Privacy Policy

Last updated: July 5, 2026

1. Introduction

RezervSpot ("we," "our," or "us") provides a link reservation, redirection, and lead capture platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

By using RezervSpot, you agree to the collection and use of information in accordance with this policy. We are committed to protecting your data and maintaining transparency about our practices.

2. Information We Collect

2.1 Information You Provide

  • Account Information: When you register, we collect your name, email address, and Google OAuth credentials.
  • Payment Information: All payment processing is handled by Dodo Payments (our Merchant of Record). We do not store or process credit card details. Dodo Payments collects billing information necessary to process transactions, manage VAT, and handle tax compliance.
  • Phone Numbers: When you configure an alias or rotator agent, you may provide phone numbers that are encrypted at rest using AES-256 encryption before storage in our database.
  • Welcome Messages: Optional custom messages associated with your aliases are stored in plaintext to enable redirection.

2.2 Information Collected Automatically

  • Usage Data: We log click events including the referring URL, user agent string, timestamp, and IP address (for country-level analytics only). IP addresses are not permanently stored in association with individual click logs.
  • Cookies: We use essential cookies for authentication (Supabase session management) and optional analytics cookies to improve our service. Upon your first visit, a cookie consent banner gives you the choice to accept or reject non-essential cookies. Your preference is stored locally and respected on subsequent visits.
  • Device Information: Browser type, operating system, and screen resolution may be collected through our pixel tracking feature when enabled by account holders.
  • QR and BSUID Audit Data: QR visits may be tagged with a campaign identifier. API Proxy audit logs store operational metadata such as identifier type, parse status, response status, and latency bucket. We do not store raw BSUIDs, phone numbers, message bodies, request headers, or full webhook payloads in BSUID audit logs by default.

3. How We Use Your Information

  • Operate, maintain, and improve our link redirection services
  • Process payments and manage subscriptions through Dodo Payments
  • Route incoming visitors to the correct destination based on rotator configuration
  • Provide analytics and click tracking to account holders
  • Provide privacy-safe webhook migration diagnostics to paid account holders
  • Detect and prevent abuse, fraud, or unauthorized access
  • Comply with legal obligations and enforce our Terms of Service

4. Data Sharing and Disclosure

We do not sell your personal information. We may share data in the following circumstances:

  • Service Providers: We share data with Supabase (database hosting), Dodo Payments (payment processing), and Vercel (application hosting) who each have their own privacy commitments.
  • Legal Requirements: We may disclose information if required by law, court order, or governmental regulation.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, user data may be transferred as part of that transaction.

5. Data Retention

We retain your account information for as long as your account is active. Click log data is retained for up to 24 months for analytics purposes. Detailed BSUID audit events are retained for up to 90 days for operational diagnostics, while aggregate migration metrics may be retained longer. Phone numbers are retained until you delete them from your alias or rotator configuration. Upon account deletion, all associated data is purged within 30 days.

6. Data Security

We implement industry-standard security measures including:

  • AES-256 encryption for stored phone numbers
  • HTTPS/TLS encryption for all data in transit
  • Row-Level Security (RLS) policies in Supabase to isolate user data
  • Regular security audits and dependency updates

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data ("Right to be Forgotten")
  • Object to or restrict processing of your data
  • Data portability
  • Withdraw consent at any time

To exercise these rights, contact us at hello@rezervspot.com. We will respond within 30 days.

8. GDPR Compliance

For users in the European Economic Area (EEA), we process personal data under the following legal bases:

  • Consent: For optional analytics cookies and marketing communications
  • Contractual Necessity: For account creation, payment processing, and service delivery
  • Legitimate Interests: For fraud prevention, service improvement, and security monitoring

9. CCPA Compliance

California residents have the right to know what personal information is collected, request deletion, and opt out of the sale of their data. RezervSpot does not sell personal information. To exercise your CCPA rights, email hello@rezervspot.com.

10. Children's Privacy

Our service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal data, please contact us.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes via email or through a notice on our website. Continued use of the service after changes constitutes acceptance of the updated policy.

12. Contact

For questions about this Privacy Policy or our data practices:

  • Email: hello@rezervspot.com
  • Website: https://rezervspot.com