Privacy Policy

Welcome to Maestro ("we", "us", "our"). Maestro is an AI-powered reservation assistant for restaurants, operated by Kardesler SRLS, a company registered in Rome, Italy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our services, including our website (mymaestro.app), voice AI assistant, and WhatsApp Business messaging. We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) (EU Regulation 2016/679) and all applicable Italian data protection laws.

The data controller responsible for your personal data is: Kardesler SRLS Rome, Italy Email: privacy@mymaestro.app For any questions or requests regarding your personal data, please contact us at privacy@mymaestro.app.

We collect and process the following categories of personal data: Contact information: Name, phone number, and email address provided during the reservation process. Reservation details: Date, time, party size, special requests, dietary requirements, and table preferences. Call recordings: Voice recordings of phone calls handled by our AI assistant, used to process reservations and improve service quality. WhatsApp messages: Messages exchanged through WhatsApp Business for reservation booking, confirmations, reminders, and follow-ups. Website analytics: Anonymous usage data collected through Vercel Analytics, including page views and general browsing patterns. No personally identifiable information is collected through analytics. Restaurant data: Information provided by restaurant partners during account setup, including restaurant name, capacity, service hours, and operational preferences.

We process your personal data for the following purposes: To provide the reservation service: Processing bookings, confirming reservations, sending reminders, and managing table availability. To improve service quality: Analyzing call recordings and message patterns to improve our AI assistant's accuracy and guest experience. To send confirmations and communications: Delivering booking confirmations, reminders, and follow-up messages via WhatsApp or phone. To maintain and improve our platform: Ensuring our services work correctly and improving our technology.

We process your personal data based on the following legal grounds under GDPR Article 6: Legitimate interest (Article 6(1)(f)): Processing reservation requests and delivering the service that guests and restaurants expect. This includes handling calls, processing bookings, and sending booking confirmations. Consent (Article 6(1)(a)): For WhatsApp Business communications beyond basic booking confirmations, such as follow-up messages and review requests. You can withdraw consent at any time by contacting us. Performance of a contract (Article 6(1)(b)): For restaurant partners, processing data is necessary to fulfill our service agreement.

In compliance with WhatsApp Business Platform policies, we provide the following information about our WhatsApp data handling: What messages we process: Reservation requests, booking confirmations, reminders, modification requests, and follow-up messages sent through WhatsApp Business. What data is stored: Message content, phone numbers, timestamps, and reservation details extracted from conversations. We store this data to fulfill reservations and maintain booking records. Purpose: WhatsApp messaging is used exclusively to provide restaurant reservation services, including booking, confirming, reminding, and following up on reservations. We do not use WhatsApp data for advertising, profiling, or any purpose unrelated to the restaurant reservation service.

We do not sell, rent, or trade your personal data to third parties. We share data only with the following categories of processors, strictly for service delivery: Vapi (Voice AI): Processes voice calls through our AI assistant. Data is processed in accordance with their privacy policy and our data processing agreement. Vercel (Hosting): Hosts our website and provides analytics. Vercel processes anonymous analytics data only. Meta / WhatsApp (Messaging): WhatsApp Business API is used to send and receive messages. Messages are processed according to Meta's WhatsApp Business terms. Restaurant partners: Reservation details (name, party size, date, time, special requests) are shared with the restaurant where the booking is made, as this is necessary to fulfill the reservation. All third-party processors are bound by data processing agreements that ensure GDPR compliance.

We retain personal data for the following periods: Reservation data: Retained for up to 12 months after the reservation date for service quality and dispute resolution purposes. Call recordings: Retained for up to 6 months after the call, then permanently deleted. WhatsApp messages: Retained for up to 12 months after the last interaction. Website analytics: Anonymous analytics data is retained for up to 24 months. Restaurant partner data: Retained for the duration of the service agreement and up to 12 months afterward. You may request earlier deletion of your data at any time (see Section 9).

Under GDPR, you have the following rights regarding your personal data: Right of access (Article 15): You can request a copy of the personal data we hold about you. Right to rectification (Article 16): You can request correction of inaccurate or incomplete data. Right to erasure (Article 17): You can request deletion of your personal data ("right to be forgotten"). Right to restriction (Article 18): You can request that we limit the processing of your data. Right to data portability (Article 20): You can request your data in a structured, commonly used, machine-readable format. Right to object (Article 21): You can object to processing based on legitimate interest. Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing. To exercise any of these rights, contact us at privacy@mymaestro.app. We will respond within 30 days. You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) at www.garanteprivacy.it.

We implement appropriate technical and organizational measures to protect your personal data: All data is processed on servers located within the European Union. Communications are encrypted using TLS/SSL protocols. Access to personal data is restricted to authorized personnel only. We conduct regular security assessments and updates.

Our website uses minimal cookies and analytics: Vercel Analytics: We use Vercel Analytics for anonymous website usage statistics. This does not use cookies and does not collect personally identifiable information. Language preference: We store your language preference (Italian or English) in your browser's local storage. This is not a cookie and does not track you. We do not use advertising cookies, tracking pixels, or third-party marketing tools.

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make changes, we will update the "Last updated" date at the top of this page. We encourage you to review this page periodically for the latest information on our privacy practices.

If you have any questions about this Privacy Policy or our data practices, please contact us: Kardesler SRLS Rome, Italy Email: privacy@mymaestro.app For general inquiries: info@mymaestro.app