Data Processing Agreement

1. Roles of the Parties

Under GDPR, the SaveSpot customer (the restaurant or hospitality business) acts as the Data Controller for guest, booking, and conversation data captured through the SaveSpot concierge. SaveSpot acts as the Data Processor and only processes that personal data on the documented instructions of the Controller, as set out in the Terms of Service and this agreement.

2. Subject Matter and Duration

SaveSpot processes personal data for the duration of the active subscription, including operating the AI concierge, capturing booking requests, sending confirmations and reminders, and providing analytics dashboards to the Controller. Processing covers contact details, conversation content, booking metadata, and customer preferences submitted by the Controller or its end customers.

3. Security and Sub-processors

• EU data residency: production data is stored in Frankfurt, Germany, with TLS 1.3 in transit and AES-256 encryption at rest.
• Strict tenant isolation between restaurants at the database and application layer; no cross-tenant data leakage.
• Approved sub-processors include Vercel (hosting), Neon (database), Clerk (authentication), Twilio (SMS / OTP), Resend (email), and OpenAI / Anthropic (AI processing). Chat data is not used to train third-party models.
• Audit logging for sensitive concierge, admin, and booking actions, with role-based access controls inside the dashboard.

4. Data Subject Rights and Assistance

SaveSpot provides export, deletion, and consent workflows so the Controller can fulfil GDPR rights requests (access, rectification, erasure, portability, restriction, objection). Controllers can request assistance, sub-processor lists, breach notification details, or the full executed DPA at hello@savespot.ai.