Callyndar logoCallyndar← Back to home

Legal

Privacy Policy

Last updated: March 9, 2026

1. Who We Are

Callyndar ("we", "our", "us") is a SaaS reservation platform for the hospitality industry. We help restaurants, clinics, salons, and other service-based businesses manage bookings, guest data, and operations through a single cloud-based dashboard.

Data Controller: Callyndar B.V.
Email: privacy@callyndar.com

2. Data We Collect

We collect and process the following categories of personal data:

  • Account data: Name, email address, password (hashed), and organization details when you register.
  • Restaurant data: Restaurant name, address, operating hours, and configuration settings you provide.
  • Guest booking data: Guest first and last names, email, phone number, party size, reservation date/time, and special requests. This data is entered by your guests via the booking widget.
  • Usage data: Pages visited, feature usage, browser type, IP address, and other technical identifiers collected via logs.
  • Billing data: Payment method details (handled by Stripe — we do not store raw card numbers).

3. Legal Basis for Processing

We process your data on the following legal bases:

  • Contract performance: To deliver the reservation management services you subscribed to.
  • Legitimate interests: To improve our platform, prevent fraud, and ensure security.
  • Consent: For marketing communications (you may withdraw consent at any time).
  • Legal obligation: To comply with applicable laws and regulations.

4. How We Use Your Data

  • Provide, operate, and improve the Callyndar platform.
  • Send transactional emails (booking confirmations, password resets).
  • Process billing and subscriptions via Stripe.
  • Respond to support requests.
  • Perform analytics to improve the product (aggregated, anonymized).
  • Comply with legal obligations.

5. Data Sharing & Sub-Processors

We do not sell your data. We share data only with trusted sub-processors necessary to deliver our service:

  • SupabaseDatabase and authentication infrastructure (EU region).
  • StripePayment processing.
  • VercelHosting and content delivery.
  • ResendTransactional email delivery.

All sub-processors are bound by data processing agreements and provide appropriate safeguards.

6. Data Retention

We retain your account data for as long as your account is active or as needed to provide services. Upon account deletion, all personal data is permanently removed within 30 days, except where retention is required by law (e.g., tax records). Guest booking data is retained for up to 12 months after the last activity, unless you delete it manually.

7. Your Rights (GDPR)

Under GDPR, you have the right to:

  • Access your personal data held by us.
  • Rectify inaccurate or incomplete data.
  • Erase your data ("right to be forgotten").
  • Restrict processing in certain circumstances.
  • Port your data in a structured, machine-readable format.
  • Object to processing based on legitimate interests.
  • Withdraw consent at any time where consent is the legal basis.

To exercise your rights, contact us at privacy@callyndar.com. We will respond within 30 days.

8. Security

We implement industry-standard security measures including encrypted connections (TLS 1.3), row-level security in our database, hashed passwords (bcrypt), and regular access audits. While no system is 100% secure, we continuously work to protect your data.

9. Cookies

We use strictly necessary cookies to maintain your authenticated session and locale preferences. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. No cookie consent banner is required under current EU guidelines for strictly necessary cookies.

10. Changes to This Policy

We may update this policy from time to time. When we do, we will revise the "last updated" date at the top. For material changes, we will notify active account holders by email.