Privacy Policy

Effective: July 2, 2025 | Last updated: July 2, 2025

Reservee ("Provider", "we") is committed to protecting user personal data. This Privacy Policy informs you of how your personal data is processed, in line with the EU General Data Protection Regulation (GDPR – 2016/679/EU) and applicable Hungarian data protection laws (Act CXII of 2011).

1. Controller details

• Controller: Reservee
• Email: info@reservee.hu
• Website: https://reservee.hu

2. Data we collect

Reservee processes the following personal data:

• Registration data: email address, display name
• Provider profile data: services, working hours, booking settings
• Client data (entered by the provider): name, email, phone, billing details (address, zip, city, country)
• Booking data: date/time, service, status, notes
• Technical data: browser type, IP address (via Google Analytics), usage statistics

3. Purpose and legal basis

Under Article 6 of the GDPR:

• Performance of a contract (Art. 6(1)(b)): Providing the service, managing bookings, user accounts, subscriptions.
• Consent (Art. 6(1)(a)): Marketing emails (where the user has consented).
• Legitimate interest (Art. 6(1)(f)): Security, fraud prevention, service improvement, statistical analysis.
• Legal obligation (Art. 6(1)(c)): Accounting and tax obligations.

4. Processors and third parties

Reservee uses the following third-party services to process data. Each has their own privacy policy:

• Firebase (Google LLC): Authentication, Cloud Firestore database, hosting. Data is stored in the EEA or in data centers with equivalent protection by Google.
  Firebase Privacy
• Stripe Inc.: Payment processing and subscription management. PCI DSS Level 1 certified.
  Stripe Privacy
• Supabase Inc.: Image and media storage.
  Supabase Privacy
• Google Analytics (Google LLC): Anonymized usage statistics.
  Google Privacy

5. Data retention

• Account data: Until account deletion or 2 years after last login, whichever comes first.
• Booking data: 2 years after the booking date, while the provider account exists.
• Billing data: As required by law (typically 8 years).
• Analytics data: Anonymized, up to 26 months (Google Analytics).

6. Your rights (GDPR Art. 15-22)

Under the GDPR you have the following rights:

• Access: Request information about data we process about you.
• Rectification: Request correction of inaccurate data.
• Erasure ("right to be forgotten"): Request deletion of your data when the processing purpose has ceased.
• Restriction of processing: Request restriction under specific conditions.
• Data portability: Request your data in a machine-readable format (CSV export).
• Objection: Object to processing based on legitimate interest.
• Withdrawal of consent: Where processing is based on consent, you may withdraw it any time.

To exercise your rights, please contact us at info@reservee.hu. We respond within 30 days.

7. Data security

Reservee applies the following technical and organizational measures to protect personal data:

• SSL/TLS encryption (HTTPS) for every data transfer
• Firebase Authentication for secure login
• Cloud Firestore security rules restricting data access
• Stripe PCI DSS Level 1 payment security
• Regular backups

8. Cookies and local storage

The Reservee website uses the following technologies:

• localStorage: Stores the user's theme preference (dark/light). Not a cookie and contains no personal data.
• Firebase Authentication cookies: Technical cookies required to keep the user logged in. Essential for the service.
• Google Analytics cookies: For anonymized usage statistics (_ga, _gid).

9. International data transfers

The processors above (Google, Stripe, Supabase) are U.S.-based. Transfers are governed by the EU-U.S. Data Privacy Framework and/or Standard Contractual Clauses (SCCs), providing GDPR-equivalent protection.

10. Providers as data controllers

In the Reservee system, service providers (who run the booking page) act as independent data controllers for the client data they enter. Reservee acts as a processor in this context. Providers are responsible for processing their clients' data in line with the GDPR.

11. Complaints

If you believe that processing is unlawful you may file a complaint with:

• Hungarian National Authority for Data Protection and Freedom of Information (NAIH)
• Address: 1055 Budapest, Falk Miksa u. 9-11., Hungary
• Phone: +36 1 391 1400
• Email: ugyfelszolgalat@naih.hu
• Website: https://naih.hu

12. Changes to this Policy

The Provider reserves the right to update this Privacy Policy. Updates take effect upon publication. We will notify users by email of any significant changes.

13. Contact

For privacy questions or requests, please contact us at info@reservee.hu.