Skip to main content

New landing, polished billing, and security hardening

RestaPro Team
Product & Platform

A long polish sprint: new public site, friendlier billing, and a serious security pass. If you have not visited restapro.es in a while, it is a different page now.

New public landing

We rewrote restapro.es end to end. The big calls:

  • "For restaurant owners" block at the top, not for investors or journalists.
  • Real screenshots of the app, not Figma mockups.
  • Visible pricing, no "contact sales". What the page says is what you pay.
  • Transparent comparison with TheFork and Resy.

restapro.es/legal now also includes:

  • Cookie policy with a specific breakdown of which we use and which we do not (we run no third-party analytics on public pages).
  • Legal notice with tax ID and registered address.
  • Terms of service for end users (the guests who book).
  • Personal data policy with clear GDPR rights.

Billing with Stripe portal

If you pay for RestaPro, in Workspace → Billing you will see a "Manage subscription" button that takes you to the Stripe Customer Portal:

  • Change payment method, download invoices, view history.
  • It is Stripe's portal, not one we built. Card data never passes through RestaPro.

Security hardening

A serious pass under the hood (invisible, but you feel it):

  • Rate limiting on public endpoints so no bot can take down a restaurant's page.
  • Strict input validation on public forms.
  • CSP (Content Security Policy) tightened to limit which scripts can run.
  • Security headers in nginx (HSTS, X-Frame-Options, X-Content-Type-Options).
  • Webhooks signed with rotatable secrets.

Review marketing + test coverage

As a bonus: we shipped the review marketing flow integrated with Google and pushed test coverage up to 72% to reduce regressions.

ESENCA