Privacy Policy — TableFlow

Last updated: 29 April 2026 · Data controller: HorecaGPT B.V.

Contents

Who we are
What data we process
For what purpose
Legal basis
Retention periods
Sub-processors
International transfers
Your rights (GDPR)
Cookies
Security
Changes
Contact + complaints

1. Who we are

This Privacy Policy applies to all services provided by HorecaGPT B.V. (hereafter "we", "us", or "TableFlow") under the TableFlow brand.

We are based at Molenveldlaan 146, 6523 RN Nijmegen, Netherlands. Our Chamber of Commerce number is 97500275 and our VAT number is NL868078967B01. For privacy questions, reach us at hello@horecagpt.com.

2. What data we process

2.1 From TableFlow customers (the hospitality business)

Business and contact-person NAW details
KvK, VAT and bank account details (for SaaS billing)
Email addresses, phone numbers of staff with system access
Login credentials and activity logs
Configuration data: tables, zones, opening hours, products, email templates

2.2 From guests of TableFlow restaurants (end users)

Our customers (hospitality operators) process guest data through TableFlow. We act as a processor under GDPR; the operator is the controller. This includes:

Guest first and last name
Email address and phone number
Reservation details (date, time, party size, preferences)
Allergies and dietary preferences (only if guest provides)
Visit history at the same operator
Deposit transactions (via Mollie)
Email communication and delivery status (open, click, bounce — via Mailgun)

3. For what purpose

Category	Purpose
Customer data	TableFlow service delivery and billing, support, security
Guest data	Reservation management on behalf of our customer (the operator) — we process only on instruction
Email communication	Sending confirmations, reminders, marketing emails (after opt-in)
Cookies / analytics	Website functionality, no third-party tracking cookies

4. Legal basis

Contract performance — for SaaS service delivery and core reservation functionality
Legal obligation — for administrative and tax retention duties
Consent — for marketing emails and optional integrations (HorecaGPT data sharing, TheNextReview feedback requests)
Legitimate interest — for security, fraud prevention and service improvement

5. Retention periods

Type	Retention
Reservation data	7 years (Dutch tax authority retention requirement for restaurant administration)
Mailgun email events (open, click, bounce, delivery)	10 years
SaaS billing invoices	7 years (legal)
Login logs / audit trail	1 year
Account after cancellation	The account is set to suspended, not permanently deleted. Reactivation remains possible at any time. Deletion only on explicit request per article 8.

6. Sub-processors

For specific parts of our service we work with the following processors. We have a data-processing agreement with each per GDPR:

Sub-processor	Purpose	Location
TransIP B.V.	Application and database hosting	Amsterdam, NL
Mollie B.V.	Payment processing (deposits, refunds, SaaS billing)	Amsterdam, NL
Mailgun Technologies (EU)	Sending transactional and marketing emails	Frankfurt, DE (EU region)
Anthropic PBC	AI models for HorecaGPT (Claude API), only on active use	USA — under EU Standard Contractual Clauses
Eitje B.V.	Roster integration, only when actively connected by customer	Amsterdam, NL
TheNextReview B.V.	Reputation management, only when actively connected by customer	Nijmegen, NL

The full current list is available on request via hello@horecagpt.com.

7. International transfers

Primary storage of customer and guest data takes place within the EU (Netherlands and Germany). When using HorecaGPT (AI functionality), certain queries are processed by Anthropic PBC in the USA. We have executed the European Commission's Standard Contractual Clauses for this. AI queries never contain full guest names or contact details — only anonymized aggregates.

8. Your rights (GDPR)

Under the General Data Protection Regulation, you have the following rights:

Access — request which data we hold about you
Rectification — correct incorrect data
Erasure — request deletion ("right to be forgotten"), subject to legal retention
Restriction — limit processing
Objection — object to processing on legitimate-interest basis
Portability — receive data in structured format
Withdraw consent — for marketing emails

For guests of TableFlow restaurants: these rights must primarily be exercised with the operator (they are the controller). We support the operator in fulfilling such requests.

Send requests to hello@horecagpt.com. We respond within 30 days.

9. Cookies

Our marketing website (table-flow.app) uses minimal functional cookies for:

Remembering language preference (NL / EN)
Session identification within the admin panel (logged-in users only)

We place no third-party tracking cookies (no Google Analytics, no Facebook Pixel, no advertising cookies). The guest booking widget also does not place tracking cookies.

10. Security

All data encrypted in transit (TLS 1.2+) and at rest (AES-256)
Hosted at TransIP B.V., Amsterdam datacenter (NL), ISO 27001 certified
Two-factor authentication available for all user accounts
Role-based access control (RBAC) per staff member
Daily off-site backups, encrypted, 90-day retention
Tenant isolation at database level — one operator's data is not accessible to another

11. Changes

We may update this policy from time to time. Material changes are announced 30 days in advance via email to our customers.

12. Contact + complaints

For all privacy-related questions or requests: hello@horecagpt.com.

If you are not satisfied with our handling of a complaint, you have the right to lodge a complaint with the Dutch Data Protection Authority (autoriteitpersoonsgegevens.nl).