When you make a booking, we collect your name, email address, and phone number. We also store your booking history (venues, times, participants, payment status) so you can review and manage your reservations.
We process this data to fulfill the booking contract between you and the venue you book with. Under GDPR Article 6(1)(b), this is a lawful basis called “performance of a contract” — we need your information to create, confirm, and manage the reservation you requested. We do not use your data for advertising.
Active booking records are kept for the duration of your account. Cancelled bookings are retained for up to 24 months for accounting and dispute resolution. You can request deletion at any time by contacting us.
We use the following service providers to operate Reserve. Each is bound by a data processing agreement and handles data in the EU or under standard contractual clauses:
• Supabase — database, authentication, and email delivery
• Vercel — application hosting and deployment
• Sentry — error monitoring
• Stripe (Stripe Payments Europe Ltd. for EU customers; Stripe Inc. for non-EU) — payment processing for paid bookings. Card data never reaches Reserve servers; it is sent directly to Stripe via the Stripe.js SDK. Stripe Inc. is based in the United States; cross-border transfers are governed by the EU Standard Contractual Clauses incorporated in Stripe's data processing agreement.
We use Vercel Analytics (cookieless, aggregate page view metrics only) and Sentry for error monitoring. Sentry is configured with sendDefaultPii: false and does not capture session replays. Neither service sets tracking cookies in your browser. The only cookies Reserve uses are essential Supabase authentication cookies required to keep you signed in.
Under GDPR you have the right to access your data (Art. 15), request correction or erasure (Art. 16 & 17), and receive a copy of your data in a portable format (Art. 20). To exercise any of these rights, contact us at the address below.
For privacy questions or to exercise your rights, email privacy@reserve.example. We will respond within 30 days as required by GDPR Article 12.