Privacy policy
Last updated: April 29, 2026
This notice explains how Rezerve One processes personal data when using the platform, the public booking flow, user accounts, notifications, support, security mechanisms and billing.
Controller and scope
- Operator
- Angelina Kuzlyakina
- Registered office
- Potocká 276/56, 623 00 Brno
- Company ID
- 19318154
- Register
- živnostenský rejstřík v České republice
When operating user accounts, authentication, security, abuse prevention, support, subscriptions, consent logs and the technical operation of the platform, the operator shown above acts as the controller of personal data.
For data that a business or branch enters into the platform about its customers, workers, services, availability and bookings, Rezerve One may act as a processor under that business's instructions. The business or branch itself remains responsible for its customer relationship, for the content of the data it enters into the platform and for the legal basis for processing in its own operation.
In the public booking flow, the platform technically facilitates the creation of a booking, but the actual service is provided by, and the responsibility for its performance remains with, the relevant branch or business.
Categories, purposes and recipients
We mainly process:
- identification and contact data such as first name, last name, email, phone and language,
- account data, role, settings, timezone, authentication methods and account status,
- booking data, service, worker, branch, time, status, customer note and change history,
- branch, worker, service, availability, pricing and internal settings data,
- technical and security data, for example the session cookie, short-lived authentication cookies, the IP address when protecting against abuse, error logs and security verifications,
- billing and subscription data, especially the plan, limits, subscription status and identifiers of the Merchant of Record provider.
We use the data to provide the platform, create and manage bookings, sign users in, send email and push notifications, provide support, ensure security, prevent abuse, manage subscriptions, administer the service and comply with legal obligations. The typical legal basis is performance of a contract, legitimate interest in the secure and reliable operation of the platform, or compliance with a legal obligation.
According to the current technical setup, processing may involve Railway for hosting and application infrastructure, PostgreSQL and Redis for the database and cache, Cloudflare including Turnstile and R2 for security verification and file storage, Resend for email delivery, Google for OAuth authentication, and Paddle as Merchant of Record for payments, taxes and invoicing. If personal data is disclosed or transferred outside the EEA, this happens only where an appropriate legal basis and suitable safeguards exist, for example under an adequacy decision or standard contractual clauses.
Retention and data subject rights
We keep data only for the period needed to provide the service, fulfil contractual and legal obligations, resolve security incidents and protect legal claims. Technical tokens and verification codes have a short validity period, the session cookie is limited by the duration of the account session, billing and tax data are retained for the period required by law, and database backups are retained according to the configured retention policy.
Booking, customer and branch operation data processed for a specific business or branch are kept according to that business's instructions, the contractual setup and the need for secure operation of the platform. When an account is deleted, the platform deactivates the account and anonymizes the sign-in email; some data may remain stored if needed for accounting, security, audit, dispute resolution or the legitimate interests of the branch.
You have the right to request access, correction, erasure, restriction of processing, data portability and to object to processing where those rights apply under the GDPR. If you believe we are not handling your data properly, you can contact us at [email protected] or lodge a complaint with the Czech Data Protection Authority.