Privacy Policy

Last updated: 5 June 2026

BossOps is operated by Mackintosh Projects. BossOps provides hospitality operations software for invoices, supplier products, recipe costing, menu GP, stock counts, rota, attendance, leave, HR records and staff access.

Controller and processor roles. For account owner, billing, support, website and service administration data, Mackintosh Projects is normally the controller. For staff records, rota, attendance, HR, supplier, recipe, stock and uploaded business files entered by a customer into a workspace, the customer is normally the controller and BossOps acts as processor.

Information we collect

Account data: names, business names, email addresses, user roles, site names and login/session information.
Customer workspace data: staff profiles, job roles, rota, leave, attendance, HR documents, payroll export data, supplier contacts, product costs, recipes, menus, stock counts, orders and review notes.
Uploaded files: invoices, supplier lists, recipe files, spreadsheets, images, CSVs and HR documents selected by users.
Attendance data: clock-in/out times, break times, site, device/PinPad information, manager edits, audit logs and, where enabled by the customer, GPS/photo verification information.
Usage, device and security data needed to operate, protect and improve BossOps.

How we use information

To provide BossOps features, authenticate users, manage permissions and keep tenant data separated.
To process uploaded files, extract draft invoice/recipe/menu information and create review queues.
To calculate product costs, recipe costs, menu GP, stock values, rota hours and attendance exports.
To provide support, troubleshoot issues, send service messages and administer billing.
To protect the service, maintain audit logs and investigate misuse or security incidents.

AI processing

BossOps may use AI services to read invoices, supplier lists, recipes, menus and related documents. AI output is a draft and should be reviewed by a user before being relied on. Where BossOps acts as processor, AI processing is carried out to provide the service requested by the customer. Current subprocessors are listed on the Subprocessors page.

Staff monitoring and attendance

Customers are responsible for telling their staff how BossOps is used for rota, attendance, HR and payroll workflows. If a customer enables GPS or photo verification, this should be explained clearly to staff before use. BossOps does not currently use facial recognition to identify staff.

Sharing

We do not sell customer data. We share data only where needed to provide BossOps, comply with law, process payments, host the service, store files, send service messages, provide AI extraction, support customers or protect the service.

International transfers

Some providers may process data outside the UK. Where needed, we rely on appropriate safeguards such as UK-approved transfer mechanisms, contractual protections and subprocessor terms.

Retention

Workspace data is retained while the customer account is active, unless deletion is requested or a legal, security, billing or audit reason requires retention. Backups and logs are retained for limited operational periods. Customers should set their own retention rules for staff, payroll, HR and attendance records.

Your rights

Depending on context, individuals may have rights to access, correct, delete, restrict or export personal data, or object to certain processing. If your employer uses BossOps, contact them first because they are normally the controller for your staff data. You can also contact us and we will route the request appropriately.

Security

BossOps uses role-based access, account/site separation, HTTPS, secure session cookies, audit logging and restricted administrative access. More detail is available on the Security and Retention page.

Contact

Email: [email protected]