← Back to Prenota

Privacy Policy

Effective 6 July 2026 · Last updated 6 July 2026

Template for review. This policy is a starting point and should be reviewed by qualified legal counsel and completed with your legal entity details before you rely on it in production.

This Privacy Policy explains how Prenota (“Prenota”, “we”, “us”) collects, uses, and protects personal information when you use our booking platform, websites, and related services (the “Service”). Prenota provides software that lets businesses (“Operators”) take and manage bookings from their customers (“Guests”).

Our role

For information about Operators and how we run the Service, Prenota acts as a data controller. For Guest information that an Operator collects through Prenota to run their own business, Prenota acts as a data processor on that Operator’s behalf; the Operator is the controller of their Guests’ data and responsible for their own privacy notices.

Information we collect

Operator account data: name, business name, email, and settings you provide when you create and configure an account.
Guest booking data: name, email, phone, and the details of a booking (experience, date, party size, add-ons, waivers, and any notes or consents provided at checkout).
Payment data: payments are processed by Stripe. We do not store full card numbers; we retain transaction references and status.
Usage data: limited technical data (such as device and log information) and strictly necessary cookies required to operate the Service.

How we use information

To provide and operate the Service; to process bookings and payments; to send transactional messages such as booking confirmations, reminders, and review requests; to provide support; to keep the Service secure and prevent abuse; and to comply with our legal obligations.

Sub-processors we share data with

We rely on trusted providers to run the Service, including: Supabase (database and hosting), Stripe (payment processing), our email and SMS delivery providers, and our AI providers for optional assistant features. Each is bound by a data processing agreement and processes data only to provide their service to us.

Cookies

We use only strictly necessary cookies to keep you signed in and operate the Service. We do not use advertising cookies.

Data retention & deletion

We retain personal information for as long as needed to provide the Service and to meet legal, accounting, and reporting requirements. Guests may request deletion of their personal information by contacting the Operator they booked with or by emailing us at the address below; we will action or forward the request to the relevant Operator.

Your rights

Depending on your location, you may have rights to access, correct, delete, or port your personal information, and to object to or restrict certain processing (for example under the GDPR or CCPA). To exercise these rights, contact us using the details below. For Guest data held on an Operator’s behalf, we will assist that Operator in responding to your request.

Security

We protect data with encryption in transit and at rest, strict per-account access controls (row-level security), and least-privilege access to sensitive operations. No system is perfectly secure, but we work continuously to protect your information.

International transfers

Your information may be processed in countries other than your own. Where required, we put in place appropriate safeguards for such transfers.

Children

The Service is not directed to children and is not intended for anyone under 16. We do not knowingly collect personal information from children.

Changes

We may update this policy from time to time. We will post the updated version here and revise the “Last updated” date above.

Contact

Questions about this policy or your data? Email [privacy@prenota.example]. Legal entity and registered address: [Company legal name and address].

See also our Terms of Service.