Legal
Data Processing Agreement
Last updated: 2 April 2026
1. Definitions
- Controller — the restaurant operator who determines the purposes of processing guest data.
- Processor — Posto, which processes guest data on the Controller’s instructions.
- Personal Data — guest name, email, phone number, dietary requirements, and any other data submitted through the booking form.
- UK GDPR — the UK General Data Protection Regulation as retained in UK law.
2. Scope of processing
| Subject matter | Restaurant reservation management |
| Duration | For the term of the operator’s subscription, plus retention period |
| Nature | Storage, retrieval, transmission, deletion of guest booking data |
| Purpose | To fulfil restaurant reservations on behalf of the Controller |
| Data subjects | Restaurant guests who make reservations |
| Personal data categories | Name, email, phone, dietary requirements, booking preferences |
3. Processor obligations
Posto agrees to:
- Process personal data only on documented instructions from the Controller
- Ensure all personnel with access to personal data are bound by confidentiality obligations
- Implement appropriate technical and organisational security measures (encryption at rest and in transit, access controls, audit logging)
- Assist the Controller in responding to data subject rights requests (erasure, access, portability)
- Delete or return all personal data at the end of the service relationship
- Make available all information necessary to demonstrate compliance with this Agreement
- Notify the Controller without undue delay (and within 48 hours) of any personal data breach
4. Sub-processors
The Controller authorises Posto to engage the following sub-processors:
| Sub-processor | Purpose | Location |
|---|---|---|
| Supabase Inc. | Database and authentication | EU / US |
| Stripe Inc. | Payment processing | US |
| Resend Inc. | Transactional email delivery | US |
| Vercel Inc. | Hosting and infrastructure | US |
We will notify Controllers at least 14 days before adding new sub-processors. All sub-processors operating in the US are bound by Standard Contractual Clauses or equivalent.
5. Controller obligations
The Controller agrees to:
- Ensure a lawful basis exists for collecting and sharing guest data with Posto
- Provide guests with appropriate privacy information at the point of booking
- Obtain explicit consent for the collection of special category data (dietary / health information)
- Process data subject rights requests promptly using Posto’s provided tools
6. International transfers
Some sub-processors are located in the United States. Personal data transferred to the US is protected under Standard Contractual Clauses (SCCs) approved by the UK ICO, or equivalent transfer mechanisms in place at the time of transfer.
7. Term and termination
This DPA remains in force for the duration of the operator’s subscription. On termination, Posto will delete or anonymise all personal data within 90 days, unless retention is required by law.
8. Governing law
This Agreement is governed by the laws of England and Wales.
9. Contact
Data protection queries: privacy@getposto.com