GDPR and Data Processing Agreement

Version: 2026-05-15

This page summarises how Bookify SARL-S, operating DineHub, supports restaurants with GDPR-aligned processing. It is a public summary; the signed restaurant agreement and DPA control where there is a conflict.

Controller and processor roles

Restaurants are generally controllers for guest orders, table sessions, service requests, and receipts. Bookify SARL-S acts as processor when DineHub processes that data on the restaurant's behalf. Bookify SARL-S acts as controller for its own staff accounts, restaurant onboarding, SaaS billing, product security, support, and sales administration.

DPA coverage

  • Subject matter: hosting and operating the DineHub platform.
  • Duration: the restaurant subscription term plus required retention periods.
  • Data subjects: guests, restaurant staff, restaurant contacts, support contacts, and website/demo leads where applicable.
  • Data categories: session IDs, order/request data, receipt contact data, payment status, staff account data, audit logs, billing data, and support metadata.
  • Processing activities: storage, transmission, payment status handling, receipt delivery, support, monitoring, security, backup, and deletion.

Security measures

  • Tenant isolation through Supabase row-level security and server-side checks.
  • Server-confirmed payment state through Stripe webhooks and idempotent handlers.
  • Encrypted transport via HTTPS/TLS for application traffic.
  • Private receipt storage with short-lived signed access URLs.
  • Access control for restaurant staff roles and internal admin routes.
  • Credential encryption for POS credentials where POS integrations are used.
  • Audit logging for material legal, payment, admin, and operational actions.

Sub-processors and transfers

DineHub uses sub-processors listed in the Privacy Policy. Core application data is hosted in the EU where available. Some providers may process limited data outside the EEA under appropriate GDPR safeguards, including Standard Contractual Clauses, data processing terms, encryption, and strict access controls.

Assistance to restaurants

DineHub helps restaurants answer data subject requests, investigate security events, export or delete data where technically possible, and document processing where needed for their own compliance records.

Contact

To request the current DPA, ask a privacy question, or notify a data protection issue, contact privacy@dinehub.io.

Legal address: [LEGAL ADDRESS]. DPO contact, if appointed: [DPO CONTACT].