Privacy Policy | La Napa Reservations

# Privacy Policy — La Napa Reservations

**Last updated:** 2026-04-29

La Napa Reservations ("we," "us") is a restaurant reservation management platform. This policy explains what personal data we collect, why, how long we keep it, and how you can exercise your rights.

## 1. What we collect

| Data category | Examples | Source |
|---|---|---|
| Identity | First name, last name | Account creation, reservation booking, voice call |
| Contact | Email address, phone number(s) | Account creation, reservation booking |
| Dietary & preferences | Dietary restrictions, seating preferences, special request notes | Guest profile, reservation notes, voice transcripts |
| Reservation history | Dates, party sizes, table assignments, statuses, cancellation reasons | Booking activity |
| Payment references | Stripe customer ID, payment method tokens, deposit amounts | Stripe (we never store full card numbers) |
| Voice transcripts | Call recordings transcribed to text, AI-generated summaries | Vapi voice AI phone agent |
| Device & access | IP address, login timestamps | Server logs, audit trail |
| Order history | Items ordered, amounts (synced from Toast POS) | Toast integration |

## 2. How we use it

- **Booking operations:** Confirm reservations, assign tables, manage waitlists, send SMS/email reminders.
- **Voice AI:** Our phone agent uses your name and phone to identify you, check availability, and create or modify reservations on your behalf.
- **SMS & email:** Send booking confirmations, 24-hour reminders, deposit payment links, and cancellation notices.
- **Guest profiles:** Track visit history, preferences, and dietary needs so the restaurant can provide personalized service.
- **Payments:** Capture no-show deposits and process pre-order payments via Stripe.
- **Security & abuse prevention:** Rate limiting, audit logging, error monitoring.

## 3. Sub-processors

We share data with third-party services only as needed to operate the platform. See our full [Subprocessor List](./SUBPROCESSORS.md) for details, DPA status, and jurisdictions.

## 4. Data retention

| Data type | Retention period | Rationale |
|---|---|---|
| Voice transcripts & summaries | 30 days after call | Sufficient for dispute resolution |
| Audit logs | 1 year | Security and compliance investigations |
| Reservation records | 7 years | Restaurant accounting and tax obligations |
| Guest profiles | Until account deletion or restaurant request | Operational need |
| Deleted user accounts | Soft-deleted immediately; hard-purged after 90 days | Allow undo window, then permanent removal |

## 5. Your rights

You have the right to access, correct, delete, or export your personal data.

**In-app deletion:** Staff users can delete their account at Settings > Account > Danger Zone > Delete Account. This immediately:
- Deactivates your login (password blanked, session invalidated)
- Anonymizes your linked guest record (name, email, phone removed)
- Preserves reservation history in de-identified form for restaurant audit needs

**Ad-hoc requests:** Email info@lanapamarket.com for:
- Data access (we'll provide a JSON export within 30 days)
- Data portability
- Correction of inaccurate records
- Erasure requests beyond what the in-app flow covers
- Objection to processing

**For EU residents (GDPR):** Our legal basis for processing is legitimate interest (operating the reservation service you or the restaurant engaged) and, where applicable, contract performance. You may lodge a complaint with your local supervisory authority.

**For California residents (CCPA):** We do not sell personal information. We do not use personal information for cross-context behavioral advertising. You may request deletion or disclosure of categories collected (see above).

## 6. Tracking and analytics

We do not use third-party tracking SDKs. No advertising identifiers are collected. `NSPrivacyTracking` is set to `false` in our iOS privacy manifest.

Sentry is declared as a dependency for error monitoring but is only active when explicitly configured with a DSN. When active, it captures error stack traces and request metadata — not user-identifiable content.

## 7. Children's privacy

Our service is intended for restaurant staff and adult diners. We do not knowingly collect data from children under 13.

## 8. Changes to this policy

We will update this page when our practices change and note the revision date above. Material changes will be communicated via in-app notice or email.

## 9. Contact

La Napa Reservations
Email: info@lanapamarket.com