Last updated: 11 June 2026
Katch is operated by Green:House Partners Ltd (“Katch”, “we”), a company registered in England. This policy explains what we collect, why, and what we will never do with it. We’ve written it in plain English on purpose.
Katch connects to the email account you choose, finds your sales conversations, and keeps the facts of each deal — customer name, job, value, stage, dates. We do not store the bodies of your emails. We never sell your data. We never use your data to train AI models. You can disconnect at any time and we delete what we hold.
Account details. Your company name, email address and a password (stored salted and hashed — we cannot read it).
Mailbox connection. When you connect Outlook, Microsoft 365 or Gmail, we receive secure tokens from Microsoft or Google. These are encrypted (AES-256-GCM) before they are stored and are used only to do the work you connected Katch for. We never see or store your email password.
Deal facts derived from email. Katch reads your sales correspondence to work out where each job stands. What we keep is structured: who the customer is, what the job is, its value, its stage, and key dates. Email bodies are processed to extract these facts and are not retained as stored correspondence.
Usage data. Standard technical logs (errors, request metadata) so we can keep the service running.
To run Katch for you: rebuilding your pipeline, drafting follow-ups for your approval, booking visits, and reporting to you. To support you when something needs fixing. To improve the product in aggregate. That’s it — we do not sell or rent your data to anyone, and we do not use your content to advertise to you.
Katch uses large language models to classify deals and draft messages. Content is processed under contracts that prohibit the provider from training models on your data. Your business’s correspondence is never used to train AI.
Katch’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Only the processors needed to run the service: our database and hosting providers (Supabase, Vercel), the email platform you connected (Microsoft or Google), our AI provider for the processing described above, and — if you switch on the WhatsApp line — the messaging provider that delivers it. Each is bound by contract to protect your data.
We keep deal facts while you have an account. Disconnect your mailbox and Katch stops reading immediately; close your account (or email us) and we delete your data within 30 days, save what UK law requires us to keep (e.g. billing records).
Under UK GDPR you can ask for a copy of your data, correct it, delete it, restrict or object to processing, and take it elsewhere. Email us and we’ll act on it: hello@heykatch.com. You can also complain to the ICO (ico.org.uk) — though we’d rather you told us first so we can put it right.
Encryption in transit and at rest, encrypted OAuth tokens, salted password hashing, least-privilege access, and UK GDPR taken seriously. No system is perfect; if a breach ever affects you, we will tell you promptly and plainly.
Katch uses essential cookies only — the ones that keep you signed in. No advertising trackers.
If this policy changes materially we’ll tell you by email. Questions: hello@heykatch.com.