Privacy Policy

Last updated: December 1, 2025

1. Overview

At ReservDM, we respect your privacy and are committed to protecting your personal data. This Privacy Policy is prepared in accordance with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

This policy explains what information we collect when you use our services, how we use it, who we share it with, and your rights.

2. Data Controller

The data controller responsible for processing your personal data is:

Harun Öztürk (ReservDM) Email: [email protected]

3. Personal Data We Collect

We may collect the following categories of personal data:

3.1 Identity Data • First name and last name • Government ID (only when legally required)

3.2 Contact Data • Email address • Phone number • Postal address

3.3 Business Data • Business name and legal entity • Tax identification number • Business address and contact details • Industry and business type

3.4 Customer and Appointment Data • Your customers' names, phone numbers, and emails • Appointment history and preferences • Service notes and special requests

3.5 Financial Data • Payment method information • Billing address • Transaction history

3.6 Technical Data • IP address • Browser type and version • Operating system • Device identifiers • Login data

3.7 Usage Data • Your interactions on our platform • Click and navigation data • Feature usage statistics • Error reports

4. How We Collect Data

We collect your personal data through:

• Direct Provision: Information you provide when registering, filling forms, or contacting us • Automatic Collection: Data collected through cookies and similar technologies when using our website and application • Third-Party Sources: From connected services like payment providers and calendar integrations

5. Purposes of Processing

We process your personal data for the following purposes:

5.1 Service Delivery • Account creation and management • Providing appointment management services • Verifying phone numbers for online bookings • Sending automated email reminders and notifications

5.2 Customer Relations • Providing technical support • Responding to your inquiries • Evaluating feedback

5.3 Payment and Billing • Processing payments • Issuing invoices • Managing subscriptions

5.4 Security and Fraud Prevention • Detecting and preventing unauthorized access • Ensuring account security • Monitoring fraudulent activities

5.5 Service Improvement • Usage analysis and statistics • Developing new features • Improving user experience

5.6 Legal Obligations • Compliance with regulations • Providing information to authorities • Audit and reporting requirements

6. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide our services • Legitimate Interest: Running our business, ensuring security, and improving services • Legal Obligation: Tax, accounting, and other legal compliance • Consent: Marketing communications and optional services

7. Data Retention Periods

We retain your personal data only as long as necessary:

• Account Data: For as long as your account is active + 2 years after deletion • Financial Data: For the statutory retention period (7-10 years) • Communication Records: 3 years • Technical Logs: 1 year • Marketing Preferences: Until consent is withdrawn

Data past its retention period is securely deleted or anonymized.

8. Data Security Measures

We implement comprehensive security measures to protect your data:

8.1 Technical Measures • 256-bit SSL/TLS encryption (in transit) • Passwords stored as irreversible hashes • Secure data-center infrastructure • Regular security reviews and updates • DDoS protection systems • Automatic backup and disaster recovery

8.2 Organizational Measures • Access control and authorization systems • Incident response procedures

9. Data Sharing and Transfers

We do not sell your personal data. We may share your data only in these cases:

9.1 Service Providers (Data Processors) • Hosting and network security providers • Payment infrastructure provider • Email delivery services • Privacy-friendly, cookieless analytics (no identifying data)

9.2 Business Partners • Phone verification service provider • Calendar integrations (Google, Microsoft)

9.3 Legal Requirements • Court orders and official requests • Law enforcement investigations • Regulatory body audits

9.4 International Transfers Your data may be transferred outside the EEA. In such cases: • Standard Contractual Clauses (SCCs) are used • Transfers are made to adequacy decision countries • Additional security measures are implemented

10. Cookie Policy

We use various cookies on our website:

10.1 Essential Cookies • Session management • Security tokens • Language and region preferences These cookies are necessary for the service and cannot be disabled.

10.2 Performance Cookies • Page load times • Error tracking • Usage statistics

10.3 Functional Cookies • User preferences • Customization settings • Form auto-fill

10.4 Analytics • We use privacy-friendly, cookieless analytics • No personally identifying data is collected

You can manage cookie preferences through browser settings or our cookie management panel.

11. Your GDPR Rights

Under the General Data Protection Regulation, you have the following rights:

• Right to Information: Know whether your data is being processed • Right of Access: Access and request copies of your data • Right to Rectification: Request correction of inaccurate data • Right to Erasure: Request deletion of your data • Right to Restrict Processing: Limit processing in certain cases • Right to Object: Object to processing based on legitimate interest • Right to Data Portability: Receive your data in a structured format • Right to Object to Automated Decisions: Challenge decisions made solely by automated processing • Right to Complain: Lodge a complaint with a supervisory authority

To exercise your rights: [email protected]

12. California Privacy Rights (CCPA)

California residents have additional rights under CCPA:

• Right to Know: Categories and specific pieces of personal information collected • Right to Delete: Request deletion of personal information • Right to Opt-Out: Opt out of sale of personal information (we do not sell data) • Right to Non-Discrimination: Equal service regardless of privacy choices

To exercise CCPA rights: [email protected]

13. Children's Privacy

Our services are not directed at individuals under 18 years of age. We do not knowingly collect personal data from children under 18. If you become aware that a child has provided us with personal data, please contact us immediately; we will delete such data promptly.

14. Policy Changes

We may update this privacy policy from time to time. When significant changes occur:

• We publish the updated text on our website • We send email notifications • We show in-app notifications

Changes become effective after publication. Continued use of our services means acceptance of the updated policy.

15. Contact

For questions about our privacy policy or your personal data:

General Inquiries and Data Requests Email: [email protected]

We will respond to your inquiries within 30 days.