Name: ClickReserv
Price: 29 USD
Author: ClickReserv

1. Current subprocessors

Below is the complete list of subprocessors who may process operator or customer personal data on ClickReserv's behalf, as of the review date above. Operators with active accounts can request a signed Data Processing Agreement (DPA) by emailing privacy@reserv.click.

Processor	Purpose & data category	Location
Amazon Web Services (AWS) Privacy policy →	Application hosting (EC2), database (RDS Postgres), object storage (S3 backups + tenant assets), DNS (Route 53), edge CDN (CloudFront), email delivery (SES), secret management (Secrets Manager). Data: All operator + customer data we hold, encrypted at rest and in transit. AWS is the cloud platform — this is the single largest sub-processor.	United States (us-east-1, primary); AWS global edge for CloudFront.
Stripe, Inc. Privacy policy →	Payment processing. Customer card payments flow through Stripe Checkout; operator payouts use Stripe Connect. ClickReserv is a connected app under the SebasTN Stripe Connect platform. Data: Card and bank account information, billing address, transaction amounts. Card numbers never touch our servers — Stripe is PCI-DSS Level 1.	United States (primary); Ireland for EEA customers (Stripe Payments Europe Ltd.).
GitHat (identity / auth) Privacy policy →	Operator authentication and organisation management. Customers booking appointments do NOT have a GitHat account — they use a lightweight ClickReserv-only session. Data: Operator email, hashed password (or passkey credential), session metadata. No customer data.	United States (us-east-1).
Cloudflare, Inc. Privacy policy →	Bot deterrence on the customer-facing booking confirm step (Turnstile). The token is verified server-side and never blocks booking on its own (fail-open). Data: Browser fingerprint metadata Cloudflare collects for bot-detection purposes (IP, UA class, network signal). No PII shared by us beyond the token round-trip.	Global (Cloudflare anycast edge).
Anthropic, PBC Privacy policy →	AI chat features inside the operator dashboard (MCP-style booking assistance). Customer-facing booking surfaces do NOT call Anthropic. Data: Operator queries + the immediate prompt context. Customer PII is NOT included in prompts; we redact email + phone before sending.	United States.
Google LLC Privacy policy →	Analytics (Google Analytics 4) on the customer-facing booking journey, gated by the customer's cookie consent. Disabled by default; only loads when the visitor clicks Accept on the cookie banner. Data: Aggregated, pseudonymised behavioural events: pageviews, booking-funnel steps, conversion outcomes. No raw email or card data. Consent Mode v2 ensures cookieless mode when the visitor declines.	United States (primary); EU for EEA visitors with regional data.
Sentry (Functional Software, Inc.) Privacy policy →	Error monitoring and stack-trace collection for the ClickReserv application. Used to detect production bugs and prevent regressions. Data: Stack traces, request URLs (with PII redacted), user-agent strings, IP addresses for the error event. Our error-capture path strips email + customer name before sending; verified by code review.	United States (primary).

2. Changes & notice

We add new subprocessors only when needed to operate, improve, or secure the platform. When we plan to add a subprocessor, we will update this page at least 30 days before the new processor begins handling operator or customer data. Operators may object by emailing privacy@reserv.click within the 30-day notice window; we will work with you on a resolution that may include moving you to a non-affected configuration or, where that is not possible, an orderly offboarding.

3. International transfers

Most subprocessors above are located in the United States. For EU, UK, and Swiss data subjects, transfers out of the EEA / UK / CH rely on the European Commission's Standard Contractual Clauses (2021) with the relevant supplementary measures, and on the EU-U.S. Data Privacy Framework where the subprocessor is certified. AWS, Stripe (via Stripe Payments Europe Ltd.), Cloudflare, Google, and Anthropic each provide their own DPA instruments incorporating the SCCs.

4. Customer-side data minimisation

On the customer-facing booking flow, we deliberately limit which subprocessors see customer data:

Stripe sees card + billing data needed for payment, never booking notes or service history.
Anthropic is NOT called from the customer booking journey. Operator-side AI features call it; customer email / phone are stripped from prompts.
Google Analytics only loads when the customer accepts the cookie banner. Declining cookies keeps the entire booking funnel observable to us only via server-side logs (no third-party data sharing).
Sentry redacts email, phone, and full names from captured request payloads before sending. Stack traces + error class names are the durable signal.

5. Contact

For DPA requests, subprocessor objections, or general privacy questions, contact privacy@reserv.click. For everything else, see the contact page.

1. Current subprocessors

Processor	Purpose & data category	Location
Amazon Web Services (AWS) Privacy policy →	Application hosting (EC2), database (RDS Postgres), object storage (S3 backups + tenant assets), DNS (Route 53), edge CDN (CloudFront), email delivery (SES), secret management (Secrets Manager). Data: All operator + customer data we hold, encrypted at rest and in transit. AWS is the cloud platform — this is the single largest sub-processor.	United States (us-east-1, primary); AWS global edge for CloudFront.
Stripe, Inc. Privacy policy →	Payment processing. Customer card payments flow through Stripe Checkout; operator payouts use Stripe Connect. ClickReserv is a connected app under the SebasTN Stripe Connect platform. Data: Card and bank account information, billing address, transaction amounts. Card numbers never touch our servers — Stripe is PCI-DSS Level 1.	United States (primary); Ireland for EEA customers (Stripe Payments Europe Ltd.).
GitHat (identity / auth) Privacy policy →	Operator authentication and organisation management. Customers booking appointments do NOT have a GitHat account — they use a lightweight ClickReserv-only session. Data: Operator email, hashed password (or passkey credential), session metadata. No customer data.	United States (us-east-1).
Cloudflare, Inc. Privacy policy →	Bot deterrence on the customer-facing booking confirm step (Turnstile). The token is verified server-side and never blocks booking on its own (fail-open). Data: Browser fingerprint metadata Cloudflare collects for bot-detection purposes (IP, UA class, network signal). No PII shared by us beyond the token round-trip.	Global (Cloudflare anycast edge).
Anthropic, PBC Privacy policy →	AI chat features inside the operator dashboard (MCP-style booking assistance). Customer-facing booking surfaces do NOT call Anthropic. Data: Operator queries + the immediate prompt context. Customer PII is NOT included in prompts; we redact email + phone before sending.	United States.
Google LLC Privacy policy →	Analytics (Google Analytics 4) on the customer-facing booking journey, gated by the customer's cookie consent. Disabled by default; only loads when the visitor clicks Accept on the cookie banner. Data: Aggregated, pseudonymised behavioural events: pageviews, booking-funnel steps, conversion outcomes. No raw email or card data. Consent Mode v2 ensures cookieless mode when the visitor declines.	United States (primary); EU for EEA visitors with regional data.
Sentry (Functional Software, Inc.) Privacy policy →	Error monitoring and stack-trace collection for the ClickReserv application. Used to detect production bugs and prevent regressions. Data: Stack traces, request URLs (with PII redacted), user-agent strings, IP addresses for the error event. Our error-capture path strips email + customer name before sending; verified by code review.	United States (primary).

2. Changes & notice

3. International transfers

4. Customer-side data minimisation

On the customer-facing booking flow, we deliberately limit which subprocessors see customer data:

Stripe sees card + billing data needed for payment, never booking notes or service history.

Anthropic is NOT called from the customer booking journey. Operator-side AI features call it; customer email / phone are stripped from prompts.

Google Analytics only loads when the customer accepts the cookie banner. Declining cookies keeps the entire booking funnel observable to us only via server-side logs (no third-party data sharing).

Sentry redacts email, phone, and full names from captured request payloads before sending. Stack traces + error class names are the durable signal.

Subprocessors

1. Current subprocessors

2. Changes & notice

3. International transfers

4. Customer-side data minimisation

5. Contact

Subprocessors

1. Current subprocessors

2. Changes & notice

3. International transfers

4. Customer-side data minimisation

5. Contact