Privacy Policy
Effective 6 July 2026 · Last updated 6 July 2026
This Privacy Policy explains how Prenota (“Prenota”, “we”, “us”) collects, uses, and protects personal information when you use our booking platform, websites, and related services (the “Service”). Prenota provides software that lets businesses (“Operators”) take and manage bookings from their customers (“Guests”).
Our role
For information about Operators and how we run the Service, Prenota acts as a data controller. For Guest information that an Operator collects through Prenota to run their own business, Prenota acts as a data processor on that Operator’s behalf; the Operator is the controller of their Guests’ data and responsible for their own privacy notices.
Information we collect
Operator account data: name, business name, email, and settings you provide when you create and configure an account.
Guest booking data: name, email, phone, and the details of a booking (experience, date, party size, add-ons, waivers, and any notes or consents provided at checkout).
Payment data: payments are processed by Stripe. We do not store full card numbers; we retain transaction references and status.
Usage data: limited technical data (such as device and log information) and strictly necessary cookies required to operate the Service.
How we use information
To provide and operate the Service; to process bookings and payments; to send transactional messages such as booking confirmations, reminders, and review requests; to provide support; to keep the Service secure and prevent abuse; and to comply with our legal obligations.
Sub-processors we share data with
We rely on trusted providers to run the Service, including: Supabase (database and hosting), Stripe (payment processing), our email and SMS delivery providers, and our AI providers for optional assistant features. Each is bound by a data processing agreement and processes data only to provide their service to us.
Cookies
We use only strictly necessary cookies to keep you signed in and operate the Service. We do not use advertising cookies.
Data retention & deletion
We retain personal information for as long as needed to provide the Service and to meet legal, accounting, and reporting requirements. Guests may request deletion of their personal information by contacting the Operator they booked with or by emailing us at the address below; we will action or forward the request to the relevant Operator.
Your rights
Depending on your location, you may have rights to access, correct, delete, or port your personal information, and to object to or restrict certain processing (for example under the GDPR or CCPA). To exercise these rights, contact us using the details below. For Guest data held on an Operator’s behalf, we will assist that Operator in responding to your request.
Security
We protect data with encryption in transit and at rest, strict per-account access controls (row-level security), and least-privilege access to sensitive operations. No system is perfectly secure, but we work continuously to protect your information.
International transfers
Your information may be processed in countries other than your own. Where required, we put in place appropriate safeguards for such transfers.
Children
The Service is not directed to children and is not intended for anyone under 16. We do not knowingly collect personal information from children.
Changes
We may update this policy from time to time. We will post the updated version here and revise the “Last updated” date above.
Contact
Questions about this policy or your data? Email [privacy@prenota.example]. Legal entity and registered address: [Company legal name and address].
See also our Terms of Service.