Login
Privacy & GDPR

Privacy Policy

Last updated: 2026-06-16

1. Who we are

Rezvy (“Rezvy”, “the platform”, “we”) is an online reservation-management service. For privacy matters, contact us via our contact page.

2. Controller vs. processor (B2B model)

The platform serves two groups of data subjects with different roles under the GDPR:

  • Business accounts (owners and staff who sign up to Rezvy): for this data, Rezvy is the data controller.
  • Businesses' end-customers (people who book, entered by the business or via the public booking pages): for this data, the business is the controller and Rezvy acts as a processor, processing the data only on the business's instructions and these terms. Each business is responsible for having its own legal basis to process its customers' data.

3. What data we process

  • Account data: name, email, password (stored only as a hash), language and role, business details (name, address, phone, category) and settings.
  • Customer data (entered by businesses): name, phone (normalized), email, address and notes, plus the booking history (date/time, service, staff, space/table, status and amount).
  • Payment data: subscription and booking payments are processed by Stripe. Rezvy does not store card data; it keeps only session/subscription identifiers, amount, currency and payment status.
  • Communications: the content and log of emails and SMS sent to customers (confirmations, reminders), and support messages sent via chat/contact.
  • Audit logs: for security and accountability, we record the create/edit/delete operations performed by each business's staff (who, when and what).
  • Technical data: IP address, device/browser type, language and essential cookies; and, with your consent, usage statistics (Google Analytics).

4. Purposes and legal bases

  • Providing the service (booking management, calendar, billing) — performance of a contract.
  • Customer notifications (confirmation/reminder email & SMS) — performance of a contract / the business's legitimate interest in reducing no-shows; consent where required.
  • Payments and billing — performance of a contract and compliance with legal (e.g. accounting/tax) obligations.
  • Security, fraud prevention and auditing — legitimate interest.
  • Analytics and improvement — consent.

5. Processors and data sharing

We use vendors that process data on our behalf, under contract and only for the purposes above:

VendorPurpose
StripeSubscription and booking payments
BrevoTransactional email delivery
sms.to / InfobipSMS delivery
ChatwootSupport chat and contact form
RailwayApplication and database hosting
Google (Analytics, Fonts)Usage statistics and web fonts

We do not sell personal data. Data is shared with third parties only where necessary to provide the service, with your consent, or to comply with a legal obligation.

6. International transfers

Some vendors may process data outside the European Economic Area. Where they do, transfers are safeguarded by appropriate mechanisms (adequacy decisions or the European Commission's Standard Contractual Clauses).

7. Retention

We keep account data while the account is active and for as long as needed to meet legal obligations. Customer and booking data is retained by the responsible business, which can anonymize or delete it at any time. Audit logs are deleted automatically after the configured retention period (365 days by default).

8. Your rights (GDPR)

As a data subject you have the right to access, rectify, erase (“right to be forgotten”), restrict or object to processing, and to request portability of your data. Where processing is based on consent, you can withdraw it at any time.

The platform includes tools that operationalize these rights: businesses can anonymize customers and staff directly in the backoffice (erasing personal data while preserving statistical history), and the platform Admin has the same tools. If you are a business's customer, exercise your rights with that business (the controller); Rezvy will support the business as its processor.

To exercise rights regarding your Rezvy account, contact us via our contact page. You also have the right to lodge a complaint with your competent supervisory authority.

9. Cookies

We use essential cookies for authentication and to remember your chosen language. With your consent, we use analytics cookies (Google Analytics). You can manage cookies in your browser settings.

10. Security

We apply appropriate technical and organizational measures: passwords stored as hashes, encrypted transport (HTTPS/TLS), role-based access control, audit logging, and payment processing by a PCI-DSS-certified provider (Stripe).

11. Changes

We may update this policy. The last-updated date is shown at the top; material changes will be communicated through appropriate channels.

← Back to home