Terms and Conditions
Last updated: April 27, 2026
1. General Information
The Rezervatio.AI platform is operated by Rezervatio SRL, a legal entity in the process of registration with the Romanian Trade Registry.
Data protection / Security / Legal: privacy@rezervatio.ai
Website: www.rezervatio.ai
The full identification details of the company (Tax ID, Trade Registry number, registered office) will be made publicly available at the time of commercial launch and prior to any commercial transaction.
These Terms constitute a legal agreement between the User (the legal entity or authorized natural person using the Platform) and Rezervatio. By creating an account or using the services in any way, you confirm that you have read, understood and accepted these Terms in their entirety.
2. Definitions
- "Platform" — the Rezervatio.AI web application, including the dashboard, the AI voice agent, the APIs and all associated functionality, accessible at rezervatio.ai.
- "User" / "Customer" — any authorized natural person or legal entity who creates an account on the platform for the purpose of using the services for their business.
- "End Customer" — a natural person who contacts the User's business by telephone and interacts with the AI voice agent, in their capacity as data subject under GDPR.
- "Subscription" — the service plan chosen by the User, with the associated features and limitations.
- "AI Agent" / "Voice Assistant" — the artificial intelligence system that handles telephone calls, configured per the User's settings.
- "Minutes" — the unit of measurement of AI voice agent usage, calculated based on the duration of processed calls.
- "Account" — the user account created on the platform, protected by authentication credentials.
- "Organization" — the logical entity within the platform that groups the configurations, data and members of a business.
- "Commercial Agreement" — the detailed document with commercial terms (plans, prices, SLA, suspension, refund), provided at onboarding and signed electronically.
3. Eligibility and Account Creation
3.1 Eligibility Requirements
- You are at least 18 years old and have full legal capacity
- You act in a professional capacity (B2B) — the platform is not intended for individual consumers
- You have legal authority to accept these Terms on behalf of the entity you represent
- You are not on any international sanctions list
3.2 Minimum Age and End Customers
The Rezervatio.AI platform is intended exclusively for professional users (B2B), legal entities or authorized natural persons, aged at least 18.
Regarding callers (End Customers): The User (business) is responsible for ensuring it does not intentionally collect data from persons under 16 years of age through the Platform, without the consent of the holder of parental authority, in accordance with Art. 8 GDPR and Art. 8 of Romanian Law no. 190/2018.
3.3 Registration Obligations
- Provide accurate, complete and up-to-date information at registration
- Maintain the confidentiality of access credentials (email, password)
- Immediately notify Rezervatio at privacy@rezervatio.ai in case of any unauthorized use of the account
- Do not create multiple accounts for the same business without prior approval
You are fully responsible for all activities conducted under your account.
4. Description of Services
Rezervatio.AI offers the following main services:
- 24/7 AI voice agent — automatically answers the business's telephone calls, in the configured language(s) (Romanian, English, German)
- Automated reservation management — creation, modification, cancellation, availability checking
- Management dashboard — web interface for viewing and administering reservations, configurations, statistics
- Notification system — automated emails for confirmation, cancellation and modification of reservations
- Custom configuration — setting up schedule, zones, tables/seats, agent messages, closure periods
- Reports and statistics — aggregated data on service usage and reservation activity
The services are provided "as is" and "as available". Rezervatio uses reasonable efforts to ensure continuous operation, but does not guarantee 100% availability.
5. Plans, Prices and Payments
Complete information regarding available plans, prices, payment methods and subscription conditions is presented on the dedicated page: rezervatio.ai/en/pricing.
By placing an order (sign-up and activation of a subscription), the User accepts the price and conditions displayed on the pricing page and on the checkout page at the time of purchase. These prices become an integral part of the contract between the User and Rezervatio.
General rules applicable to all plans:
- All prices are expressed in EUR and do not include VAT, unless otherwise specified
- Billing is made according to the cycle chosen by the User (monthly or annual)
- Price changes for active subscriptions will be notified at least 30 calendar days in advance
- In case of non-payment, access to the Services may be suspended in accordance with the policy detailed in the Commercial Agreement received at onboarding
- Complete details regarding billing, refunds, suspension and financial termination are part of the Commercial Agreement signed upon account creation
6. Rezervatio's Obligations
Rezervatio undertakes to:
- Provide the services in accordance with the specifications of the chosen plan
- Use reasonable efforts to maintain a high availability of the service
- Notify Users in advance before planned maintenance that may affect the service
- Implement appropriate technical and organizational measures for data protection (Art. 32 GDPR)
- Respond to support requests within a reasonable timeframe
- Inform Users in case of security incidents that affect their data
The specific availability targets (SLA) and associated remedies are detailed in the Commercial Agreement.
7. Disclaimer of Warranties
The Rezervatio.AI platform is provided "as is" and "as available", without any warranties, express or implied, including but not limited to implied warranties of merchantability, fitness for a particular purpose, or non-infringement of third-party rights.
Specifically, Rezervatio does not guarantee:
- That the AI agent will correctly understand and process 100% of telephone requests
- Uninterrupted service availability
- Compatibility with all telephone systems or telecommunications operators
- That the results or data provided will always be complete or accurate
The User accepts that artificial intelligence technology has inherent limitations and that it is the User's responsibility to verify reservations and data processed through the platform.
8. Limitation of Liability
8.1 Exclusions
Rezervatio is not liable for:
- Direct or indirect financial losses resulting from AI agent errors in understanding or processing requests
- Lost reservations due to temporary service unavailability, telecommunications networks, or third-party providers
- The content of conversations between the AI agent and End Customers
- Improper use of the platform by the User or members of their organization
- Damage caused by force majeure (natural disasters, large-scale cyberattacks, major outages of infrastructure providers)
8.2 Maximum Limit
In any event, Rezervatio's total liability to the User shall not exceed the amount paid by the User in the 3 (three) months preceding the event giving rise to the damage. This limitation does not apply in cases of: (a) intentional breach of confidentiality obligations, (b) infringement of intellectual property rights, or (c) legal obligations that cannot be limited under applicable law.
9. Intellectual Property
- All intellectual property rights in the platform, source code, design, the "Rezervatio.AI" brand, algorithms, documentation and technology belong exclusively to Rezervatio SRL
- The User receives a limited, non-exclusive, non-transferable and revocable license to use the platform for the duration of the active subscription
- The User retains all rights to their own data and the data of End Customers entered into the platform
- It is strictly prohibited to: copy, modify, distribute, reverse engineer, decompile or create derivative works from any component of the platform
10. Suspension and Termination
The User may cancel the subscription at any time from the platform dashboard. Rezervatio reserves the right to suspend or terminate accounts that violate these Terms, applicable law or third-party rights.
The detailed conditions regarding:
- Suspension timelines in case of non-payment
- Refund policy
- Data export grace period
- Data retention and deletion timelines after termination
… are an integral part of the Commercial Agreement provided at onboarding.
11. Force Majeure
Neither party shall be liable for failure to perform obligations caused by force majeure events, defined as any external, unforeseeable, absolutely insurmountable and unavoidable circumstance, including: natural disasters, pandemics, war, acts of terrorism, large-scale cyberattacks, decisions of public authorities, major outages of internet or telecommunications infrastructure providers.
12. Severability
If any provision of these Terms is declared null or unenforceable by a competent court, the remaining provisions shall remain in full force and effect. The affected provision shall be replaced by a valid provision that most closely reflects the original intent of the parties.
13. Amendments to the Terms
We reserve the right to modify these Terms. Changes will be communicated as follows:
- Minor changes (clarifications, corrections): publication on the website, without individual notification
- Significant changes (rights, obligations): email notification at least 30 days before taking effect
Continued use of the service after the changes take effect constitutes acceptance of the new Terms. If you do not agree, you have the right to terminate the contract before the changes take effect.
14. Entire Agreement
These Terms, together with the Commercial Agreement, the Acceptable Use Policy (AUP), the Data Processing Agreement (DPA), the Privacy Policy and the Cookie Policy, constitute the entire agreement between the User and Rezervatio regarding the use of the platform. These documents supersede any prior understandings, promises, negotiations or communications, written or verbal, relating to the subject matter of these Terms.
Clauses relating to intellectual property, indemnification, limitation of liability and confidentiality survive termination of the contract.
15. AI Act Compliance
The AI voice agent always discloses that it is an AI system at the beginning of the conversation, in accordance with Art. 50 of EU Regulation 2024/1689 (EU AI Act) on transparency of interactions with AI systems. The User agrees not to modify or disable this disclosure.
16. Governing Law and Jurisdiction
These Terms are governed by and construed in accordance with the laws of Romania. Any dispute arising from or in connection with these Terms shall be settled amicably. In the absence of an amicable settlement within 30 days, the dispute shall be referred to the competent courts of Romania.
17. Contact
General contact: contact@rezervatio.ai
Data protection / Security / Legal: privacy@rezervatio.ai
Website: www.rezervatio.ai
Privacy Policy
Last updated: April 27, 2026
This Privacy Policy describes how Rezervatio SRL ("Rezervatio", "we") collects, uses, stores, shares and protects personal data, in accordance with the General Data Protection Regulation (GDPR — EU Regulation 2016/679), Romanian Law no. 190/2018 and applicable legislation.
This policy applies to both Users (business owners using the platform) and End Customers (persons who call and interact with the AI voice agent).
1. Identity of the Controller / Processor
General email: contact@rezervatio.ai
Data protection email (DPO): privacy@rezervatio.ai
Website: www.rezervatio.ai
1.1 GDPR Roles
| Context | Rezervatio Role | Explanation |
|---|---|---|
| User data (account, billing) | Data Controller | Rezervatio decides the purpose and means of processing the User's account data |
| End Customer data (reservations, calls) | Data Processor | Rezervatio processes End Customer data on behalf of and in accordance with the instructions of the User (the controller) |
2. Personal Data We Collect
2.1 User Data (business owners) — Rezervatio as Controller
| Category | Specific Data | Purpose | Legal Basis |
|---|---|---|---|
| Account and authentication | First name, last name, email address, password (cryptographic hash) | Account creation, authentication, communication | Performance of contract — Art. 6(1)(b) |
| Business data | Business name, address, phone, email, business sector, Tax ID (optional) | AI agent configuration, service personalization | Performance of contract — Art. 6(1)(b) |
| Operational configuration | Operating hours, zones, tables/seats, agent preferences, custom messages | Proper operation of the reservation service | Performance of contract — Art. 6(1)(b) |
| Billing data | Card data (processed exclusively by a certified payment processor — Rezervatio does not store card numbers), billing address, Tax ID | Payment processing, invoicing | Performance of contract — Art. 6(1)(b) + Legal obligation — Art. 6(1)(c) |
| Usage data | Minutes consumed, number of calls, dashboard activity logs | Billing, statistics, service improvement | Performance of contract — Art. 6(1)(b) + Legitimate interest — Art. 6(1)(f) |
| Technical data | IP address, browser type, operating system, pages accessed | Security, troubleshooting, fraud prevention | Legitimate interest — Art. 6(1)(f) |
2.2 End Customer Data (callers) — Rezervatio as Processor
| Category | Specific Data | Purpose | Legal Basis (of the User) |
|---|---|---|---|
| Reservation data | First name, last name, phone number (caller ID), email (optional), number of persons | Creating, managing and confirming the reservation | Legitimate interest of the business — Art. 6(1)(f) or Consent — Art. 6(1)(a) |
| Preferences | Food allergies, special occasions, special requests, preferred zone | Personalizing the experience, food safety | Legitimate interest — Art. 6(1)(f) / Consent — Art. 6(1)(a) |
| Voice data | Voice in real-time (processed via streaming, not stored as audio file on Rezervatio servers), text transcript of the conversation | Understanding and processing the reservation request via the AI agent | Legitimate interest — Art. 6(1)(f) |
| Call metadata | Caller phone number (caller ID), called number, call duration, date and time, session identifier | Billing the User, statistics, technical support, audit | Performance of contract with the User — Art. 6(1)(b) + Legitimate interest — Art. 6(1)(f) |
3. Legal Basis for Processing (Art. 6 GDPR)
| Legal Basis | GDPR Article | Applicability |
|---|---|---|
| Performance of contract | Art. 6(1)(b) | Providing services to Users under the chosen subscription; processing reservations |
| Legitimate interest | Art. 6(1)(f) | Service improvement, fraud prevention, security, aggregated statistics, technical support |
| Consent | Art. 6(1)(a) | Marketing communications (newsletter, promotions) — optional, with the possibility of withdrawal at any time |
| Legal obligation | Art. 6(1)(c) | Tax and accounting compliance (retention of invoices for 10 years per the Tax Code), responding to authority requests |
4. How We Use the Data
We use personal data exclusively for:
- Service provision — call processing via the AI agent, creation and management of reservations, sending confirmations
- Account administration — authentication, subscription management, billing
- Essential communications — service notifications, Terms changes, security alerts
- Technical support — resolution of issues reported by Users
- Platform improvement — aggregated and anonymized usage analysis to optimize the service
- Security — detection and prevention of fraud, abuse, cyberattacks
- Legal compliance — fulfilment of tax, accounting and reporting obligations
We DO NOT use data for: automated profiling with legal effects, sale to third parties, behavioural advertising, exclusively automated decision-making with significant impact.
5. Sub-processors
We do not sell or rent your data to anyone. We share data only with service providers strictly necessary for the operation of the platform:
| Provider | Purpose |
|---|---|
| AI voice agent | Voice processing (Speech-to-Text and Text-to-Speech) |
| Telephony | Telephony and SMS services |
| Hosting | ISO 27001 certified infrastructure in the European Union |
| Transactional email | Certified provider with EU localization |
| CDN and security | Cloudflare |
| Payment processing | PCI DSS Level 1 certified processor |
The complete, detailed and up-to-date list of sub-processors (with exact names, server locations and specific roles) is available in the Annex to the Data Processing Agreement (DPA), provided to all active B2B customers at onboarding.
The Controller (B2B User) will be notified at least 30 days before the addition or replacement of a sub-processor, in accordance with Art. 28(2) GDPR.
6. International Transfers
Data is stored predominantly in the European Union. For providers with operations outside the EU we use the EU-US Data Privacy Framework and Standard Contractual Clauses (SCC) as legal mechanisms in accordance with Chapter V of GDPR. All transfers are encrypted.
7. Data Retention
We retain personal data only for as long as necessary for the purposes for which it was collected or as required by law:
| Data Type | Retention Period | Justification |
|---|---|---|
| User account (active) | For the entire duration of the active account | Necessary for service provision |
| User account (after deletion) | 30 days after the deletion request | Grace period for recovery |
| Reservations and related data | 12 months from the reservation date | Statistics, disputes, support |
| Voice conversation summaries | 30 days from the call date | Support, troubleshooting, service improvement |
| Audio recordings | Not stored on Rezervatio servers — real-time processing only (streaming) | N/A |
| Call metadata (call logs) | 12 months | Billing, statistics, audit |
| Billing and tax data | 10 years | Legal obligation — Tax Code, Accounting Law |
| Technical logs (server, errors) | 30 days | Security, troubleshooting |
| Security logs (authentication) | 6 months | Detection of unauthorized access, compliance |
Upon expiry of the retention period, data is automatically deleted or irreversibly anonymized.
8. Your Rights (Art. 15-22 GDPR)
As a data subject, you have the following rights, exercisable free of charge:
8.1 Right of Access (Art. 15)
You may request confirmation that we process personal data concerning you and a copy of such data, together with information on the purpose, categories, recipients and retention periods.
8.2 Right to Rectification (Art. 16)
You may request the correction of inaccurate data or completion of incomplete data concerning you, without undue delay.
8.3 Right to Erasure — "Right to be Forgotten" (Art. 17)
You may request the deletion of personal data in the following situations: the data is no longer necessary for the original purpose; you withdraw your consent; you object to the processing; the data has been processed unlawfully. This right does not apply if we have a legal obligation to retain.
8.4 Right to Restriction of Processing (Art. 18)
You may request the limitation of processing if: you contest the accuracy of the data; the processing is unlawful but you do not want deletion; we need the data for the establishment/exercise of a right in court; you have objected to the processing (pending verification).
8.5 Right to Data Portability (Art. 20)
You may receive personal data in a structured, commonly used and machine-readable format (JSON or CSV) and you have the right to transmit such data to another controller.
8.6 Right to Object (Art. 21)
You may object at any time to processing based on legitimate interest (Art. 6(1)(f)), including profiling. We will cease processing unless we demonstrate compelling legitimate grounds.
8.7 Right not to be Subject to an Automated Decision (Art. 22)
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similar. Our AI agent processes reservation requests but does not make decisions with significant legal effects on data subjects.
8.8 Right to Withdraw Consent (Art. 7(3))
In case of processing based on consent, you may withdraw your consent at any time, without affecting the lawfulness of processing carried out before withdrawal.
8.9 Exercising Your Rights
Response time: maximum 30 calendar days from receipt of the request (extendable by 60 days in complex cases, with notification)
Identification: We may request identity verification to prevent unauthorized access to data
Cost: Free. In case of repetitive or excessive requests, we may charge a reasonable fee or refuse the request, in accordance with Art. 12(5) GDPR.
End Customers (persons making reservations): since the User (the business) is the controller of your data, please first address the respective business. If you do not receive a satisfactory response within 30 days, you may contact us directly at privacy@rezervatio.ai.
9. Data Security (Art. 32 GDPR)
We implement appropriate technical and organizational measures, in accordance with Art. 32 GDPR, including:
9.1 Technical Measures
- Encryption in transit via modern TLS protocols for all data transfers
- Secure password storage via robust cryptographic hash functions
- Database-level isolation via row-level security mechanisms
- Network protection — firewall, DDoS protection and rate limiting
- Automatic backup daily, encrypted, with disaster recovery plan
- Restricted administrative access — multi-factor authentication and unauthorized access detection mechanisms
- Modern authentication — limited-duration tokens and MFA support
- Active monitoring — secure logging and incident response
The complete technical details regarding security measures are available to active B2B customers under the Data Processing Agreement (DPA) and may be presented in the context of security audits with prior notice.
9.2 Organizational Measures
- Data minimization principle — we collect only data strictly necessary
- Storage limitation principle — automatic deletion upon expiry of the retention period
- Role-based access — access limited to the data necessary for each function
- Confidentiality — all collaborators with access to data have contractual confidentiality obligations
- Incident procedures — documented security incident response plan
- Periodic review — annual evaluation of security measures
10. Notification of Security Incidents (Art. 33-34 GDPR)
In the event of a personal data security breach:
- We will notify the National Supervisory Authority (ANSPDCP) within a maximum of 72 hours of becoming aware of the incident, unless the breach is unlikely to result in a risk to individuals' rights
- We will inform the affected Users (in our capacity as data processor) without undue delay and within a maximum of 48 hours of becoming aware of the incident
- If the breach is likely to result in a high risk to individuals' rights, we will directly inform the affected data subjects
- We will document each incident, the measures taken and the outcomes in our internal incident register
11. Cookies and Similar Technologies
For detailed information regarding the use of cookies and localStorage, please consult the Cookie Policy section of this page.
12. Changes to the Privacy Policy
This policy may be updated periodically. The date of the last update is displayed at the top of the document. Significant changes will be communicated by email to registered Users, a visible banner on the platform and publication on this page.
13. Right to Lodge a Complaint
If you consider that the processing of your personal data infringes GDPR, you have the right to lodge a complaint with the supervisory authority:
Address: B-dul G-ral. Gheorghe Magheru no. 28-30, Sector 1, postal code 010336, Bucharest, Romania
Phone: +40.318.059.211 / +40.318.059.212
Email: anspdcp@dataprotection.ro
Website: www.dataprotection.ro
14. Contact
Data Protection Officer (DPO): privacy@rezervatio.ai
General contact: contact@rezervatio.ai
Website: www.rezervatio.ai
Cookie Policy
Last updated: April 27, 2026
1. What Are Cookies?
Cookies are small text files stored on your device by your browser. They allow websites to retain information between visits.
2. What We Use
Rezervatio.AI uses exclusively browser local storage (localStorage), not traditional HTTP cookies. This means that:
- We do not send cookies via HTTP headers
- Data remains only on your device
- We do not use tracking or advertising cookies
- We do not use analytics services (Google Analytics, Facebook Pixel, etc.)
3. What We Store in localStorage
| Category | Purpose | Type | Duration |
|---|---|---|---|
| User preferences | Visual theme, dashboard layout, active organization | Functional | Permanent (until manual deletion) |
| Consent and compliance | Cookie preferences and legal acceptances | Essential | Permanent |
| Authentication token | Limited-duration secure token, automatically refreshed | Essential | Session (max 1 hour) |
| Onboarding drafts | Automatic save of in-progress configurations | Functional | Until completion |
We do not use:
- Tracking cookies (Google Analytics, Facebook Pixel, etc.)
- Advertising cookies
- Profiling cookies
All data stored in localStorage remains on the User's device and may be deleted at any time from the browser settings.
4. Third-Party Services
| Service | Purpose |
|---|---|
| Cloudflare | Security, CDN and DDoS protection |
| Stripe | Payment processing (active only on the checkout page) |
The complete privacy policies of these providers are available on their official websites.
5. How You Can Control Cookies
- Via our banner: On your first visit, you can choose "Accept" or "Essential only"
- Via your browser: You can delete localStorage from your browser settings (Developer Tools > Application > Local Storage)
- Full deactivation: You can disable JavaScript in your browser, but the site will not function correctly
6. Contact
For questions about cookies: privacy@rezervatio.ai
GDPR Compliance
Last updated: April 27, 2026
Rezervatio.AI complies with EU Regulation 2016/679 (GDPR) and Romanian Law no. 190/2018.
Roles in Data Processing
- For caller (End Customer) data: we act as a data processor (Art. 28 GDPR). The controller is the User's business that uses the Platform.
- For our Users' data (account, billing): we are the controller.
Key guarantees
- End-to-end encryption for all data in transit
- Servers located exclusively in the European Union
- Multi-factor authentication (MFA) available
- Daily backup and disaster recovery plan
- DPIA (Data Protection Impact Assessment) performed in accordance with Art. 35 GDPR
- Notification of security incidents to ANSPDCP within a maximum of 72 hours
Your Rights (Art. 15-22 GDPR)
You have the right to: access, rectification, erasure, restriction, portability, objection, withdrawal of consent.
Response time: maximum 30 calendar days (Art. 12(3) GDPR)
Data Processing Agreement (DPA)
For active B2B customers, the complete and digitally signable DPA is automatically provided at onboarding and available at any time in the dashboard, "Legal Documents" section.
Complaint
You have the right to lodge a complaint with the National Supervisory Authority for Personal Data Processing (ANSPDCP):
Email: anspdcp@dataprotection.ro
Data Protection Officer
Email: privacy@rezervatio.ai
EU · GDPR Compliant