Part Two
Privacy Policy
Last updated: May 7, 2026
This Privacy Policy describes how Naufal Syifa Firdaus, operating as Reservs ("Reservs", "we", "us", or "our"), collects, uses, shares, and protects your personal information when you use our platform at https://reservs.me and related services (the "Service").
This policy applies to two types of users: (a) Business Owners who create accounts and manage bookings through Reservs, and (b) Customers who make bookings through a business owner's booking link.
1. Information We Collect
1.1 Information from Business Owners
When you register for and use the Service as a business owner, we collect:
- Account information: name, email address, password (stored in hashed form)
- Business information: business name, business type, phone number, logo, description, booking URL slug, and bookable resource along with their availability information
- Payment information: billing details processed through our third-party payment provider (we do not store credit card numbers directly)
- Usage data: log data, IP addresses, browser type, device information, pages visited, and actions taken within the Service
- Communication data: correspondence with us, including support requests
1.2 Information from Customers
When customers make bookings through a business owner's booking link, we collect:
- Booking information: name, phone number, email address (if provided), selected date and time, selected resource, and any additional notes
Important: Customer booking data is collected on behalf of the business owner. The business owner is the data controller for this data, and we act as a data processor. Customers should refer to the business owner's own privacy policy for information about how their booking data is used.
1.3 Information Collected Automatically
We automatically collect certain technical information when you use the Service, including:
- IP address and approximate geolocation
- Browser type and version, operating system
- Device identifiers
- Referring URLs and pages visited
- Date and time of access
- Interaction data (clicks, scrolling behavior, feature usage)
2. How We Use Your Information
We use the information we collect for the following purposes:
2.1 Service Delivery
- To create and manage your account
- To provide, maintain, and improve the Service
- To process bookings and send booking confirmations and reminders
- To facilitate communication between business owners and their customers
- To process subscription payments
2.2 Communications
- To send transactional emails and SMS messages (booking confirmations, reminders, alerts)
- To respond to your inquiries and support requests
- To send service-related announcements (updates, security alerts, billing notifications)
2.3 Improvement and Analytics
- To analyze usage patterns and improve the Service
- To monitor and prevent technical issues
- To develop new features and functionality
2.4 Legal and Safety
- To comply with legal obligations
- To enforce our Terms of Service
- To protect the rights, safety, and property of our users and the public
- To detect, prevent, and address fraud, security issues, or technical problems
3. How We Share Your Information
We do not sell, rent, or trade your personal information. We may share your information only in the following circumstances:
3.1 Third-Party Service Providers
We share information with trusted third-party service providers who assist us in operating the Service:
- Supabase: cloud database and authentication (stores account and booking data)
- Vercel: web hosting and content delivery
- Lemon Squeezy: subscription billing and payment processing
- Resend: transactional email delivery
These providers are contractually obligated to use your information only for the purposes of providing services to us and are required to maintain appropriate security measures.
3.2 Business Owners and Customers
When a customer makes a booking, the business owner can see the customer's booking information (name, phone, date, time, notes) through their dashboard. This is necessary for the Service to function.
3.3 Legal Requirements
We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to:
- Comply with a legal obligation, court order, or legal process
- Protect and defend our rights or property
- Prevent or investigate possible wrongdoing in connection with the Service
- Protect the personal safety of users or the public
3.4 Business Transfer
If Reservs is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.
4. Data Storage and Security
4.1 Data Storage
Your data is stored on servers provided by Supabase and Vercel, which may be located in various regions globally. By using the Service, you consent to the transfer and storage of your data in these locations.
4.2 Security Measures
We implement reasonable security measures to protect your information, including:
- Encryption of data in transit using TLS/HTTPS
- Encryption of data at rest in our database
- Secure password hashing (passwords are never stored in plain text)
- Row-Level Security (RLS) policies to ensure data isolation between businesses
- Regular security reviews and updates
4.3 Security Limitations
While we take reasonable precautions to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee the absolute security of your information. You acknowledge that you provide your information at your own risk.
5. Data Retention
We retain your information as follows:
- Account data: retained for as long as your account is active, plus 30 days after account deletion to allow for account recovery
- Booking data: retained for as long as the associated business account is active. After account deletion, booking data is deleted within 90 days unless retention is required by law
- Payment records: retained for up to 7 years as required by applicable tax and financial regulations
- Usage logs: retained for up to 12 months for analytics and debugging purposes
- Support correspondence: retained for up to 24 months after the last communication
6. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal information:
6.1 General Rights
- Right to Access: You may request a copy of the personal information we hold about you
- Right to Rectification: You may request that we correct inaccurate or incomplete information
- Right to Deletion: You may request that we delete your personal information, subject to legal retention requirements
- Right to Data Portability: You may request an export of your data in a machine-readable format
- Right to Object: You may object to certain processing of your information
- Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time
6.2 European Users (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR). Our legal basis for processing your data includes contract performance (providing the Service), legitimate interests (improving the Service), and consent (where applicable). You may lodge a complaint with your local data protection authority.
6.3 California Users (CCPA)
If you are a California resident, you have the right to know what personal information is collected, request deletion of your personal information, and opt out of the sale of your personal information. We do not sell personal information.
6.4 Indonesian Users
If you are located in Indonesia, we comply with applicable Indonesian data protection regulations, including Law No. 27 of 2022 on Personal Data Protection (UU PDP). You have the right to access, correct, and request deletion of your personal data in accordance with applicable law.
6.5 Exercising Your Rights
To exercise any of these rights, please contact us at reservs.me@gmail.com. We will respond to your request within 30 days. We may request verification of your identity before processing your request.
7. International Data Transfers
Reservs is operated from Indonesia and serves a global audience. Your data may be transferred to and processed in countries other than your own, including countries that may not have the same level of data protection as your home country. By using the Service, you consent to such transfers. We ensure appropriate safeguards are in place, including the use of reputable service providers with strong data protection practices.
8. Children's Privacy
The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will take steps to delete that information as quickly as possible. If you believe we have collected information from a child, please contact us at reservs.me@gmail.com.
9. Cookies and Tracking
We use cookies and similar technologies to:
- Essential cookies: maintain your session and authenticate your identity (required for the Service to function)
- Analytics cookies: understand how users interact with the Service to improve functionality (may be added in the future)
You can control cookie settings through your browser. However, disabling essential cookies may prevent you from using certain features of the Service.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on the Service and/or sending you an email notification. The "Last updated" date at the top of this policy indicates when it was last revised. Your continued use of the Service after the updated policy becomes effective constitutes your acceptance of the changes.
11. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
Naufal Syifa Firdaus
Operating as Reservs
Email: reservs.me@gmail.com
Website: https://reservs.me
For data protection inquiries specifically related to booking data collected through a business owner's booking link, customers should contact the business owner directly, as they are the data controller for that information.