Skip to content

Privacy Policy

Last updated: 17 March 2026

1. Who we are

TableGuru (“we”, “us”, “our”) is a restaurant booking platform operated from the United Kingdom. We act as a data processor on behalf of restaurants (our customers) and as a data controller for platform account data. Our registered address is Reading, Berkshire, United Kingdom. We are registered with the Information Commissioner's Office (ICO), registration number CSN9829615. For data protection queries, contact us at privacy@tableguru.app.

2. What data we collect

Diner data (collected when you make a booking):

  • Name, email address, phone number
  • Party size, date and time preferences, special requests
  • Dietary requirements and allergen information (if provided)
  • Payment card details (processed by Stripe; we do not store card numbers)

Restaurant user data (collected when you create an account):

  • Name, email address, role within the restaurant
  • Restaurant business information (name, address, phone, opening hours)
  • Usage data (login times, feature usage, IP address)

3. How we use your data

  • To process and manage restaurant bookings
  • To send booking confirmations, reminders, and follow-ups
  • To enable restaurants to manage their guest relationships
  • To process payments and deposits via Stripe
  • To provide AI-powered insights (no-show prediction, sentiment analysis)
  • To improve our platform and detect fraud or abuse

4. Legal basis for processing

We process personal data under the UK GDPR on the following bases:

  • Contract: Processing necessary to fulfil a booking or provide our service
  • Legitimate interest: Fraud prevention, service improvement, platform security
  • Consent: Marketing communications, optional analytics cookies
  • Legal obligation: Tax and accounting records, regulatory compliance

5. Data sharing

We share data with:

  • Restaurants: Booking and guest data is shared with the restaurant you book with
  • Stripe: Payment processing (PCI DSS compliant)
  • Twilio: SMS and WhatsApp message delivery
  • Resend: Email delivery
  • Supabase: Database hosting (data stored in EU region)
  • Vercel: Application hosting
  • Anthropic: AI features (data is not used to train models)

We do not sell your personal data to third parties.

6. Data retention

Booking data is retained for up to 24 months from the booking date, or as configured by the restaurant. Account data is retained for the duration of the account plus 30 days after deletion. Payment records are retained for 7 years as required by UK tax law.

7. Your rights

Under the UK GDPR, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data (“right to be forgotten”)
  • Portability: Receive your data in a machine-readable format
  • Restriction: Limit how we process your data
  • Objection: Object to processing based on legitimate interests
  • Withdraw consent: Where processing is based on consent

To exercise any of these rights, email privacy@tableguru.app. We will respond within 30 days.

8. Cookies

We use essential cookies for authentication and session management. Optional analytics cookies are only set with your consent. See our Cookie Policy for details.

9. Contact

For privacy-related queries: privacy@tableguru.app
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

10. Automated decision-making

TableGuru may use automated risk scoring based on booking history patterns (such as previous no-shows, booking frequency, and lead time) to determine whether a deposit is required for a reservation. This scoring does not use protected characteristics (such as race, gender, religion, or disability).

You have the right to:

  • Be informed that automated decision-making is being used
  • Request a human review of any automated decision
  • Contest the decision and express your point of view
  • Have the decision overridden by the restaurant

To request a review of an automated decision, contact the restaurant directly or email privacy@tableguru.app.

11. International data transfers

Some of our sub-processors (such as Stripe for payment processing, Vercel for hosting, and Anthropic for AI features) are based outside the United Kingdom. Where personal data is transferred internationally, we ensure appropriate safeguards are in place, including:

  • UK International Data Transfer Agreements (IDTAs)
  • EU Standard Contractual Clauses (SCCs)
  • The UK Extension to the EU-US Data Privacy Framework, where applicable

You may request details of the specific safeguards applied to any transfer by contacting privacy@tableguru.app.