Skip to main content

Privacy and GDPR

RestaPro is a service of M3 Estrategia SL (Tax ID B72801020). We comply with GDPR by design, and this document explains how.

Data we collect

From the end customer (diner)

  • Identification: name, phone, email.
  • Reservation history: date, time, party size, status.
  • Multiple identities: if they use several phones/emails, we link to the same profile.
  • Marketing events (if they consented): visits to /c/:slug, clicks, UTM.
  • Explicit consent to marketing cookies (Meta Pixel, GA).

From the restaurant owner / team

  • Email, name, phone.
  • Restaurant data (address, hours, tables).
  • Billing data (processed by Stripe, not by RestaPro).
  • Marketing and branding configuration.
  • Activity logs (who, when, what changed).

Where the data lives

  • Supabase in AWS Frankfurt (EU).
  • PostgreSQL with at-rest encryption.
  • Storage in EU for logos and images.
  • No transfers outside the EU without DPA.

Multi-tenant isolation: RLS

PostgreSQL Row Level Security guarantees that each workspace only sees its own data. A restaurant owner from Restaurant A cannot query Restaurant B's customers (different workspace), even though both share the same DB.

Policies filter at the DBMS layer:

USING (workspace_id IN (SELECT public.get_user_workspace_ids(auth.uid())))

Even with a stolen JWT, the DB rejects rows that don't belong to them.

Encryption

  • In transit: HTTPS/TLS 1.3 with Let's Encrypt certificates.
  • At rest: volume encryption in Supabase.
  • Passwords: bcrypt (not reversible).
  • Secrets: Supabase Vault (Stripe, Gemini, Resend keys).

End-customer rights

Access (Art. 15)

The restaurant owner exports the customer's data from the card in JSON: profile, identities, reservations, email logs, campaigns received.

Rectification (Art. 16)

The restaurant owner edits name, phone, or email from the card. Changes audited in activity_log.

Erasure (Art. 17)

The restaurant owner runs GDPR delete from the card. Process atomically:

  1. Anonymizes email/phone in reservations (keeps the row for audit/accounting).
  2. Anonymizes email_logs, email_queue, marketing_campaign_sends.
  3. Deletes customer_identities.
  4. Deletes the customer.
  5. Records in activity_log.

The customer shows as "Deleted" on past reservations.

Portability (Art. 20)

The JSON export satisfies the right to portability.

Objection (Art. 21)

The customer can reject marketing cookies in the banner on /c/:slug. Their preference is saved in sessionStorage and marketing_events records consented: false. No effect on the operational reservation functionality.

  • session_id (temporary browser session)
  • Supabase Auth JWT
  • Meta Pixel: _fbp, _fbc
  • Google Analytics: _ga, _gid

The banner appears when loading /c/:slug. The user picks accept or reject.

Email communications

  • Transactional (confirmation, reminder, cancellation): sent without additional consent, legal basis of legitimate interest (fulfilling the reservation).
  • Marketing (campaigns, newsletters): only to customers with a registered email (via reservation). Each email carries an unsubscribe link (List-Unsubscribe RFC 5322). RestaPro maintains email_unsubscribes and respects opt-out on future campaigns.

Subprocessors

SubprocessorDataLocationDPA
SupabaseWhole DB and storageEU (Frankfurt)yes - GDPR
StripePayments, billingUSAyes - GDPR + SOC 2
ResendSent emailsUSAyes - GDPR
Google GeminiPinche promptsUSAyes - GDPR (no-train)
SentryErrors and debuggingUSAyes - GDPR
CloudflareAsset CDNGlobalyes - GDPR

Data retention

TypeRetentionReason
Active customerIndefinite until deletion requestRelationship management
Historical reservationsIndefinite (anonymized if GDPR delete)Audit/statistics
Email logs1 yearTraceability
Pinche chat logs30 daysSupport and debugging
Activity logs2 yearsCompliance
Billing data6 yearsSpanish tax obligation

Security

  • 2FA available for accounts (TOTP).
  • Auditable activity logs.
  • Backups daily with 30-day retention.
  • Disaster recovery: under 4 h.

Contact

Data Controller:

  • M3 Estrategia SL - Tax ID B72801020
  • C/ Tomás Bretón 19, 28400 Collado Villalba, Madrid (Spain)
  • Email: privacy@m3estrategia.com

Response window for GDPR requests: 30 calendar days.

If you're not satisfied with the response: Spanish Data Protection Agency (AEPD) - aepd.es.

Changes to this policy

We notify material changes by email to registered accounts and publish this updated page. Last revision: May 2026.

ESENCA