Terms of Service

Last updated: 12 April 2026

1. Introduction

These Terms of Service ("Terms") govern your use of the ClockRota platform ("Service"), operated by Myles Chubb trading as ClockRota ("we", "us", "our").

By creating an account or using the Service, you agree to be bound by these Terms. If you do not agree, do not use the Service.

ClockRota is a business-to-business service. By signing up, you confirm that you are acting on behalf of a business and not as a consumer.

2. The Service

ClockRota provides staff scheduling, clock-in/out tracking, timesheet management, shift swap management, leave management, and related workforce tools for hospitality venues. The Service is provided as a cloud-based software-as-a-service (SaaS) platform accessible via web browser.

3. Account registration

  • You must provide accurate and complete information when creating an account.
  • You are responsible for maintaining the confidentiality of your account credentials.
  • You are responsible for all activity that occurs under your account.
  • You must notify us immediately if you become aware of any unauthorised use of your account.
  • You must be at least 18 years old to create an account.

4. Subscription and billing

4.1 Plans and pricing

ClockRota offers three subscription tiers:

  • Starter — £9/month, up to 5 active staff members
  • Growth — £17/month, up to 15 active staff members
  • Pro — £29/month, unlimited active staff members

All plans include the full feature set. There are no hidden fees or feature-gated upgrades.

4.2 Free trial

New accounts receive a 30-day free trial with full access to all features. Payment details are required at the start of the trial. You will not be charged until the trial ends. You may cancel at any time during the trial without charge.

4.3 Billing

Subscriptions are billed monthly via Stripe. Payments are taken automatically on each billing date. All prices are in British pounds (GBP) and are exclusive of VAT where applicable.

4.4 Failed payments

If a payment fails, your account will be placed in a "past due" state. You will have limited access to the Service until payment is resolved. If payment is not resolved within 14 days, your subscription may be cancelled.

4.5 Cancellation

You may cancel your subscription at any time via the Stripe customer portal (accessible from Settings > Billing in the app). Cancellation takes effect at the end of the current billing period. No refunds are given for partial months.

4.6 Price changes

We may change our pricing with at least 30 days' written notice (by email). Price changes will apply from the next billing period after the notice period.

5. Your data

You retain all ownership and intellectual property rights in the data you enter into the Service ("Your Data"). We do not claim any ownership of Your Data.

You grant us a limited, non-exclusive licence to process Your Data solely for the purpose of providing the Service to you.

You are responsible for the accuracy and legality of Your Data. If you enter personal data about your staff, you are the data controller for that data and must comply with applicable data protection law (see section 12 and Schedule 1).

6. Acceptable use

You agree not to:

  • Use the Service for any unlawful purpose
  • Attempt to gain unauthorised access to the Service or its systems
  • Reverse engineer, decompile, or disassemble the Service
  • Use the Service to store or transmit malicious code
  • Resell, sublicense, or redistribute the Service without our written consent
  • Use the Service in a way that could damage, disable, or impair it
  • Exceed the staff member limit for your plan tier

We reserve the right to suspend or terminate your account if you breach these terms.

7. Intellectual property

All intellectual property rights in the Service (including its design, code, features, branding, and documentation) are owned by us or our licensors. These Terms do not grant you any rights in our intellectual property except the limited licence to use the Service during your subscription.

8. Availability and support

We aim to keep the Service available 24/7 but do not guarantee uninterrupted access. We may perform maintenance, updates, or upgrades that temporarily affect availability. We will endeavour to give reasonable notice of planned downtime.

Support is available by email at hello@clockrota.co.uk. We aim to respond within 2 business days.

9. Limitation of liability

To the maximum extent permitted by law:

  • Our total liability to you for any claims arising from or related to the Service shall not exceed the fees you have paid to us in the 12 months preceding the claim.
  • We shall not be liable for any indirect, incidental, consequential, or special damages, including loss of profits, loss of data, or business interruption.
  • We are not liable for any acts or omissions of third-party service providers (including Stripe, Vercel, and Supabase).

Nothing in these Terms excludes or limits our liability for death or personal injury caused by our negligence, fraud, or any other liability that cannot be excluded by law.

10. Termination

  • You may terminate your account at any time by cancelling your subscription and contacting us to request account deletion.
  • We may terminate your account with 30 days' written notice, or immediately if you breach these Terms.
  • On termination, we will retain Your Data for 90 days to allow you to export it. After 90 days, Your Data will be permanently deleted.
  • Sections 5 (Your Data ownership), 7 (IP), 9 (Liability), and 13 (Governing Law) survive termination.

11. Force majeure

We shall not be liable for any failure or delay in performing our obligations where such failure or delay results from circumstances beyond our reasonable control, including but not limited to natural disasters, internet outages, power failures, government actions, or third-party service failures.

12. Data protection

We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Our full privacy policy is available at clockrota.com/privacy.

Where you enter personal data about your staff into the Service, you are the data controller and we are the data processor. The Data Processing Agreement in Schedule 1 below governs our relationship as processor.

13. Governing law

These Terms are governed by the laws of England and Wales. Any disputes arising from these Terms shall be subject to the exclusive jurisdiction of the courts of England and Wales.

14. Changes to these Terms

We may update these Terms from time to time. If we make material changes, we will notify you by email at least 30 days before the changes take effect. Continued use of the Service after the changes take effect constitutes acceptance of the updated Terms.

15. General

  • Entire agreement — these Terms (including Schedule 1) constitute the entire agreement between you and us regarding the Service.
  • Severability — if any provision of these Terms is found to be unenforceable, the remaining provisions shall continue in full force and effect.
  • No waiver — our failure to enforce any provision of these Terms shall not constitute a waiver of that provision.
  • Assignment — you may not assign your rights or obligations under these Terms without our prior written consent. We may assign our rights and obligations without restriction.
  • Notices — we will send notices to the email address associated with your account. You are responsible for keeping your email address up to date.

16. Contact

For questions about these Terms, contact us at hello@clockrota.co.uk.

Schedule 1 — Data Processing Agreement

This Data Processing Agreement ("DPA") forms part of the Terms of Service between you ("Controller", "Venue Owner") and Myles Chubb trading as ClockRota ("Processor", "we", "us").

1. Definitions

"Staff Data" means the personal data of your staff members that you enter into the Service, including names, email addresses, phone numbers, employment details, shift schedules, clock-in records (including GPS coordinates), leave records, and related data.

"Data Protection Law" means the UK GDPR and the Data Protection Act 2018.

2. Scope and purpose

We process Staff Data solely to provide the ClockRota service to you. The processing includes: storing, retrieving, displaying, calculating, and transmitting Staff Data as necessary to deliver scheduling, clock-in/out, timesheet, shift swap, leave management, and notification features.

3. Your obligations as Controller

  • You must have a lawful basis for processing your staff's personal data.
  • You must inform your staff about how their data is processed, including that it is processed via ClockRota.
  • You must ensure the data you provide to us is accurate and up to date.
  • You are responsible for responding to data subject rights requests from your staff. We will assist you as described below.

4. Our obligations as Processor

  • We process Staff Data only on your documented instructions (i.e., your use of the Service features).
  • We ensure that persons authorised to process Staff Data are subject to confidentiality obligations.
  • We implement appropriate technical and organisational security measures (see section 7).
  • We do not engage sub-processors without your general authorisation (see section 5).
  • We assist you in fulfilling your obligations to respond to data subject rights requests.
  • We assist you in ensuring compliance with your obligations regarding security, breach notification, and data protection impact assessments.
  • On termination of your subscription, we delete or return Staff Data within 90 days (see section 8).
  • We make available to you all information necessary to demonstrate compliance with this DPA.

5. Sub-processors

You provide general authorisation for us to engage the following sub-processors:

Sub-processorPurposeLocation
Supabase Inc.Database hostingEU
Vercel Inc.Application hostingUS
Stripe Inc.Payment processingUS
Resend Inc.Email deliveryUS

We will notify you by email before adding or replacing any sub-processor. If you object, you may terminate your subscription.

6. International transfers

Where Staff Data is transferred outside the UK (e.g., to sub-processors in the US), we ensure appropriate safeguards are in place, including UK International Data Transfer Agreements (IDTAs) or Standard Contractual Clauses (SCCs).

7. Security measures

We implement the following technical and organisational measures:

  • Encryption in transit (TLS/HTTPS)
  • Encryption at rest (database-level encryption via Supabase)
  • Password and PIN hashing using Argon2
  • Role-based access controls within the application
  • Automatic session expiry (30 days)
  • Regular security updates via managed hosting (Vercel)

8. Data deletion

On termination of your subscription, we will retain Staff Data for 90 days to allow you to export it or reactivate your account. After 90 days, all Staff Data will be permanently and irreversibly deleted from our systems and sub-processor systems.

9. Data breach notification

If we become aware of a personal data breach affecting Staff Data, we will notify you without undue delay (and in any event within 72 hours of becoming aware). The notification will include the nature of the breach, the categories and approximate number of data subjects affected, likely consequences, and measures taken or proposed to address the breach.

10. Duration

This DPA remains in effect for the duration of your subscription and for 90 days after termination (the data retention period).