Privacy Policy


This Privacy Policy applies to all the services offered by Information Apps Ltd t/a Criton (hereafter referred to as “The Company”, “us”, “we”), which include, the websites accessible at and (hereafter referred to as “The Websites”), the cloud SAAS app builder platform accessible at  or (hereafter referred to as “The Platform”), and the mobile and web apps which can be built and distributed through The Platform (hereafter referred to as “The Apps”). The Websites, The Platform, and The Apps are referred to collectively as “The Services.

This Privacy Policy is incorporated into and is subject to the Terms of Use. By accessing or using The Services, you agree to this Privacy Policy.

WHO ARE WE?: We are Information Apps Ltd t/a Criton, who provide the above services.  We are the UK’s leading app builder for the hospitality sector. We are currently working from home so please write to us at Exchange Place, 3 Semple Street, Edinburgh, EH3 8BL. 

WHO ARE YOU?: Due to the nature of The Services Criton supplies, we deal with different user segments. To better understand which parts of this Privacy Policy are more relevant to you, see the following definitions below, which will be used subsequently throughout this document.

Operators: You hold an account within The Platform and use it to build The Apps for your App Users. Your Data Controller is Information Apps Ltd t/a Criton.

App Users: You download, access, and use The Apps created and distributed by Operators through The Platform. Your Data Controller is the Operator unless otherwise stated throughout this Privacy Policy.

Website Visitors: You are just browsing around on The Websites to learn more about our offerings, but do not hold an account with us. Your Data Controller is Information Apps Ltd t/a Criton.

INFO WE COLLECT FROM YOU: WHAT AND HOW WE USE IT: We only collect data from you to enable us to provide the right service for you.  For example, if you are signing up for a free trial we will ask you for your full name, email address, the sector you work in, your country of residence and we will ask you to create a password (to enable you to access The Platform).  This information will be stored secured and only used to enable Criton to provide accurate and useful information, tailored to the needs of your business.  You can opt-out of these communications at any time.

What we collect - general: The information we collect from you varies depending on what information/access you require from us.  This information may be collected via the Websites, through our live chat services (on the Websites), at events/conferences or from direct contact to a member of Information Apps staff (via email/telephone).  The information collected may include:

  • Your full name
  • Contact information: Email address and phone number
  • Company information: Company name, company email, company phone number and website
  • Country of residence
  • The sector you work within (e.g. hotel, vacation rental, visitor attraction, serviced office)

How we use it: The information enables us to tailor information and communications to ensure it is the most relevant and useful for you.  You can unsubscribe from receiving communications at any time.  You may also request for your information to be deleted by us at any time (please note that if you use The Platform or you have a contract with us then this will impact on the services you will received/have contracted).  The information collected enables us to:

  • Respond to your enquiries (via live chat, email or phone)
  • Provide tailored marketing/education material via the website or via email
  • Provide contracted services to you for use of The Platform and access to The Apps

What we collect: - Operators You need to register an account in order to use The Platform. As part of the registration process, we will collect some personal data such as email address, name, password, phone number, and company name, as well as some additional information to give us more insights about who you are and the nature of your business such as country, sector, default language, timezone, and communication preferences.

How we use it: Personal data related to your account is used in order to be able to provide you with the services available through The Platform. It allows us to run your account, provide customer support, bill you for the services as appropriate, and update you regarding any changes to The Platform (e.g. policy changes, planned downtime/maintenance etc.). We use your profile data to personalise and improve your service experience as well as to personalise any sales or marketing communications with you.


What we collect: If you purchase a product from  Criton we will seek additional information in order to process the transaction per the contract you have agreed to.  If purchasing a product online via The Website you will be bound by the Vacation Rental Terms & Conditions. 

We will seek additional information such as:

  • Card Holders postal address (for payment processing)
  • Bank card information (in order to process the payment)

Your card information will be stored securely  by Stripe on our behalf while you are a contracted customer, we can charge your card as per your wishes but we do not have access to your full card details.. You can cancel your card payments via Stripe at any time, this may impact on the services we provide you, including the removal of your app(s) from publication


  • What we collect - General: We store all the content for The Apps built by the Operator through The Platform on third-party storage services in the cloud. This includes anything you add/upload through The Platform (e.g. images, text content, logos etc.) to appear in The Apps.

How we use it: Any content you upload for The Apps through The Platform immediately becomes part of the public domain, and might be indexed through search engines. As such, it is up to you to make sure that you have explicit permission for any content you upload.  We are responsible for ensuring that the content is stored securely through the third-party cloud storage service. We may sometimes modify the content upon explicit directions from the Operator, as defined in the Terms and Conditions.

  • What we collect - account registration data: In some cases, depending on how The Apps are built by the Operator, the latter may wish to restrict access to some functionalities in the app, and only allow access to those features upon the App User registering an account for The Apps. Through the account registration process, we collect the App Users email address, name, and title (e.g. Miss, Mr).

How we use it: We do not directly use this information and will not contact you through the information collected. This data is controlled by the Operator who can access this via The Platform.  Information Apps Ltd staff have access to this information, however are bound by strict confidentiality contract clauses. We will never contact Operators clients directly without their permission.

  • What we collect - data from form completion: The Platform allows the Operator to create customisable forms which will appear in The Apps, and through which the Operator can collect information from the App User. What data is collected depends on the purpose for which the Operator decides to create the form.

How we use it: We do not make use of this information but allow the forms to be submitted by email through a third-party service. It is up to the Operator to make sure that the data collected through the forms is used in a compliant way.

  • What we collect - usage info, device and browser data: We collect usage information about you whenever you interact with The Services. This includes which web pages you visit, what you click on, when you perform those actions, what language preference you have, and so on. We also collect information from the device and application you use to access The Services. Device data mainly means your IP address, operating system version, device type, system and performance information, and browser type. If you are on a mobile device we may also collect the UUID for that device.

 How we use it: We use that usage information to determine how you use our services in order to improve these services for you and all users. It allows us to improve your service experience through a specific device/browser by optimizing how The Services work in a particular browser, operating system version, or device size.

We provide analytics functionality based on that data at an anonymous level to Operators in order to give them insights about their apps’ usage, so that they can improve the services they provide through their apps. Analytics information available to the Operator may include but is not limited to the most visited features in The Apps, number of app downloads and the number of app visits per operating systems version.

This information may be used to determine the success of our marketing campaigns and to personalise those advertising campaigns.  The information will be hosted within third-party software such as Google Analytics or HubSpot (for marketing purposes).

  •  What we collect - log data: Like most websites, our web servers keep log files that record data each time a device accesses those servers. The log files contain data about the nature of each access, including originating IP addresses, internet service providers, the files viewed (e.g., HTML pages, graphics, etc.), operating system versions, device type and timestamps.

How we use it: We use collected log data mainly for monitoring abuse and helping us troubleshoot product functionality and fix bugs. We may use the data to track behaviour at an anonymous level to better understand trends with respect to our services and help us improve those services. We may use log data to determine the periods during which our services are used the least in order to schedule maintenance windows so as to create minimum disruption to our users.

  • What we collect - Geolocation data: The Apps may collect location data from App Users Your device/browser will ask you explicitly for permission to access your location. Location data collected includes mainly the latitude and longitude.

How we use it: The data is used to provide and personalise location-based functionality within The Apps. For example, The Apps can use your location to provide you with weather information specific to your location, or to help you find directions on a map. The data is also used to provide the Operator with analytics about location where their apps are most downloaded, at an anonymous level.

  •  What we collect - information from third-party integrations: We collect data from third-parties and integration partners if you gave permission to those third parties and partners to share your information with us or where you have made that information publicly available online. These services are not activated automatically, but require explicit authorisation by you.

For example, The Apps may ask some Facebook permissions allowing it to perform actions (Logging in through Facebook) with the App User’s Facebook account and to retrieve information from it. For more information about the following permissions, refer to the Facebook permissions documentation and to the Facebook Privacy Policy. The permissions asked may include but are not limited to the following: id, name, picture, gender, check-ins, likes etc. Certain connections of the User, such as Friends, are also available. If the user has made more of their data public, more information will be available.

The Services may also allow interaction with social networks or other external platforms directly from the pages of The Services. The interaction and information obtained by The Services are always subject to the user’s privacy settings for each social network. If a service enabling interaction with social networks is installed it may still collect traffic data for the pages where the service is installed, even when users do not use it.

  • How we use it: The data collected is used to help us provide aspects of The Services (e.g. Facebook Login, integration with a booking engine within The Platform and The Apps). On your instructions, we share your information or data if you choose to use an integration in conjunction with The Services, to the extent necessary to facilitate that use. We ensure that our partners comply with high levels of confidentiality and best practice in privacy and security standards and we regularly review these standards and practices.

COOKIES: Visitors to our sites will be advised that Cookies are used.  A Cookie is a small text file that doesn’t do anything active on your personal devices.  The primary reason for accepting our Cookies on your device is to optimise the user experience and ensure you have a great experience when using our sites.

It enables us to customise the content you see based on previous use of the sites and your individual interests. 

We are able to monitor visitor use to let us see how users interact with our sites which includes where users come from, how they’re accessing the sites(PC or mobile) etc to enable us to tailor future content and developments to the sites to maximise the user experience.

PAGE TAGS AND WEB BEACONS: If you complete an Action on our sites such as a form submission to download content or sign up for a Free Trial, you will be added to HubSpot, our CRM system.  The data we capture enables us to offer the best user experience by tailoring communications to your preferences and interests.

In order to do this a tracking tag will be added to all emails issued to you via HubSpot.  These tags enable us to analyse how you interact with our communications.  You can opt-out of our email communications at any time.

STORING YOUR DATA SECURELY: We have implemented measures designed to secure your data from accidental loss and from unauthorized access, use, alteration and disclosure. All information you provide to us is stored through third-party cloud storage services in data centers built to meet the requirements of the most security-sensitive organisations. We also employ administrative, physical, and electronic measures designed to protect your data from unauthorised access. Any payment transactions will be encrypted using SSL technology.

However, please be aware that no security measures are perfect or impenetrable. We cannot and do not guarantee that your data will not be accessed, viewed, disclosed, altered, or destroyed by breach of any of our measures put in place. In the event of a breach of security, confidentiality, or integrity of your stored personal data, we will report it to the appropriate supervisory authority in the most expedient time possible (within a maximum of 72 hours), and will implement any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.

The safety and security of your information also depends on you. If you create an account through The Services, you are responsible for protecting the security of your account, its content, and all activities that occur under the account or in connection with The Services. For example, we highly recommend you not to share your password with anyone. You must immediately notify us of any unauthorised uses of your account or any other breaches of security by emailing us at

RETENTION: We are committed to ensuring we provide the best service and experience for our website visitors, users and operators.  As such we will only retain data as long as required.  Please refer to Section 5 for detailed information on the types of data we collect.

We want to reassure you that you can unsubscribe from any communications from Criton at any time.  You can also request that we delete any data held by us on you.  Please note that if you request deletion of your data this may be in breach of a contract (if you retain one with Criton) and this will be advised by us at that time.

 Note: Apps content indexed through search engines, cannot be removed and is not under our control: Our services provide you with different options on sharing and deleting your content but we cannot delete content from search engines so you need to be careful about information you make public.

YOUR RIGHTS AS A CUSTOMER: Your data is owned by you and as such you have the following rights:

  • Right of access
  • Right of rectification
  • Right to be forgotten
  • Right to restriction of processing
  • Right to be informed
  • Right to data portability

LEGAL USE: Your Personal Data may be used for legal purposes by the Data Controller, in Court or in the stages leading to possible legal action arising from improper use of our websites or Apps or the related services. You should be aware that we may be required to reveal personal data upon request of public authorities.

CHANGES TO THE PRIVACY POLICY AND CONTACTING US: It’s important to us that we keep you up to date on how we use, store and review our data processes.  This policy will be regularly updated and should be read in consultation with our wider Website Terms & Conditions.

If you wish to contact the Criton team directly please forward any queries in the first instance to If you wish to invoke one of your rights as a customer please contact your hotel in the first instance.  If you cannot contact the hotel please write to us at our registered address which is Exchange Place, 3 Semple Street, Edinburgh, EH3 8BL.