Privacy Policy
Effective: May 26, 2026
bookres ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our reservation management platform at bookres.ai ("the Service").
1. Information We Collect
We collect information you provide directly, including:
- Account information: name, email address, password, and venue profile details
- Venue data: floor plan layout, operating hours, table configurations, menu items, and event types
- Reservation data: guest names, contact information, party sizes, dietary preferences, occasion notes, and reservation history
- Calendar data: calendar events accessed through connected integrations (Google Calendar)
- Payment information: billing details processed through Stripe (we do not store credit card numbers)
- Phone number: if provided for SMS notifications, used for reservation messages (confirmations, reminders, modifications), two-way customer-care replies about your reservation, and automated reservation calls where enabled — all sent or placed by bookres for the reservation you make at the venue (customer-care replies may be AI-generated; see Section 5). SMS opt-in is collected via a clearly labeled consent checkbox at reservation time; messages are sent via Telnyx using a 10DLC-registered number. SMS data is never sold or shared with third parties for marketing, and opt-in is never a condition of making a reservation.
- POS data: when Square integration is enabled, transaction details for the purpose of matching tabs to reservations
- Communications: support requests, feedback, and correspondence
We also automatically collect:
- Usage data: pages viewed, features used, and interaction patterns
- Device information: browser type, operating system, and device identifiers
- Log data: IP addresses, access times, and referring URLs
2. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve the Service
- Process reservation requests and send booking notifications
- Auto-assign tables and prevent double-booking
- Process payments and manage subscriptions
- Send transactional communications (confirmations, reminders, cancellations)
- Provide customer support
- Monitor and analyze usage trends to improve the Service
- Detect and prevent fraud, abuse, and security incidents
3. Google Calendar Integration & Google API Disclosure
bookres optionally integrates with Google Calendar to sync venue events (private dinners, ticketed events, holiday closures) with your reservation calendar. When you connect your Google Calendar, we access the following data:
- Calendar list: names and IDs of your calendars (to let you choose which calendar to sync)
- Calendar event details: event titles, times, and locations from your selected calendar — displayed alongside your reservations and temporarily cached for fast loading (automatically deleted within 60 minutes)
- Email address: your Google account email (for identification purposes only)
How we use Google Calendar data:
- To display venue events on your unified bookres calendar view
- To prevent reservation bookings during private events or closures
- To detect schedule changes (event time changes, cancellations) and reflect them in availability
What we do NOT do with your Google Calendar data:
- We do not sell, share, or transfer your Google Calendar data to third parties
- We do not use your calendar data for advertising or marketing purposes
- We do not permanently store the content of your calendar events — cached event data is automatically deleted within 60 minutes
- We access event titles, times, and locations only from the calendar you explicitly select — we do not access event descriptions, attendees, or attachments
Data storage and retention: Google Calendar OAuth tokens are encrypted at rest using AWS KMS. Event data is cached temporarily (up to 60 minutes) and automatically deleted. When you disconnect your Google Calendar, all stored tokens and cached data are immediately deleted.
Limited Use Disclosure: bookres's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
4. Guest Data Handling
When guests make reservations through your venue's bookres-powered booking page, we collect and process their personal data (name, email, phone, party details) on your behalf. You — the venue operator — are the data controller for guest data; bookres is the data processor.
You are responsible for ensuring that:
- Your guests are informed about how their data will be used (e.g., via a privacy notice on your booking page)
- You have a lawful basis for processing guest data (typically: necessary to perform the reservation contract)
- You honor guest requests to access, correct, or delete their data
bookres provides tools (admin guest search, export, deletion) to help you meet these obligations.
5. SMS / Text Messaging Disclosures
No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. All of the data-sharing categories described elsewhere in this Privacy Policy specifically exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties, including for the purpose of marketing, promotion, lead generation, analytics, advertising, or resale.
When a guest provides a phone number and checks the SMS consent checkbox on a venue's booking page, bookres — the message sender of record — sends reservation-related text messages, conducts a two-way customer-care conversation about the reservation, and (where the venue enables it) places automated reservation calls, through Telnyx using a 10DLC-registered originator. The following terms apply to all SMS messages sent through the Service:
- Express written consent: SMS messages are only sent to guests who have opted in via the labeled consent checkbox at the time of reservation. The checkbox is unchecked by default; opt-in is never a condition of making a reservation, completing a purchase, or using any other feature of the Service.
- Verbatim consent language: the checkbox label, displayed to every guest at reservation time, reads: "I agree that bookres may send me automated texts and calls — by auto-dialer, artificial, or prerecorded voice — to service my reservation at [Venue Name], including to confirm and manage it, at the number I provided. Consent isn't required to book."
- Message types: reservation confirmations, reminders, modifications, cancellations, waitlist offers, "table is ready" alerts, event-specific notifications (e.g., open-mic-night confirmations), and two-way customer-care replies to reservation questions a guest texts us. bookres is the sender of every message, and customer-care replies may be generated automatically by an AI-assisted system operated by bookres and overseen by the venue. All messages are reservation- and venue-related — bookres does not send promotional or marketing SMS through this program, and the AI-assisted replies are never promotional. The same consent also covers automated reservation calls (auto-dialer, artificial, or prerecorded voice), likewise placed by bookres.
- Message frequency: varies based on the guest's reservation activity. Typical frequency is one confirmation plus one reminder per reservation, plus optional status-update messages. Up to 5 messages per reservation.
- Cost: messages are sent at no charge by bookres, but standard message and data rates from your wireless carrier may apply.
- Keywords: reply STOP, UNSUBSCRIBE, CANCEL, END, or QUIT to unsubscribe from all bookres SMS at any time; reply HELP or INFO for assistance; reply START to re-subscribe after opting out. Carrier-handled commands take effect immediately.
- No sale or sharing (SMS data): phone numbers, SMS opt-in records, and SMS consent metadata are never sold, rented, leased, lent, traded, or shared with any third party or affiliate for marketing, promotional, advertising, lead-generation, or analytics purposes. Mobile information is shared only with: (a) the venue you booked with, who is the data controller for the reservation; (b) Telnyx and the underlying wireless carriers, strictly for the purpose of delivering the messages you opted in to receive; and (c) legal authorities when compelled by valid legal process. This carve-out applies to all of the data-sharing categories in Section 6.
- Carrier liability: bookres and your wireless carrier are not liable for delayed or undelivered messages.
The full SMS Messaging Policy, including the opt-in workflow, sample messages, opt-out handling, and program-operator information, is published at bookres.ai/sms-policy.
For SMS-related help, reply HELP to any message, or contact your venue directly. For privacy-related questions about SMS data, contact legal@bookres.ai.
6. Data Sharing
We do not sell your personal information. We may share your information with:
- Service providers: third-party services that help us operate the platform (e.g., AWS for hosting, Telnyx for SMS delivery, Stripe for payments via Stripe Connect, Google for calendar integration, Square for POS sync)
- Venue operators and their staff: when guests make reservations, reservation details are shared with the venue's authorized users
- Legal requirements: when required by law, regulation, or legal process
- Business transfers: in connection with a merger, acquisition, or sale of assets
SMS carve-out: none of the categories above include text-messaging originator opt-in data, SMS consent records, or mobile phone numbers used for SMS delivery. No mobile information will be shared with third parties or affiliates for marketing or promotional purposes, and SMS opt-in data is never shared with any third party for any purpose other than (a) the venue you booked with, (b) the carrier-level delivery providers strictly necessary to deliver the messages you opted in to receive, and (c) legal authorities when compelled by valid legal process. See Section 5 for the full SMS data-handling disclosure.
7. Data Security
We implement appropriate technical and organizational measures to protect your information, including encryption in transit (TLS) and at rest (AWS-managed encryption), access controls, audit logs, and regular security assessments. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.
8. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: request a copy of your personal data
- Correction: request correction of inaccurate or incomplete data
- Deletion: request deletion of your personal data
- Portability: request your data in a portable format
- Objection: object to certain processing of your data
To exercise these rights, contact us at legal@bookres.ai. If you are a venue guest, contact the venue directly first; they own your reservation data.
9. Cookies and Tracking
We use essential cookies to maintain your session and preferences. We may also use analytics cookies to understand how the Service is used. You can control cookie preferences through your browser settings.
10. Children's Privacy
The Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information.
11. Data Retention
We retain your information for as long as your account is active or as needed to provide the Service. Reservation records are typically retained for at least 7 years to comply with tax and audit requirements. You may request earlier deletion at any time, subject to legal retention obligations.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service and updating the effective date. Your continued use of the Service after changes constitutes acceptance of the updated policy.
13. Contact Us
If you have questions about this Privacy Policy, please contact us at:
bookres
Email: legal@bookres.ai