This Privacy Policy explains how Hospitality Labs ("Hospitality Labs," "we," "us," or "our"), collects, uses, shares, and protects your personal data when you use Table Alert (the "Service"), including our website at tablealert.app and all related features, notifications, and communications.
We are committed to protecting your privacy and processing your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), and other applicable data protection laws.
Please read this Privacy Policy carefully. By creating an Account or using the Service, you acknowledge that you have read and understood this Privacy Policy.
The data controller responsible for your personal data is:
Hospitality Labs
Email: info@tablealert.app
If you have any questions or concerns about how we process your personal data, you may contact us using the details above.
We collect and process the following categories of personal data:
Account Data: When you create an Account, we collect your name, email address, and password (stored in hashed form). If you subscribe to a paid plan, we also collect your billing address and country.
Preference Data: Restaurant selections you add for monitoring, including restaurant names, desired dates, party sizes, time preferences, and alert settings.
Communication Data: When you contact us for support or send us feedback, we collect the content of your messages and any attachments, along with your contact details.
Usage Data: We collect information about how you interact with the Service, including pages visited, features used, actions taken (such as adding or removing Monitored Restaurants), and timestamps.
Device and Technical Data: We collect your IP address, browser type and version, operating system, device type, screen resolution, language preferences, and referring URLs.
Alert Interaction Data: We collect data about Alerts sent to you, including delivery status, whether you opened an Alert email, and whether you clicked through to a restaurant reservation platform.
Log Data: Our servers automatically record information in server logs, including your IP address, access times, pages viewed, and system activity.
Payment Data: When you subscribe to a paid plan, your payment is processed by Stripe, Inc. ("Stripe"). We receive limited information from Stripe, including the last four digits of your payment card, card type, expiry date, billing country, and transaction status. We do not receive or store your full payment card number. Stripe's collection and use of your data is governed by Stripe's Privacy Policy.
We process your personal data only where we have a lawful basis to do so under Article 6 of the GDPR. The table below sets out our processing purposes and their corresponding legal bases.
| Purpose | Categories of Data | Legal Basis (Art. 6 GDPR) |
|---|---|---|
| Creating and managing your Account | Account Data | Performance of contract (Art. 6(1)(b)) |
| Providing the Service, including monitoring restaurants and sending Alerts | Account Data, Preference Data, Alert Interaction Data | Performance of contract (Art. 6(1)(b)) |
| Processing payments and managing subscriptions | Account Data, Payment Data (via Stripe) | Performance of contract (Art. 6(1)(b)) |
| Responding to your support requests and communications | Account Data, Communication Data | Performance of contract (Art. 6(1)(b)) |
| Improving and optimising the Service | Usage Data, Device and Technical Data, Alert Interaction Data | Legitimate interest (Art. 6(1)(f)) |
| Ensuring the security and integrity of the Service | Device and Technical Data, Log Data, Usage Data | Legitimate interest (Art. 6(1)(f)) |
| Enforcing our Terms of Service | Account Data, Usage Data, Preference Data | Legitimate interest (Art. 6(1)(f)) |
| Sending service-related communications | Account Data | Performance of contract (Art. 6(1)(b)) |
| Sending marketing communications | Account Data | Consent (Art. 6(1)(a)) |
| Complying with legal obligations | Account Data, Payment Data | Legal obligation (Art. 6(1)(c)) |
Legitimate Interest Assessments: Where we rely on legitimate interest as a legal basis, we have conducted balancing assessments to ensure that our interests do not override your fundamental rights and freedoms. You may request information about these assessments by contacting us.
We use cookies and similar technologies on our website. Cookies are small text files stored on your device that help us provide and improve the Service.
Strictly Necessary Cookies: These are required for the Service to function (e.g., session management, authentication). They cannot be disabled.
Analytics Cookies: We use Google Analytics to understand how visitors use our website. We have configured Google Analytics with IP anonymisation enabled.
Preference Cookies: These remember your settings and preferences to provide a more personalised experience.
When you first visit our website, we will ask for your consent before placing any non-essential cookies on your device. You may manage your cookie preferences at any time through our cookie settings. You can also configure your browser to reject cookies, though this may affect certain functionality of the Service.
We do not sell your personal data. We share your personal data only in the following circumstances:
We engage trusted third-party service providers to help us operate the Service. These providers process your data on our behalf and under our instructions, in accordance with data processing agreements that comply with Article 28 of the GDPR.
| Provider | Purpose | Location | Safeguards |
|---|---|---|---|
| Stripe, Inc. | Payment processing | United States | EU-US Data Privacy Framework; Standard Contractual Clauses |
| Hetzner | Infrastructure and hosting | United States | EU-US Data Privacy Framework |
| Brevo | Transactional and alert email delivery | United States | EU-US Data Privacy Framework |
| Google Analytics | Website analytics | United States | EU-US Data Privacy Framework |
We may disclose your personal data if required to do so by law, regulation, legal process, or governmental request, or where we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
In the event of a merger, acquisition, reorganisation, bankruptcy, or sale of all or a portion of our assets, your personal data may be transferred as part of that transaction. We will notify you of any such change.
Hospitality Labs is based in the Netherlands. Some of our service providers are located outside the European Economic Area ("EEA"), particularly in the United States.
When we transfer personal data outside the EEA, we ensure that appropriate safeguards are in place, including:
You may request a copy of the safeguards we have in place by contacting us.
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:
| Data Category | Retention Period |
|---|---|
| Account Data | Duration of Account, plus up to 30 days after deletion |
| Preference Data | Duration of Account; deleted when Account is deleted |
| Payment and Billing Data | Duration of Account, plus up to 7 years (tax/accounting obligations) |
| Usage and Log Data | Up to 12 months, then anonymised or deleted |
| Communication Data | Up to 24 months from last communication |
| Alert Interaction Data | Up to 12 months, then anonymised or deleted |
| Marketing Consent Records | Duration of Account, plus 3 years after withdrawal |
After the applicable retention period, we will securely delete or anonymise your personal data.
As a data subject under the GDPR, you have the following rights:
To exercise any of these rights, please contact us at info@tablealert.app. We will respond within one month.
We implement appropriate technical and organisational measures to protect your personal data, including encryption of data in transit (TLS/SSL) and at rest, secure hashing of passwords, and access controls limiting data access to authorised personnel.
In the event of a personal data breach likely to result in a risk to your rights, we will notify the relevant supervisory authority within 72 hours and notify you directly where the risk is high.
The Service is not directed at individuals under the age of 18. We do not knowingly collect personal data from children under 18. If you believe that a child under 18 has provided us with personal data, please contact us at info@tablealert.app.
The Service may contain links to third-party websites, including restaurant reservation platforms. This Privacy Policy applies only to the Service. We encourage you to review the privacy policies of any third-party services you visit.
We do not engage in automated decision-making, including profiling, that produces legal effects concerning you. Any enforcement action under our Fair Use Policy involves human review.
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date and notify you by email or by a prominent notice on the Service at least thirty (30) days before the changes take effect.
If you have any questions about this Privacy Policy, please contact us at:
Hospitality Labs
Email: info@tablealert.app