Privacy and GDPR
RestaPro is a service of M3 Estrategia SL (Tax ID B72801020). We comply with GDPR by design, and this document explains how.
Data we collect
From the end customer (diner)
- Identification: name, phone, email.
- Reservation history: date, time, party size, status.
- Multiple identities: if they use several phones/emails, we link to the same profile.
- Marketing events (if they consented): visits to
/c/:slug, clicks, UTM. - Explicit consent to marketing cookies (Meta Pixel, GA).
From the restaurant owner / team
- Email, name, phone.
- Restaurant data (address, hours, tables).
- Billing data (processed by Stripe, not by RestaPro).
- Marketing and branding configuration.
- Activity logs (who, when, what changed).
Where the data lives
- Supabase in AWS Frankfurt (EU).
- PostgreSQL with at-rest encryption.
- Storage in EU for logos and images.
- No transfers outside the EU without DPA.
Multi-tenant isolation: RLS
PostgreSQL Row Level Security guarantees that each workspace only sees its own data. A restaurant owner from Restaurant A cannot query Restaurant B's customers (different workspace), even though both share the same DB.
Policies filter at the DBMS layer:
USING (workspace_id IN (SELECT public.get_user_workspace_ids(auth.uid())))
Even with a stolen JWT, the DB rejects rows that don't belong to them.
Encryption
- In transit: HTTPS/TLS 1.3 with Let's Encrypt certificates.
- At rest: volume encryption in Supabase.
- Passwords: bcrypt (not reversible).
- Secrets: Supabase Vault (Stripe, Gemini, Resend keys).
End-customer rights
Access (Art. 15)
The restaurant owner exports the customer's data from the card in JSON: profile, identities, reservations, email logs, campaigns received.
Rectification (Art. 16)
The restaurant owner edits name, phone, or email from the card. Changes audited in activity_log.
Erasure (Art. 17)
The restaurant owner runs GDPR delete from the card. Process atomically:
- Anonymizes email/phone in reservations (keeps the row for audit/accounting).
- Anonymizes email_logs, email_queue, marketing_campaign_sends.
- Deletes customer_identities.
- Deletes the customer.
- Records in activity_log.
The customer shows as "Deleted" on past reservations.
Portability (Art. 20)
The JSON export satisfies the right to portability.
Objection (Art. 21)
The customer can reject marketing cookies in the banner on /c/:slug. Their preference is saved in sessionStorage and marketing_events records consented: false. No effect on the operational reservation functionality.
Cookie policy
Functional (no consent required)
session_id(temporary browser session)- Supabase Auth JWT
Marketing (consent required)
- Meta Pixel:
_fbp,_fbc - Google Analytics:
_ga,_gid
The banner appears when loading /c/:slug. The user picks accept or reject.
Email communications
- Transactional (confirmation, reminder, cancellation): sent without additional consent, legal basis of legitimate interest (fulfilling the reservation).
- Marketing (campaigns, newsletters): only to customers with a registered email (via reservation). Each email carries an unsubscribe link (
List-UnsubscribeRFC 5322). RestaPro maintainsemail_unsubscribesand respects opt-out on future campaigns.
Subprocessors
| Subprocessor | Data | Location | DPA |
|---|---|---|---|
| Supabase | Whole DB and storage | EU (Frankfurt) | yes - GDPR |
| Stripe | Payments, billing | USA | yes - GDPR + SOC 2 |
| Resend | Sent emails | USA | yes - GDPR |
| Google Gemini | Pinche prompts | USA | yes - GDPR (no-train) |
| Sentry | Errors and debugging | USA | yes - GDPR |
| Cloudflare | Asset CDN | Global | yes - GDPR |
Data retention
| Type | Retention | Reason |
|---|---|---|
| Active customer | Indefinite until deletion request | Relationship management |
| Historical reservations | Indefinite (anonymized if GDPR delete) | Audit/statistics |
| Email logs | 1 year | Traceability |
| Pinche chat logs | 30 days | Support and debugging |
| Activity logs | 2 years | Compliance |
| Billing data | 6 years | Spanish tax obligation |
Security
- 2FA available for accounts (TOTP).
- Auditable activity logs.
- Backups daily with 30-day retention.
- Disaster recovery: under 4 h.
Contact
Data Controller:
- M3 Estrategia SL - Tax ID B72801020
- C/ Tomás Bretón 19, 28400 Collado Villalba, Madrid (Spain)
- Email:
privacy@m3estrategia.com
Response window for GDPR requests: 30 calendar days.
If you're not satisfied with the response: Spanish Data Protection Agency (AEPD) - aepd.es.
Changes to this policy
We notify material changes by email to registered accounts and publish this updated page. Last revision: May 2026.