Reservics operated by Aethonic

Privacy policy

Last updated: 2026-05-16

1. Who this policy is for

This policy describes how Reservics (the "app", "we", "us") processes personal data on behalf of the merchants who install it on their Shopify stores. When you book a table on a storefront powered by Reservics, the merchant is the data controller and Reservics is the processor acting under their instructions. Contact the merchant directly for any rights request relating to a specific reservation.

2. What data we process

From diners (your customers)

• Name
• Email address
• Phone number (when collected)
• Party size
• Reservation date, start time, end time
• Special requests / notes typed into the booking form
• Answers to merchant-defined custom form fields (e.g. dietary preferences)
• The Shopify-issued shopify_customer_id when the diner is also a Shopify customer of the same shop

From merchants (shop installation)

• Shopify shop domain (e.g. your-store.myshopify.com)
• Shop owner email (as provided by Shopify on install)
• The Shopify OAuth access token, encrypted at rest with AES-256 via the application key
• Merchant-configured app settings: form schema, email templates, branding colours, notification recipients
• Operating hours and capacity rules for each restaurant location

We do not store

• Payment card data — deposits are handled inside Shopify Checkout, which never exposes card details to us
• Marketing identifiers / advertising cookies — the storefront widget sets no cookies
• IP-address logs beyond the standard webserver access log retained for 14 days for abuse detection

3. Why we process it

• To create, edit, and cancel reservations
• To send the diner the confirmation, reschedule, cancellation, and reminder emails the merchant has configured
• To alert merchant staff about new bookings and cancellations when they've opted in
• To compute capacity and availability across the restaurant's calendar
• To mirror the diner into the merchant's Shopify customer list so the merchant can issue refunds, view spend, and run their own segmentation
• To collect the deposit invoice via Shopify Checkout when the merchant has enabled deposits

4. Legal basis

• Contract performance for the booking flow — the diner submits a request, we and the merchant fulfil it.
• Legitimate interest of the merchant for limited operational logging (delivery status, capacity reports).
• Consent for any custom marketing-style fields the merchant adds to the form (the merchant is responsible for capturing that consent in the field's label).

5. Where data is stored and who can see it

• Reservation data is stored in the Reservics application database, hosted on infrastructure managed by the app operator. Data at rest is encrypted by the cloud provider; the Shopify OAuth token is additionally encrypted at the application layer.
• Sub-processors:
  • Shopify Inc. — the embedded platform, App Bridge, Checkout, Customer API, and the GDPR-webhook delivery channel.
  • The merchant's outbound email provider — the merchant configures SMTP themselves; we hand off the rendered email body to that provider for delivery.
  • The cloud hosting provider the app operator uses for runtime + database storage.
• Access inside Reservics is limited to the merchant's authenticated session (Shopify App Bridge JWT) and the staff members the merchant invites. Reservics engineers may access production data only for debugging with the merchant's prior consent.

6. Retention

• Reservation rows are retained for as long as the merchant has Reservics installed.
• When the merchant uninstalls, Shopify fires the shop/redact webhook 48 hours later. We cascade-delete the shop's user record, which removes every restaurant, reservation, operating-hour, capacity-override, and staff record in the same transaction.
• When a diner requests erasure of their data (via Shopify's privacy request flow), Shopify fires customers/redact. We anonymise the matching reservations within 48 hours — the row is kept (so historical capacity reports remain accurate) but every identifying column (name, email, phone, notes, Shopify customer id) is wiped or replaced with redacted placeholders.
• Failed-job records (queue retries, transient errors) are pruned after 14 days.

7. Your rights

If you booked a table at a Reservics-powered restaurant and want to exercise your rights, the fastest path is through Shopify's privacy request flow on the merchant's storefront. The merchant will forward the request to us through Shopify's signed-webhook channel, and we'll honour it within the statutory deadline (30 days for access requests; 48 hours for erasure requests as allowed by Shopify's grace window).

You may also contact the merchant directly. They are the data controller and can produce the data we hold on their behalf.

8. International transfers

Where data crosses borders (for example, Shopify's global infrastructure relays a webhook from an EU shop to a US-hosted Reservics instance), we rely on Shopify's standard contractual terms and on the equivalent mechanisms our hosting provider offers.

9. Security

• TLS for every HTTP request, end to end.
• OAuth tokens encrypted with AES-256 via the application key, never logged.
• HMAC signature verification on every Shopify-originated request (App Proxy, webhooks).
• Rate limiting on public storefront endpoints, keyed on (IP, shop).
• Database access scoped to the authenticated shop on every query; reviewers have confirmed cross-shop access returns a 404 with no information leak.

10. Changes to this policy

Material changes are announced in the app's release notes and via the shop owner's email on file. Continued use after the effective date of an update constitutes acceptance.

11. Contact

For privacy questions about the Reservics app itself (not a specific booking), email the address listed on our App Store listing's Support field.

---

Reservics — Restaurant reservation app for Shopify · operated by Aethonic · Terms of Service