Last updated: 28 May 2026 · Effective: 28 May 2026
This Privacy Policy explains how EasyReza ("EasyReza", "we", "us") collects, uses, shares and protects personal data when you visit our website, sign up for an account, or make a reservation through a restaurant that uses EasyReza.
We comply with the Swiss Federal Act on Data Protection (revFADP, in force since 1 September 2023) and, where applicable, the EU General Data Protection Regulation (GDPR).
EasyReza is currently operated by an individual data controller based in Valais, Switzerland, acting as a sole proprietorship (raison individuelle).
Trading name: EasyReza
Jurisdiction: Canton of Valais, Switzerland
Privacy contact: privacy@easyreza.com
General contact: hello@easyreza.com
Transparency notice. The full legal name and registered address of the controller are not published on this page for personal privacy reasons but are available on request by emailing privacy@easyreza.com. We will respond within 5 working days.
EasyReza is in the process of being incorporated as a Swiss limited liability company (Sàrl). Once incorporated, this section will be updated to publish the company name, registered address and commercial register (CHE) number.
We have not appointed a Data Protection Officer. Privacy enquiries are handled directly by the controller via the email address above.
EasyReza is used by two distinct groups of people, and our legal role differs accordingly:
For privacy questions about a specific reservation, contact the restaurant directly. We will support the restaurant in fulfilling your request as required by law.
We do not knowingly collect data revealing racial or ethnic origin, political opinions, religious beliefs, genetic or biometric data, or other special-category data within the meaning of GDPR Art. 9 / revFADP Art. 5(c). Allergy information disclosed in a reservation is treated as sensitive and is only used to serve you.
| Purpose | Legal basis (GDPR / revFADP) |
|---|---|
| Create and operate your restaurant account; provide the reservation management service | Performance of contract (Art. 6(1)(b) GDPR / revFADP Art. 31(2)(a)) |
| Process reservations on behalf of the restaurant; send booking confirmations and reminders | Contract with the restaurant (Art. 6(1)(b) GDPR); for guests, the restaurant's legal basis applies |
| Security, fraud prevention, abuse detection, audit logs | Legitimate interests (Art. 6(1)(f) GDPR) |
| Service improvement, debugging, anonymised analytics | Legitimate interests; for non-essential analytics cookies, your consent (Art. 6(1)(a) GDPR) |
| Comply with Swiss tax, accounting and other legal obligations | Legal obligation (Art. 6(1)(c) GDPR; Swiss CO Art. 958f) |
| Marketing emails (newsletters, product updates) to restaurant clients | Your consent, or legitimate interest in existing-customer communications (with an opt-out in every email) |
We rely on a small set of vetted service providers ("subprocessors") to operate EasyReza. Each is bound by a written data processing agreement and confidentiality obligations.
| Provider | Purpose | Hosting location |
|---|---|---|
| Supabase, Inc. | Database, authentication, file storage | Switzerland (Zurich region) — data stays in Switzerland |
| Vercel, Inc. | Application hosting, edge network, privacy-friendly analytics | European edge regions; control plane in the United States |
| Twilio SendGrid, Inc. | Transactional email delivery (booking confirmations, account emails) | United States |
We may disclose personal data to: (a) competent authorities where required by law or court order; (b) professional advisors (lawyers, accountants) under confidentiality; and (c) a successor entity in the context of a merger, acquisition or asset sale, in which case you will be notified.
We do not sell personal data. We do not engage in targeted advertising or profiling for advertising purposes.
Our primary data store (Supabase) is hosted in Switzerland, which the EU recognises as offering an adequate level of data protection and which is the home jurisdiction for restaurant clients in Switzerland.
Some subprocessors (Vercel, SendGrid) are US-based or may process limited operational data in the United States. Where transfers of personal data outside Switzerland/EEA occur, we rely on:
A copy of the relevant transfer mechanism is available on request at privacy@easyreza.com.
| Data category | Retention period |
|---|---|
| Restaurant account & profile | For the lifetime of the account, plus 12 months after closure |
| Guest reservation data | 24 months after the reservation date, unless the restaurant configures a shorter period |
| Billing, invoices & accounting records | 10 years (Swiss Code of Obligations, Art. 958f) |
| Security & audit logs | 12 months |
| Support correspondence | 36 months from last interaction |
When the retention period ends, data is deleted or irreversibly anonymised.
Subject to the conditions of the revFADP and GDPR, you have the following rights regarding your personal data:
To exercise any of these rights, email privacy@easyreza.com. We respond within 30 days; complex requests may be extended once by an additional 60 days with notice.
We implement technical and organisational measures appropriate to the risk, including:
If a personal data breach is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority within 72 hours where required, and inform affected individuals without undue delay.
No system can guarantee absolute security. You are responsible for keeping your account credentials confidential.
EasyReza is intended for restaurant professionals and adult diners. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us and we will delete it.
You always have the right to lodge a complaint with a competent data protection authority:
We would appreciate the chance to address your concerns first — please email us at privacy@easyreza.com before escalating.
We may update this Privacy Policy from time to time to reflect changes in our service, in applicable law, or in subprocessor arrangements. Material changes will be notified by email to active restaurant account holders or by an in-product notice at least 30 days before they take effect. Non-material changes (typos, clarifications) take effect on publication. The "Last updated" date at the top of this page always reflects the current version.
For any question relating to this Privacy Policy or our handling of your personal data, please write to privacy@easyreza.com.