Privacy Policy

Last updated: March 2026

1. Introduction

SaveSpot ("we", "us", "our") is an AI-powered customer service concierge platform operated in Greece and the European Union. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our services. We are committed to full compliance with the General Data Protection Regulation (GDPR) and all applicable EU and Greek data protection laws.

2. Data We Collect

We collect the following categories of data:

Business Account Information: name, email address, business name, phone number, billing address, and business details provided during registration.
Chat Conversations: messages exchanged between end customers and the AI concierge, including booking requests, menu inquiries, and preferences.
Customer Contact Data: phone numbers and names provided by end customers for booking confirmations and communications.
Usage Analytics: page views, feature usage, session duration, and performance metrics to improve our service.
Technical Data: IP address, browser type, device information, and cookies necessary for the service to function.

3. How We Use Your Data

To provide and operate the AI concierge service for your business.
To process bookings, manage reservations, and handle customer inquiries.
To improve our AI models and service quality (using anonymized, aggregated data only).
To send transactional communications (booking confirmations, account notifications).
To process payments and manage your subscription.
To comply with legal obligations and resolve disputes.

4. Legal Basis for Processing

We process your data under the following GDPR legal bases: (a) performance of a contract (providing our service), (b) legitimate interest (improving our service, preventing fraud), (c) legal obligation (tax and regulatory compliance), and (d) consent (where specifically requested).

5. Data Hosting & Transfers

All data is hosted within the European Union, on servers located in Frankfurt, Germany. We do not transfer personal data outside the EU/EEA unless absolutely necessary for the operation of specific third-party services listed below, in which case appropriate safeguards (Standard Contractual Clauses) are in place.

6. Third-Party Services

We use the following third-party services to operate our platform:

Clerk — Authentication and user management.
Twilio — SMS and voice communications for booking confirmations.
OpenAI / Anthropic — AI language model processing for the concierge chatbot. Chat data is sent to these providers for processing but is not used for model training.
Vercel — Application hosting and edge network.
Neon — PostgreSQL database hosting (EU region).

7. Cookies

We use essential cookies only, which are strictly necessary for the service to function (authentication sessions, language preferences, security tokens). We do not use tracking cookies, advertising cookies, or any third-party analytics cookies.

8. Data Retention

Chat conversation data is retained for the duration of your active subscription plus 30 days after cancellation, after which it is permanently deleted. Business account information is retained for as long as your account is active. Payment records are retained as required by Greek tax law (typically 5 years). You may request earlier deletion of non-legally-required data at any time.

9. Your Rights (GDPR)

Under the GDPR, you have the following rights:

Right of Access: Request a copy of all personal data we hold about you.
Right to Rectification: Request correction of inaccurate data.
Right to Erasure: Request deletion of your personal data ("right to be forgotten").
Right to Data Portability: Receive your data in a structured, machine-readable format.
Right to Restrict Processing: Request that we limit how we use your data.
Right to Object: Object to processing based on legitimate interest.
Right to Withdraw Consent: Where processing is based on consent, withdraw it at any time.

To exercise any of these rights, contact us at hello@savespot.ai. We will respond within 30 days as required by GDPR.

10. Data Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS 1.3) and at rest, access controls, regular security audits, and multi-tenant data isolation to prevent cross-business data leaks.

11. Children's Privacy

Our service is designed for businesses and is not directed at individuals under the age of 16. We do not knowingly collect personal data from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through a notice on our platform at least 30 days before the changes take effect.

13. Contact & Supervisory Authority

For any privacy-related questions or concerns, contact us at hello@savespot.ai.

You also have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA) at www.dpa.gr.