Resvia
Log in Start free trial
Legal

Privacy Policy

Last updated: April 2026

1. Who we are

Resvia is a restaurant management and online booking software platform. In this policy, "Resvia", "we", "us", and "our" refers to the operators of this platform. We are the data controller for restaurant account and usage data. For guest booking data collected on behalf of restaurants, we act as a data processor.

2. Data we collect and why

We collect and process the following categories of personal data:

  • Restaurant account data — name, email address, business name, and contact details provided at signup. Lawful basis: contract performance.
  • Billing data — billing name and address, processed via Stripe. We do not store card numbers. Lawful basis: contract performance and legal obligation.
  • Booking and guest data — guest names, email addresses, phone numbers, dietary notes, party sizes, and booking dates, collected via the booking widget on behalf of restaurants. Lawful basis: legitimate interests of the restaurant (as data controller) in managing their bookings.
  • Usage and analytics data — pages visited, features used, and error logs, collected to operate and improve the platform. Lawful basis: legitimate interests.
  • Communications data — emails sent to or received from you in connection with support. Lawful basis: legitimate interests.

3. How we use your data

We use your data to: provide and operate the platform; process payments and manage your subscription; send transactional emails such as booking confirmations and reminders; provide customer support; detect and prevent fraud or abuse; and improve and develop the platform.

4. Data sharing and third parties

We do not sell your data. We share data only with the following third-party service providers, who process data on our behalf under appropriate data processing agreements:

  • Stripe — payment and deposit processing (stripe.com)
  • Resend — transactional email delivery (resend.com)
  • Neon — cloud database hosting (neon.tech)
  • Sentry — error monitoring (sentry.io)

All providers are contractually bound to process data only as instructed and to implement appropriate security measures.

5. Data retention

Restaurant account data is retained for the duration of your subscription plus 12 months after closure, after which it is deleted or anonymised. Booking and guest data is retained for 24 months from the booking date. Financial records are retained for 7 years to comply with legal obligations. You may request earlier deletion subject to legal requirements.

6. International transfers

Some of our third-party providers process data outside the UK and EEA. Where this occurs, we ensure appropriate safeguards are in place, such as UK adequacy decisions or standard contractual clauses.

7. Your rights

Under UK GDPR, you have the right to: access your personal data; correct inaccurate data; request deletion of your data ("right to be forgotten"); restrict or object to processing; and data portability. To exercise any of these rights, please contact us using our contact form. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

8. Cookies

We use strictly necessary session cookies to keep you logged in. We do not use advertising or third-party tracking cookies.

9. Security

We implement industry-standard security measures including encrypted data transmission (HTTPS), database access controls, and regular security reviews. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

10. Changes to this policy

We may update this policy from time to time. We will notify subscribers of material changes by email. The date at the top of this page indicates when the policy was last updated.

11. Contact

For privacy-related enquiries or to exercise your rights, please use our contact form.