Privacy Policy

1. Data controller

The data controller for personal data processed through Tablori is the legal entity operating Tablori, registered in Spain. For any privacy-related question, contact us at support@tablori.com.

2. What data we collect

Account data (all professional users): name, email address, hashed password, role (concierge, restaurant, hotel administrator, front office, administrator), profile language preference, optional phone/WhatsApp number, optional avatar.

Restaurant data (restaurant users only): business name, address, opening hours, menu, photos, cuisine, average spend, contact details, optional Stripe Connect account identifier for payouts, optional no-show fee policy.

Hotel data (hotel users only): hotel name, address, access key, staff list, billing details (legal name, tax ID, billing address).

Booking data: guest first name and last initial, party size, requested date/time, dietary notes, occasion, restaurant chosen, concierge who created the booking, status history, optional saved card token (Stripe payment method ID — we never store full card numbers).

Notification data: email delivery status, WhatsApp delivery status, and message content references (for audit and support).

Technical data: IP address (recorded by our hosting and rate-limit providers only — not stored in our application database), service worker push subscription endpoint (if you opt in to push notifications), language preference, anonymous error logs.

3. Why we process this data (legal basis)

Performance of a contract (Art. 6(1)(b) GDPR): to provide the booking platform to professional users (concierges, restaurants, hotels) and process bookings on behalf of their guests.

Legitimate interest (Art. 6(1)(f) GDPR): to prevent abuse, enforce contest/dispute rules, secure the platform with rate limits, and improve reliability through anonymous error logging.

Legal obligation (Art. 6(1)(c) GDPR): to issue invoices, retain accounting records, and comply with Spanish tax law (Ley General Tributaria — minimum 4-year retention of invoicing data).

Consent (Art. 6(1)(a) GDPR): for non-essential cookies, optional WhatsApp and push notification channels, and optional saved card on file.

4. Third parties (data processors)

Supabase (database, authentication, storage — hosted in the EU) — stores all application data.

Vercel (application hosting and edge network) — processes web requests; no application data stored at rest.

Resend (transactional email) — receives recipient email and template variables to deliver our emails.

Twilio (WhatsApp messaging) — receives phone number and message content to deliver WhatsApp notifications, if you have opted in.

Stripe (payments) — processes card capture and any no-show charges. Stripe is the data controller for payment card data; we only store the Stripe payment method identifier.

Google (Gemini API) — receives restaurant menu images for OCR + translation. Menu data is not personal data.

Upstash (Redis-based rate limiting) — receives IP addresses to throttle abusive requests; data expires within hours.

cron-job.org (external scheduler) — triggers internal reminder jobs; no personal data is shared with the scheduler.

All processors are bound by data processing agreements (DPAs) that meet GDPR requirements.

5. International transfers

Most of our processors store data within the European Economic Area (EEA). Where data is transferred outside the EEA (for example, Stripe and Google), we rely on Standard Contractual Clauses (SCCs) approved by the European Commission and, where applicable, the EU-US Data Privacy Framework.

6. How long we keep your data

Account data: while your account is active, and for up to 12 months after closure for support and dispute purposes.

Booking data: 4 years from the booking date, to satisfy Spanish accounting and tax retention obligations on invoiced transactions.

Notification logs: 12 months.

Anonymous error logs: 90 days.

Invoices: 6 years (Código de Comercio, art. 30).

After these periods, data is deleted or fully anonymised.

7. Your rights

Under GDPR you have the right to: (i) access your data, (ii) correct inaccurate data, (iii) erase your data (the "right to be forgotten"), (iv) restrict or object to processing, (v) data portability, (vi) withdraw consent at any time, and (vii) lodge a complaint with a supervisory authority — in Spain, the Agencia Española de Protección de Datos (AEPD), www.aepd.es.

To exercise these rights, email support@tablori.com from the address linked to your account. We respond within 30 days. Some data must be retained to satisfy our legal obligations (see retention section).

8. Cookies

Tablori uses only first-party storage that is strictly necessary to deliver the service (session cookies, language preference, install prompt state). We do not use third-party advertising, analytics, or tracking cookies. Our cookie banner allows you to acknowledge and accept this minimal use.

9. Guests of hotel bookings

When a concierge or front-office user creates a booking on behalf of a hotel guest, that guest is not a Tablori user. The data captured is limited to first name, last initial, and dietary notes. The hotel and the restaurant are joint controllers for that booking record. Guests can request access or deletion via the hotel that booked them, or directly at support@tablori.com.

10. Security

We use TLS encryption in transit, encrypted Postgres storage at rest (via Supabase), row-level security policies enforced at the database, single-use action tokens for sensitive email/WhatsApp links, rate limiting on public endpoints, and signed webhook verification (Twilio, Resend, Stripe).

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email to active account holders at least 14 days before they take effect.

12. Contact

Privacy questions, requests, and complaints: support@tablori.com.