Name: ClickReserv
Price: 29 USD
Author: ClickReserv

1. Current subprocessors

Below is the complete list of subprocessors who may process operator or customer personal data on ClickReserv's behalf, as of the review date above. Operators with active accounts can request a signed Data Processing Agreement (DPA) by emailing privacy@reserv.click.

Processor	Purpose & data category	Location
Amazon Web Services (AWS) Privacy policy →	Application hosting (EC2), database (RDS Postgres), object storage (S3 backups + tenant assets), DNS (Route 53), edge CDN (CloudFront), email delivery (SES), secret management (Secrets Manager). Data: All operator + customer data we hold, encrypted at rest and in transit. AWS is the cloud platform — this is the single largest sub-processor.	United States (us-east-1, primary); AWS global edge for CloudFront.
Stripe, Inc. Privacy policy →	Payment processing. Customer card payments flow through Stripe Checkout; operator payouts use Stripe Connect. ClickReserv is a connected app under the SebasTN Stripe Connect platform. Data: Card and bank account information, billing address, transaction amounts. Card numbers never touch our servers — Stripe is PCI-DSS Level 1.	United States (primary); Ireland for EEA customers (Stripe Payments Europe Ltd.).
GitHat (identity / auth) Privacy policy →	Operator authentication and organisation management. Customers booking appointments do NOT have a GitHat account — they use a lightweight ClickReserv-only session. Data: Operator email, hashed password (or passkey credential), session metadata. No customer data.	United States (us-east-1).
Cloudflare, Inc. Privacy policy →	Bot deterrence on the customer-facing booking confirm step (Turnstile). The token is verified server-side and never blocks booking on its own (fail-open). Data: Browser fingerprint metadata Cloudflare collects for bot-detection purposes (IP, UA class, network signal). No PII shared by us beyond the token round-trip.	Global (Cloudflare anycast edge).
Anthropic, PBC Privacy policy →	AI chat features. (1) The operator dashboard concierge (MCP-style booking assistance). (2) The optional Customer Booking Agent — a paid add-on, off by default — which runs only on the booking pages of businesses that have enabled it, and only after the visitor gives in-widget consent, to answer questions and help that business's own customers book. Data: Operator queries + booking context. Where a business has enabled the Customer Booking Agent, that business's customers' typed chat messages are also processed (after in-widget consent) to answer questions and assist booking. Customer email and phone are masked/redacted before any prompt in both cases. The per-customer memory that lets the assistant recognise a returning customer is stored by ClickReserv in our own database, not by Anthropic. No payment details are ever sent.	United States.
Google LLC Privacy policy →	Analytics (Google Analytics 4) on the customer-facing booking journey, gated by the customer's cookie consent. Disabled by default; only loads when the visitor clicks Accept on the cookie banner. Data: Aggregated, pseudonymised behavioural events: pageviews, booking-funnel steps, conversion outcomes. No raw email or card data. Consent Mode v2 ensures cookieless mode when the visitor declines.	United States (primary); EU for EEA visitors with regional data.
Sentry (Functional Software, Inc.) Privacy policy →	Error monitoring and stack-trace collection for the ClickReserv application. Used to detect production bugs and prevent regressions. Data: Stack traces, request URLs (with PII redacted), user-agent strings, IP addresses for the error event. Our error-capture path strips email + customer name before sending; verified by code review.	United States (primary).

2. Changes & notice

We add new subprocessors only when needed to operate, improve, or secure the platform. When we plan to add a subprocessor, we will update this page at least 30 days before the new processor begins handling operator or customer data. Operators may object by emailing privacy@reserv.click within the 30-day notice window; we will work with you on a resolution that may include moving you to a non-affected configuration or, where that is not possible, an orderly offboarding.

Notice — June 10, 2026: We are expanding the use of an existing subprocessor, Anthropic, PBC, to a new customer-facing surface. The optional Customer Booking Agent (a paid add-on, off by default) lets a business's own customers chat with an AI booking assistant on that business's booking page, with the visitor's in-widget consent. This applies only to businesses that enable it; no new subprocessor is being added. Operators may object as described above. This expanded use takes effect no earlier than 30 days from this notice (on or after July 10, 2026).

3. International transfers

Most subprocessors above are located in the United States. For EU, UK, and Swiss data subjects, transfers out of the EEA / UK / CH rely on the European Commission's Standard Contractual Clauses (2021) with the relevant supplementary measures, and on the EU-U.S. Data Privacy Framework where the subprocessor is certified. AWS, Stripe (via Stripe Payments Europe Ltd.), Cloudflare, Google, and Anthropic each provide their own DPA instruments incorporating the SCCs.

4. Customer-side data minimisation

On the customer-facing booking flow, we deliberately limit which subprocessors see customer data:

Stripe sees card + billing data needed for payment, never booking notes or service history.
Anthropicis called on the customer booking journey only on the booking pages of businesses that have enabled the optional AI booking assistant (a paid add-on, off by default), and only after the visitor gives in-widget consent. Customer email and phone are masked before prompts; the per-customer memory that lets the assistant recognise a returning visitor is stored by ClickReserv in our own database, not by Anthropic; no payment details are ever sent. On every other business's booking pages Anthropic is not called from the customer journey — only from the operator dashboard concierge.
Google Analytics only loads when the customer accepts the cookie banner. Declining cookies keeps the entire booking funnel observable to us only via server-side logs (no third-party data sharing).
Sentry redacts email, phone, and full names from captured request payloads before sending. Stack traces + error class names are the durable signal.

5. Contact

For DPA requests, subprocessor objections, or general privacy questions, contact privacy@reserv.click. For everything else, see the contact page.

1. Current subprocessors

Processor	Purpose & data category	Location
Amazon Web Services (AWS) Privacy policy →	Application hosting (EC2), database (RDS Postgres), object storage (S3 backups + tenant assets), DNS (Route 53), edge CDN (CloudFront), email delivery (SES), secret management (Secrets Manager). Data: All operator + customer data we hold, encrypted at rest and in transit. AWS is the cloud platform — this is the single largest sub-processor.	United States (us-east-1, primary); AWS global edge for CloudFront.
Stripe, Inc. Privacy policy →	Payment processing. Customer card payments flow through Stripe Checkout; operator payouts use Stripe Connect. ClickReserv is a connected app under the SebasTN Stripe Connect platform. Data: Card and bank account information, billing address, transaction amounts. Card numbers never touch our servers — Stripe is PCI-DSS Level 1.	United States (primary); Ireland for EEA customers (Stripe Payments Europe Ltd.).
GitHat (identity / auth) Privacy policy →	Operator authentication and organisation management. Customers booking appointments do NOT have a GitHat account — they use a lightweight ClickReserv-only session. Data: Operator email, hashed password (or passkey credential), session metadata. No customer data.	United States (us-east-1).
Cloudflare, Inc. Privacy policy →	Bot deterrence on the customer-facing booking confirm step (Turnstile). The token is verified server-side and never blocks booking on its own (fail-open). Data: Browser fingerprint metadata Cloudflare collects for bot-detection purposes (IP, UA class, network signal). No PII shared by us beyond the token round-trip.	Global (Cloudflare anycast edge).
Anthropic, PBC Privacy policy →	AI chat features. (1) The operator dashboard concierge (MCP-style booking assistance). (2) The optional Customer Booking Agent — a paid add-on, off by default — which runs only on the booking pages of businesses that have enabled it, and only after the visitor gives in-widget consent, to answer questions and help that business's own customers book. Data: Operator queries + booking context. Where a business has enabled the Customer Booking Agent, that business's customers' typed chat messages are also processed (after in-widget consent) to answer questions and assist booking. Customer email and phone are masked/redacted before any prompt in both cases. The per-customer memory that lets the assistant recognise a returning customer is stored by ClickReserv in our own database, not by Anthropic. No payment details are ever sent.	United States.
Google LLC Privacy policy →	Analytics (Google Analytics 4) on the customer-facing booking journey, gated by the customer's cookie consent. Disabled by default; only loads when the visitor clicks Accept on the cookie banner. Data: Aggregated, pseudonymised behavioural events: pageviews, booking-funnel steps, conversion outcomes. No raw email or card data. Consent Mode v2 ensures cookieless mode when the visitor declines.	United States (primary); EU for EEA visitors with regional data.
Sentry (Functional Software, Inc.) Privacy policy →	Error monitoring and stack-trace collection for the ClickReserv application. Used to detect production bugs and prevent regressions. Data: Stack traces, request URLs (with PII redacted), user-agent strings, IP addresses for the error event. Our error-capture path strips email + customer name before sending; verified by code review.	United States (primary).

2. Changes & notice

3. International transfers

4. Customer-side data minimisation

On the customer-facing booking flow, we deliberately limit which subprocessors see customer data:

Stripe sees card + billing data needed for payment, never booking notes or service history.

Anthropicis called on the customer booking journey only on the booking pages of businesses that have enabled the optional AI booking assistant (a paid add-on, off by default), and only after the visitor gives in-widget consent. Customer email and phone are masked before prompts; the per-customer memory that lets the assistant recognise a returning visitor is stored by ClickReserv in our own database, not by Anthropic; no payment details are ever sent. On every other business's booking pages Anthropic is not called from the customer journey — only from the operator dashboard concierge.

Google Analytics only loads when the customer accepts the cookie banner. Declining cookies keeps the entire booking funnel observable to us only via server-side logs (no third-party data sharing).

Sentry redacts email, phone, and full names from captured request payloads before sending. Stack traces + error class names are the durable signal.

Subprocessors

1. Current subprocessors

2. Changes & notice

3. International transfers

4. Customer-side data minimisation

5. Contact

Subprocessors

1. Current subprocessors

2. Changes & notice

3. International transfers

4. Customer-side data minimisation

5. Contact