Privacy Policy

Last updated: 2026-04-21

Data controller

[TO COMPLETE] The data controller is [À COMPLÉTER — raison sociale], whose details appear in the legal notice.

Data Protection Officer (DPO)

[TO COMPLETE] For any question about the processing of your data: dpo@alatap.com.

Collected data

[TO COMPLETE] At registration and during Service use, we collect: name, email, password (hashed), restaurant name, slug, billing info (via Stripe, not stored by us), booking data entered by your customers (name, phone, email, note, date).

Purposes

[TO COMPLETE] Data is processed to: (1) provide the Service, (2) bill subscriptions, (3) send transactional emails (verification, confirmations), (4) prevent fraud and abuse, (5) improve the product (anonymous aggregated statistics).

Legal basis

[TO COMPLETE] Contract performance (Terms) for Service delivery, legal obligation for accounting, legitimate interest for fraud prevention, explicit consent for optional communications.

Recipients

[TO COMPLETE] Data is processed in-house by ALATAP. Some operations are delegated to processors: [À COMPLÉTER — ex: OVH SAS] (hosting), Stripe (payment), Resend (transactional emails), Octopush (SMS).

Retention periods

[TO COMPLETE] Active account: for the duration of the contractual relationship. Deleted account: immediate anonymization, anonymous technical logs retained for 12 months. Billing: 10 years (accounting obligation).

Your rights

[TO COMPLETE] You have rights of access, rectification, erasure, portability, objection, and restriction. Exercisable by email at dpo@alatap.com.

Transfers outside the EU

[TO COMPLETE] Some processors (Stripe, Resend) operate in the United States. Those transfers are governed by the European Commission Standard Contractual Clauses.

Cookies

For more information on cookies used, see the Cookies page.

Complaint

You may lodge a complaint with the French supervisory authority (CNIL): cnil.fr.