Privacy Policy

Last updated: June 8, 2026

INTRODUCTION

This Privacy Notice applies to your use of the website www.reservble.com and the Reservble platform (hereinafter referred to as the “Website” or “Platform”). We value your privacy and the security of your personal data.

Please read this document carefully to understand how we handle your data. By using the Platform, you agree to the terms of this Privacy Notice.

RESPONSIBLE PARTIES

Depending on the jurisdiction in which you use the Platform, the entity responsible for processing your personal data is:

• Ukraine: Nosenko Volodymyr Mykolayovych, sole proprietor (FOP), registered under the laws of Ukraine — owner of the rights to the Reservble Platform and operator of personal data for users from Ukraine. Address: Akademika Hlushka Ave., 1/3, Odesa, Ukraine.

• USA and EU / EEA: Reservble, Inc. (Delaware, USA, EIN: 35-2826590) — operates under a license agreement with FOP Nosenko Volodymyr Mykolayovych and acts as the controller of personal data for users from the United States and countries of the European Union / European Economic Area.

• UAE and other jurisdictions: Reservble, Inc. acts as the responsible data controller in accordance with applicable local legislation.

For any questions regarding the processing of your personal data, please contact us at: support@reservble.com. Response time: 30 (thirty) calendar days.

1. PLATFORM PRODUCTS AND SERVICES

Reservble is a B2B SaaS platform for the restaurant industry. Within the Platform, we provide the following services and process related data:

• Table Reservations: online booking, reservation management, reminders;

• Deposits & Prepayments: acceptance and recording of deposit payments for reservations (excluding payment processing itself);

• QR Payments: bill payment via QR code directly at the restaurant (excluding payment processing itself);

• Certificates: issuance and redemption of gift certificates (excluding payment processing itself);

• AI Assistant: automated processing of guest requests and recommendations, without access to sensitive user data;

• Digital Menu: QR menu, item and pricing management;

• Analytics: visit statistics, occupancy rates, payment data for the restaurant;

• Marketing Tools: newsletters, loyalty programs, performance tracking.

2. INFORMATION WE COLLECT

2.1. Guest Data

When making a reservation or payment (registered and unregistered users):

• Full name

• Phone number

• Email address (for registered users)

• Restaurant name, visit date and time

• Number of guests

• Booking comment (special requests)

• Reservation and visit history

• Payment data for deposits and QR payments (processed via UKRCARD for Ukraine; via Stripe for EU and USA)

Important: Please do not include medical information (e.g. allergy data) in the comment field. Allergy data is a special category of personal data (health data) under GDPR; if a restaurant collects such data, it is done separately with the guest’s explicit consent.

2.2. Restaurant Data (B2B Clients)

Upon registration and use of the Platform, the restaurant provides:

• Name and business details of the establishment

• Contact details of the responsible manager and staff

• Bank details for payouts and deposit configuration

• Guest data stored in the CRM section of the Platform

• Operational analytics (bookings, payments, occupancy)

• Menu and pricing data

Reservble acts as a data processor with respect to guest personal data managed by the restaurant. The relationship between Reservble and the restaurant as data controller is governed by a separate Data Processing Agreement (DPA) concluded upon onboarding to the Platform.

2.3. Technical Data and Cookies

• IP address

• Browser type and operating system

• Pages visited and time spent

• Date and time of newsletter subscription

For more information about cookies, see Section 3 of this Notice and the Cookie Policy: https://restaurant.reservble.com/ua/cookie-policy

3. COOKIES

We use four categories of cookies:

• Strictly necessary: ensure basic website functionality (login, session). No consent required.

• Analytical: help us understand how you use the Platform (Google Analytics). Require consent.

• Functional: remember your settings and personalisation. Require consent.

• Targeting (advertising): track visits for personalised advertising. Require consent.

Before placing optional cookies, we request your consent via a banner. You may withdraw consent or change your settings at any time via the “Manage cookies” button on the site or through your browser settings.

4. DATA PROCESSORS (SUB-PROCESSORS)

To provide our services, we engage the following verified data processors:

• UKRCARD (Mastercard/Visa acquiring — Ukraine): processing of payment transactions (deposits, QR payments) for users in Ukraine. Card data is transmitted exclusively in encrypted form in accordance with the PCI DSS standard.

• Stripe (USA / EU): processing of payment transactions (deposits, QR payments, certificates) for users in the United States and European Union. All transactions are processed in accordance with PCI DSS. Stripe Privacy Policy: https://stripe.com/privacy

• Google (Gmail / Google Workspace): corporate email and business communications. Google Privacy Policy: https://policies.google.com/privacy

• Trello (Atlassian): internal CRM and task management. Data of restaurant clients (not guests) may be processed within this tool. Atlassian Privacy Policy: https://www.atlassian.com/legal/privacy-policy

• DigitalOcean (Germany): cloud infrastructure and servers. All data of European and Ukrainian users is stored on servers in Germany (EU).

• DigitalOcean (New York, USA): cloud infrastructure and servers. All data of US users is stored on servers in New York (USA).

• Facebook / Meta: advertising campaigns and page analytics. Meta Privacy Policy: https://www.facebook.com/about/privacy/

• Google Maps: display of restaurant locations. Terms: https://maps.google.com/help/terms_maps.html

We enter into data processing agreements with each processor and require compliance with data protection standards equivalent to GDPR.

5. PURPOSES OF PROCESSING AND LEGAL BASES

• Performance of contract: managing bookings, user accounts, and payments (Art. 6(1)(b) GDPR)

• Legitimate interests: analytics, product improvement, security, statistics (Art. 6(1)(f) GDPR)

• Legal obligations: fraud prevention, compliance with legislation (Art. 6(1)(c) GDPR)

• Consent: marketing newsletters, optional cookies (Art. 6(1)(a) GDPR)

We do not use your personal data for automated decision-making or profiling with legal consequences.

6. DISCLOSURE OF DATA

Your data may be disclosed to the following categories of third parties:

• Restaurant partners (only data necessary to service your reservation)

• Data processors listed in Section 4

• Public authorities upon lawful request

• Affiliated companies of Reservble within the group

Under any other circumstances, we do not transfer your data to third parties without prior notice. Servers are located in Germany (EU) and New York (USA); local data is not transferred outside the EEA or outside the USA respectively.

7. DATA RETENTION AND ANONYMISATION

We retain personal data no longer than necessary for the stated purposes:

• Guest account data: for the duration of active use + 1 year after account deletion (for dispute resolution), then permanently destroyed;

• Booking and visit history: 2 years from the visit date, after which data is anonymised (name and phone number are deleted, only statistical information is retained);

• Payment data (deposits, QR payments): 5 years in accordance with financial and tax legislation requirements;

• Newsletter data: until consent is withdrawn + 1 year to confirm the fact of consent;

• Technical logs (IP, sessions): 90 days, then automatically deleted;

• Restaurant data (B2B): for the duration of the agreement + 1 year after termination, then anonymised;

• IP addresses from newsletter subscriptions: 1 year from the date of subscription.

Anonymisation: Upon expiry of retention periods, personal data is anonymised: all identifiers (name, contact details, links to a specific individual) are removed. Anonymised aggregated data may be retained indefinitely for statistical purposes and product improvement.

8. DATA SUBJECT RIGHTS

8.1. Guest Rights (Individuals)

In accordance with GDPR and applicable legislation, you have the following rights:

• Right to information and access to your data

• Right to rectification of inaccurate data

• Right to erasure (“right to be forgotten”)

• Right to restriction of processing

• Right to data portability

• Right to object to processing

• Right to withdraw consent at any time

• Right to lodge a complaint with a supervisory authority

Self-deletion of guest profile

Any registered guest may at any time permanently delete their profile and all associated personal data through Profile Settings → Delete Account. Upon confirmation, data will be deleted within 30 days, except for data retained by legal requirement (e.g. financial records).

8.2. Restaurant Rights (B2B Clients)

Any restaurant may independently and permanently delete its profile and all associated data through Account Settings → Delete Establishment. Upon administrator confirmation:

• Establishment profile, menu, and staff data are deleted within 30 days

• Guest data stored in the Platform CRM is anonymised or deleted

• Financial data is retained for 5 years in accordance with legislation

• Profile restoration after deletion is not possible

8.3. Supervisory Authorities

You have the right to lodge a complaint with the relevant supervisory authority:

• EU / EEA: the supervisory authority of your country. For example, in Spain: Agencia Española de Protección de Datos (AEPD) — aepd.es

• UAE: UAE Data Office — uaedataoffice.ae

• Ukraine: Ukrainian Parliament Commissioner for Human Rights

• USA: Federal Trade Commission (FTC) — ftc.gov

9. WITHDRAWAL OF CONSENT

If processing is based on your consent, you may withdraw it at any time at no cost:

• Through your account settings

• Via the “Unsubscribe” link in every marketing email

• By contacting us at: support@reservble.com

• Via the “Manage cookies” button on the website

Withdrawal of consent does not affect the lawfulness of processing carried out prior to such withdrawal. Even after unsubscribing from marketing, you may continue to receive transactional/service messages (booking confirmations, reminders).

10. DATA SECURITY

We have implemented technical and organisational measures to protect your data, including:

• Encryption of data in transit (TLS/SSL) and at rest

• Restricted access to personal data (principle of least privilege)

• Payment transactions processed in accordance with PCI DSS via UKRCARD (Ukraine) and Stripe (EU / USA)

• Regular security audits

• Servers located in certified data centres in Germany and the USA

11. LANGUAGE AND TRANSLATIONS

This Notice is prepared in English, Spanish, and Ukrainian. All versions carry legal force. In the event of any discrepancy between versions, the English text shall prevail.

12. CHANGES TO THIS NOTICE

We may update this Notice from time to time. The date of the last update is indicated at the top of the document. For material changes, we will notify you by email and/or via a notice on the website. Continued use of the Platform after changes take effect constitutes your acceptance of the updated version.

CONTACT DETAILS

For privacy and personal data protection enquiries:

• Email: support@reservble.com

• Reservble, Inc.: Delaware, USA

• FOP Nosenko Volodymyr: Akademika Hlushka Ave., 1/3, Odesa, Ukraine