right to be forgotten”);
  • restrict or object to our processing;
  • data portability;
  • withdraw consent at any time, where we rely on consent.

To exercise any of these, email privacy@cardrate.co.uk. You can also complain to the Information Commissioner's Office (ICO) at ico.org.uk, though we'd appreciate the chance to resolve things first.

Cookies and tracking

We use cookies and similar technologies for essential site function, analytics, session replay and advertising. Non-essential cookies load only with your consent. See our cookie policy for the full list and how to manage your preferences.

Security

We take reasonable technical and organisational measures to protect your data, including encryption in transit and access controls on the systems that hold it. No method of transmission or storage is completely secure, but we work to protect your information and to notify you and the ICO of any breach where required.

Changes to this policy

We may update this policy from time to time. The “last updated” date at the top shows when. Material changes will be highlighted on the Site or notified to you where appropriate.

Contact

Seamless Hospitality Technology Limited (trading as CardRate)
privacy@cardrate.co.uk

This policy is provided in good faith and reflects how the Site operates. It is not legal advice.