Privacy Policy

1. Purpose and scope

This Privacy Policy explains how Tablevert collects, uses, stores, shares, and protects personal data when restaurants, hospitality businesses, creators, agencies, authorized representatives, and other users access or use the Tablevert website, platform, campaign marketplace, dashboards, communications, integrations, and related services.

This Policy applies to account creation, restaurant onboarding, creator onboarding, campaign discovery, campaign applications, campaign management, creator matching, reporting, subscriptions, support, operational communications, connected platform APIs, cookies, analytics, and data deletion requests.

Where a country-specific privacy notice, in-product disclosure, consent prompt, contract, or data processing agreement applies to a particular feature or market, that additional notice applies together with this Policy.

2. Controller and processing roles

For personal data processed to operate Tablevert accounts, subscriptions, onboarding, marketplace access, platform security, billing management, product analytics, and support, Tablevert acts as the data controller unless a separate written agreement states otherwise.

Where a restaurant, agency, or business customer uses Tablevert to manage creator campaigns, campaign briefs, creator applications, booking information, creator deliverables, campaign reporting, or connected business account data, that business may act as an independent controller or, where applicable, as the controller that instructs Tablevert. The allocation of roles depends on the applicable contract, feature, and data involved.

Tablevert may also act as a processor or service provider for business customers where it processes personal data strictly on documented instructions and under an applicable data processing agreement.

3. Users covered by this Policy

• Business Users, including restaurant owners, restaurant operators, hospitality groups, agencies, employees, contractors, and authorized representatives using Tablevert for restaurant marketing and creator campaigns.
• Creators, including influencers, content creators, food reviewers, freelancers, and other individuals who create profiles, apply for campaigns, accept invitations, schedule visits, submit deliverables, or receive campaign-related records.
• Visitors and prospects who browse Tablevert websites, request demos, communicate with Tablevert, subscribe to updates, or interact with public campaign or landing pages.
• Authorized Tablevert personnel and service providers who operate, review, moderate, support, secure, or audit the platform.

4. Personal data we collect

The categories of personal data we collect depend on the features used, the user's role, the country, and the connected services authorized by the user or business account owner.

• Account and identity data, including name, email address, phone number, role, organization, country, city, language, authentication identifiers, onboarding status, consent records, and account preferences.
• Restaurant and business data, including business name, location, address, Google Place ID or other platform account identifiers, website, phone number, opening hours, business categories, attributes, photos or media references, restaurant profile details, operational notes, booking links, campaign briefs, and authorized representative details.
• Creator data, including profile information, social profile URLs, audience or follower information, portfolio information, campaign preferences, location, availability, applications, invitations, bookings, content proof, deliverables, payout or invoice profile data, and verification information.
• Campaign and marketplace data, including campaign briefs, deliverables, visit windows, messages, applications, approvals, locked campaign terms, QR codes, tracking links, content proof, performance estimates, reports, moderation records, and audit logs.
• Commercial and billing data, including plan, subscription status, trial dates, payment identifiers, invoices, billing details, tax or VAT information, payout records, payment history, cancellation records, and no-show or dispute information.
• Technical and security data, including IP address, device and browser information, identifiers, event logs, authentication logs, error logs, fraud-prevention signals, referrer and UTM data, cookie identifiers, consent logs, and system audit trails.
• Communications data, including support requests, demo requests, feedback, email interactions, operational notices, survey responses, and records of requests made to Tablevert.

5. Sensitive data and children

Tablevert is not intended for children and does not knowingly offer the platform to children. Users must satisfy the minimum age required under the Terms of Use and applicable local law.

Tablevert does not require users to provide special-category personal data such as health data, biometric data, precise political opinions, religious beliefs, or similar sensitive information. Users must not submit sensitive personal data unless Tablevert has expressly requested it for a lawful and necessary purpose.

6. How we collect personal data

• Directly from users when they create accounts, complete onboarding, configure profiles, publish campaigns, apply for campaigns, upload files, connect accounts, send messages, request support, or submit forms.
• From business customers and authorized representatives when they invite team members, configure restaurant accounts, manage campaign workflows, review creator applications, or provide information about campaign participants.
• From connected platforms and APIs when a user or authorized business representative grants access to platform data through OAuth, account authorization, API credentials, or another approved connection method.
• Automatically through the platform when users interact with the website, dashboards, campaign links, QR codes, emails, cookies, analytics tools, security systems, or logs.
• From service providers and processors that support authentication, hosting, payments, analytics, communications, security, storage, and operational services.

7. Purposes and legal bases

Tablevert processes personal data only where it has a lawful basis under applicable privacy law. Depending on the user's location and the feature involved, the lawful basis may include contract performance, legitimate interests, consent, legal obligations, or steps taken before entering into a contract.

• To create and manage accounts, authenticate users, verify authority, provide dashboards, operate subscriptions, and deliver the platform under the Terms of Use.
• To onboard restaurants, maintain business profiles, prevent duplicate or unauthorized business claims, manage creator campaigns, support creator applications, coordinate bookings, process deliverables, and provide campaign reporting.
• To enable restaurants and creators to discover, evaluate, negotiate, confirm, perform, and evidence creator marketing collaborations.
• To operate connected platform integrations, request minimum necessary permissions, retrieve authorized data, keep disclosures accurate, and comply with the applicable API provider terms.
• To process payments, maintain invoices and accounting records, manage taxes, investigate disputes, enforce agreements, and comply with legal obligations.
• To secure the platform, prevent fraud, detect abuse, moderate content, audit account activity, troubleshoot errors, improve reliability, and protect Tablevert, users, and third parties.
• To send operational, transactional, security, billing, campaign, and support communications.
• To send marketing communications where permitted by law and, where required, with consent.
• To perform analytics, product measurement, and service improvement, subject to consent where required for non-essential cookies or similar technologies.

8. Connected platform APIs and platform data

Tablevert may allow authorized users to connect third-party accounts, business listings, advertising accounts, social media accounts, or platform profiles so that Tablevert can provide onboarding, campaign creation, campaign reporting, creator matching, analytics, and operational workflows.

The exact permissions requested depend on the feature selected. Tablevert requests only permissions that are relevant to the active feature and does not request access solely for future, undeployed, or unrelated features.

9. AI-assisted matching and automated support

Tablevert may use rule-based systems, analytics, and AI-assisted tools to recommend creators, explain potential campaign matches, organize campaign information, classify content, support moderation, prepare operational suggestions, summarize information, or assist support workflows.

AI-assisted outputs are intended to support human decision-making. Tablevert does not guarantee that a match, recommendation, ranking, or performance estimate will produce a specific campaign result, booking volume, revenue amount, follower growth, or return on investment.

Where applicable law gives users the right to object to certain profiling or request human review of significant automated decisions, users may contact Tablevert using the privacy contact listed below.

10. Cookies and similar technologies

Tablevert uses necessary cookies, local storage, and similar technologies for authentication, session management, security, consent records, language or country settings, platform reliability, and essential product functionality.

Where required, analytics, advertising, marketing, or non-essential measurement technologies are used only after consent. Users may reject, withdraw, or update non-essential cookie consent through the consent tools made available by Tablevert.

Cookie availability and categories may vary by market, browser, device, and feature.

11. Sharing personal data

Tablevert does not sell personal data in the ordinary meaning of that term. Tablevert shares personal data only where necessary to provide the platform, comply with law, protect rights, operate integrations, manage contracts, or support users.

• With restaurants, agencies, creators, and authorized team members where needed to run campaign discovery, applications, approvals, bookings, deliverables, content proof, reporting, and dispute workflows.
• With processors and service providers that support hosting, authentication, storage, databases, cloud functions, analytics, payments, communications, security, support, monitoring, and operational tooling.
• With connected platform providers where the user or authorized representative connects an account, uses an integration, requests an API workflow, or where data must be exchanged to perform the authorized feature.
• With legal, tax, accounting, banking, compliance, insurance, security, and professional advisers where needed for business operations, disputes, compliance, or risk management.
• With public authorities, courts, regulators, or third parties where required by law, lawful request, legal process, contract enforcement, safety, fraud prevention, or protection of rights.
• In connection with a merger, acquisition, financing, reorganization, asset sale, insolvency, or similar corporate transaction, subject to appropriate confidentiality and data protection safeguards.

12. International transfers

Tablevert may process and store personal data in countries other than the user's country of residence, including countries where Tablevert, its service providers, connected platform providers, or support teams operate.

Where applicable law requires a transfer mechanism, Tablevert uses appropriate safeguards such as adequacy decisions, standard contractual clauses, data processing agreements, supplementary measures, or another lawful transfer basis.

13. Retention

Tablevert retains personal data only for as long as reasonably necessary for the purposes described in this Policy, unless a longer period is required or permitted by law, contract, tax rules, accounting obligations, platform policies, dispute handling, security needs, or legitimate operational requirements.

• Account and profile data is generally retained while the account remains active and for a reasonable period after closure for security, audit, support, fraud-prevention, and legal purposes.
• Campaign, booking, content proof, creator application, reporting, and marketplace records are retained for the life of the campaign and for a reasonable period afterward to evidence performance, resolve disputes, support reporting, and comply with legal obligations.
• Billing, invoice, payment, tax, payout, and accounting records are retained for the statutory period required in the relevant jurisdiction.
• Security logs, authentication logs, abuse-prevention records, and audit trails are retained for periods appropriate to detect, investigate, and prevent security incidents or misuse.
• Connected platform data is retained only as needed for the authorized feature, subject to applicable platform terms, revocation settings, deletion requests, legal obligations, and permitted caching limits.
• Consent and preference records are retained as needed to evidence compliance and honor user choices.

14. Security

Tablevert uses operational, technical, and organizational safeguards designed to protect personal data against unauthorized access, loss, misuse, alteration, disclosure, and destruction.

Security measures may include access controls, authentication controls, role-based permissions, encryption where appropriate, logging, monitoring, backup practices, secure development practices, least-privilege access, and review of service provider security measures.

No online service can guarantee absolute security. Users are responsible for maintaining the confidentiality of their credentials, using secure devices, and promptly notifying Tablevert of suspected unauthorized account access.

15. Privacy rights and data deletion requests

Depending on the user's location and applicable law, users may have rights to request access, correction, deletion, restriction, portability, objection, withdrawal of consent, or information about the processing of their personal data.

Users may also request deletion of their Tablevert account data or connected platform data. Deletion requests are reviewed before completion because active subscriptions, unpaid amounts, campaign obligations, dispute records, tax records, invoices, payout records, security logs, legal holds, or statutory retention obligations may require Tablevert to retain certain information.

Withdrawing consent or disconnecting an integration does not affect processing already performed lawfully before withdrawal and may prevent Tablevert from providing related features.

16. Supervisory authorities and complaints

Users may contact Tablevert first so that Tablevert can review and respond to privacy concerns. Users may also have the right to lodge a complaint with a competent data protection authority or supervisory authority in their country of residence, workplace, or the place where the alleged infringement occurred.

17. Marketing communications

Tablevert may send marketing communications where permitted by law. Where consent is required, Tablevert sends such communications only after consent has been obtained.

Users may opt out of marketing communications at any time through available unsubscribe links, account settings, consent tools, or by contacting Tablevert. Transactional, security, billing, legal, and operational messages may continue where necessary to provide the platform or comply with law.

18. Third-party links and services

The platform may contain links to third-party websites, applications, payment services, social networks, platform APIs, booking tools, or other services that Tablevert does not own or control. Those third parties process personal data under their own terms and privacy policies.

Users should review the applicable third-party notices before authorizing integrations, following links, making payments, or sharing personal data with third-party services.

19. Changes to this Policy

Tablevert may update this Privacy Policy from time to time to reflect changes in the platform, applicable law, connected platform requirements, security practices, or business operations.

Where a change materially affects how Tablevert uses personal data, Tablevert will provide notice or obtain consent where required by law or applicable platform policy before applying the change to the affected processing.