Privacy Policy
Effective: 2026-05-19 · Version 1.0 (MVP draft — pending legal review).
1. Who we are
Reservory ("we") provides booking software for attraction operators. We act as a processor for our operator customers and as a controller for operator-account data.
2. What we collect
- Operator account: email, name, business details, billing info.
- End-customer bookings: name, email, phone (optional), party size, special requests.
- Payment metadata via Stripe (we never store card numbers).
- Waiver signatures and metadata (timestamp, IP, user agent).
- Usage telemetry: anonymised PostHog product analytics; Sentry error reports.
3. How we use it
- To operate bookings, payments, waivers, and communications on the operator's behalf.
- To send transactional emails (confirmations, reminders, post-visit NPS).
- To diagnose and fix bugs (Sentry).
- To understand product usage in aggregate (PostHog).
We do not sell personal data. We do not use customer data for advertising.
4. Subprocessors
We rely on the following subprocessors:
- Supabase (Postgres, auth, storage, realtime) — US-East / EU-West.
- Vercel (hosting) — global edge.
- Stripe (payments) — global.
- Resend (transactional email) — US.
- Twilio (SMS, waiver links) — global.
- Upstash (rate limiting cache) — global.
- Sentry (error monitoring) — US.
- PostHog (product analytics) — US.
A current list with regions is available on request.
5. Data retention
Bookings and payment records: 7 years for tax and accounting. End-customer PII: for the active life of the operator's account plus 90 days. Waiver records: retained for the statute-of-limitations window relevant to personal-injury claims in the operator's jurisdiction (typically 2–7 years).
6. Your rights
You can request access, correction, or deletion of personal data we hold about you. End customers should first contact the operator they booked with; operators can contact privacy@reservory.com.
EU/UK residents: we honour GDPR and UK GDPR. California residents: we honour CCPA. Both include the right to know, the right to delete, and the right to opt out of sale (which we don't do anyway).
7. International transfers
We maintain EU-resident infrastructure for EU operators. Transfers from the EU to the US (e.g. for Stripe processing) are covered by Standard Contractual Clauses.
8. Security
TLS 1.2+ in transit. Postgres row-level security on every tenant-scoped table. Quarterly tenant-isolation penetration testing. We're working toward SOC 2 Type II (evidence collection via Drata).
9. Contact
privacy@reservory.com for privacy questions, GDPR/CCPA requests, or to report a security concern.