Privacy Policy

1. Who we are

Rèboo is a booking and business management platform for customers and businesses. The platform helps customers find and book services, resources, restaurant reservations, hotel stays, classes, courses, and related business offerings. It also helps businesses manage calendars, staff, customers, resources, inventory, expenses, promotions, and operational insights.

For this policy, "Rèboo", "we", "us", or "our" refers to the company operating the Rèboo platform. The final company registration details, registered address, and contact email must be inserted before public launch.

2. When Rèboo is controller or processor

For customer accounts, marketplace discovery, platform security, product analytics, recommendations, and direct communications from Rèboo, Rèboo acts as a data controller.

When a business uses Rèboo to manage its own customers, bookings, staff, resources, inventory, messages, and internal operations, the business may be the controller for that business data and Rèboo may act as a processor or service provider for that business. Some platform-level processing may remain under Rèboo control where needed for security, fraud prevention, legal compliance, product improvement, and platform operation.

Businesses using Rèboo are responsible for using the platform lawfully, providing any required notices to their own customers and staff, and making sure they have a valid legal basis for the information they enter into Rèboo.

3. Personal data we collect

Account data: name, phone number, email address, password credentials, login/session information, preferred language, settings, and communication preferences.

Customer booking data: selected business, service or module, staff/resource preference, dates, times, notes, booking status, cancellation/reschedule history, waitlist entries, favourites, routines, and customer support messages.

Business panel data: business name, registration/VAT/EIK details, locations, staff, services, resources, opening hours, booking rules, customer records, messages, promotions, inventory, expenses, finance and analytics data.

Payment-related data: payment status, invoice or receipt references, deposits, refunds, and transaction metadata where payment functionality is enabled. Card processing will be handled by a regulated payment provider when launched; Rèboo should not store full card numbers.

Technical data: IP address, device and browser information, app version, operating system, logs, cookies or similar identifiers, error reports, and security events.

Recommendation and intelligence data: booking history, preferences, routines, waitlists, favourites, outcome events, response to suggestions, and operational context used to generate explainable recommendations. Rèboo does not auto-book for customers in the current version; suggestions require human action.

4. Why we use personal data

To create and manage accounts, authenticate users, and protect the platform.

To show availability, create bookings, manage booking changes, send confirmations, reminders, cancellations, waitlist updates, and related service messages.

To let businesses operate their panel, including calendars, staff schedules, services, resources, CRM, inventory, expenses, finance, analytics, promotions, and support.

To provide customer support, investigate errors, prevent abuse, enforce terms, and maintain security.

To personalise the experience, show relevant businesses, suggest bookings, help customers manage routines, and help businesses identify operational opportunities, where legally allowed and subject to user controls.

To send marketing or promotional communications only where we have a valid legal basis and the required consent or opt-out mechanism.

To comply with tax, accounting, consumer protection, data protection, electronic commerce, and other legal obligations.

5. Legal bases under GDPR

Contract: when processing is necessary to provide the Rèboo account, booking flow, business panel, support, and related services requested by the user or business.

Legal obligation: when processing is needed for accounting, tax, regulatory, data protection, law enforcement, or consumer protection duties.

Legitimate interests: for platform security, fraud prevention, service improvement, operational analytics, business support, and relevant non-intrusive recommendations, balanced against the rights and freedoms of individuals.

Consent: where required, for example certain marketing communications, optional personalisation controls, cookies that require consent, or other optional features.

Vital interests or public interest are not expected to be normal bases for Rèboo services, but may apply in exceptional circumstances required by law.

6. Sharing personal data

We may share data with the business a customer books with, because the business needs the booking and customer details to provide the service.

We may share data with service providers that help us operate Rèboo, such as hosting, database, authentication, storage, analytics, messaging, email, SMS, payment, security, and support providers.

We may share data with professional advisers, auditors, insurers, regulators, courts, public authorities, or law enforcement where legally required or necessary to protect rights and safety.

We do not sell personal data. If advertising or third-party marketing integrations are added later, they must be clearly disclosed and controlled through user preferences.

7. International transfers

Where personal data is transferred outside the European Economic Area, we will use safeguards required by GDPR, such as adequacy decisions, Standard Contractual Clauses, transfer impact assessments, or other lawful mechanisms.

8. Retention

We keep personal data only for as long as necessary for the purposes described in this policy, including to provide the platform, comply with legal obligations, resolve disputes, enforce agreements, prevent fraud, and maintain accurate business records.

Account and booking data is normally kept while the account or business relationship remains active and for a reasonable period afterward. Financial, invoice, accounting, and tax records may be retained for the period required by applicable Bulgarian and EU law.

When a user requests deletion, we will delete or anonymise personal data unless we must keep it for legal, accounting, security, dispute, or legitimate business reasons.

9. Your GDPR rights

Subject to legal conditions, individuals may have the right to access their personal data, correct inaccurate data, request deletion, restrict processing, object to processing, receive data portability, withdraw consent, and object to direct marketing.

Individuals also have the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects, unless permitted by law. Rèboo recommendations are designed to be explainable and human-confirmed in the current version.

To exercise rights, contact us using the privacy contact details published by Rèboo. If the request relates to a specific business that uses Rèboo, we may forward or refer the request to that business where it is the controller.

10. Bulgarian supervisory authority

Individuals in Bulgaria may contact the Bulgarian Commission for Personal Data Protection if they believe their data protection rights have been infringed. The Commission for Personal Data Protection is the national supervisory authority in Bulgaria.

11. Security

We use technical and organisational measures designed to protect personal data, including access controls, authentication, logging, secure infrastructure, data minimisation, and operational monitoring.

No system is perfectly secure. Users and businesses must keep account credentials confidential and notify us promptly if they suspect unauthorised access.

12. Children

Rèboo is not intended for children to create unmanaged accounts. If services for children are booked, the booking should be made or authorised by a parent, guardian, or authorised adult, unless local law permits otherwise.

13. Cookies and similar technologies

Rèboo may use cookies, local storage, session storage, and similar technologies for login, security, preferences, analytics, and product improvement. Where legally required, optional cookies will be controlled through consent settings.

14. Changes to this policy

We may update this policy as Rèboo develops, including when new booking modules, payment features, SMS packages, AI recommendations, or customer web features are added. Material changes will be communicated where required by law.

15. Contact

Privacy contact: [insert privacy email]. Registered company details: [insert final legal entity, UIC/EIK, registered seat and address].

Last updated: 3 June 2026.