reserveme.ai | AI Operations Platform for Heavy Equipment Teams

This Privacy Policy explains how Reservingtech OÜ — operator of the reserveme.ai platform — collects, uses, shares and protects personal data when you visit our website, use the booking Widget, or when our Customers use the Platform to manage their heavy-equipment operations. It applies together with our Data Processing Addendum (DPA) and the Security & Sub-Processors Policy, which are provided to Customers at contracting.

1. Who we are

The reserveme.ai Platform is operated by Reservingtech OÜ, a private limited company registered in Estonia under registry code 17199141, with registered office at Narva mnt 5, 10117 Tallinn, Estonia and operating office in Zürich, Switzerland. You can contact our privacy team at francesco@reserveme.ai.

2. Our role: controller and processor

When you browse our marketing website, contact us, or sign up for a trial, we act as the data controller of your personal data. When a Customer uses the Platform to manage its fleet, send quotations, operate the Widget, or run outbound communications to end-users, the Customer is the controller and we act as the processor on its documented instructions in accordance with our Data Processing Addendum, Article 28 GDPR and Article 9 FADP.

3. Personal data we process

Depending on how you interact with reserveme.ai, we process: - Identification data: name, role, email, phone. - Booking and Widget data: location, requested equipment, dates, contact details of end-users booking cranes, forklifts or other equipment. - Operational data: asset status, maintenance logs, workflow definitions and execution logs. - Outbound-communication data: content, delivery status, opt-ins and opt-outs, sender identifiers, WhatsApp and SMS metadata. - AI-generated content: transcripts, PDF quotations, messages produced by the Platform. - Commercial data: quotations, invoices, subscription records. - Technical data: IP address, device, browser, log data. We do not intentionally process special categories of personal data (Art. 9 GDPR / Art. 5(c) FADP); Customers must not upload such data without a separate written agreement.

4. How we use AI and machine vision

The Platform relies on probabilistic artificial-intelligence, machine-learning, machine-vision and generative-model components to extract specifications from Customer-uploaded technical documentation (load charts, capacity curves, manuals), to produce quotations and PDFs, to predict maintenance, to power Widget conversations, to generate outbound emails, WhatsApp and SMS messages, and to build Workflow Automations from natural-language descriptions. AI output is non-deterministic and may be incorrect. A qualified human at the Customer side must verify every material AI output before it is acted upon. We do not use identifiable personal data to train models; we may use de-identified and aggregated data to improve the Platform.

5. Sub-processors and international transfers

To deliver the Platform we rely on the following categories of sub-processors: cloud infrastructure (Amazon Web Services, Google Cloud Platform™), AI inference (OpenAI, Anthropic), payments (Stripe), transactional email and SMS (SendGrid, Twilio), WhatsApp Business (Meta Platforms), error monitoring (Sentry), and support/CRM (Intercom, HubSpot). The current list is maintained in the Security & Sub-Processors Policy shared with Customers. Personal data is processed in the European Economic Area, Switzerland, the United Kingdom or in countries with an adequacy decision. Where data is transferred outside those areas, we rely on the EU Standard Contractual Clauses (2021), supplemented by the Swiss FDPIC addendum and the UK IDTA as applicable.

6. Security and breach notification

We apply technical and organisational measures calibrated to the state of the art: TLS 1.2+ in transit, AES-256 at rest, least-privilege named accounts with mandatory multi-factor authentication, segregated production networks, WAF and DDoS mitigation, centralised audit logging with 12-month retention, encrypted daily backups with point-in-time recovery, and annual restore tests. We notify Customers of any personal-data breach affecting their data without undue delay and in any event within 72 hours of becoming aware.

7. Your rights

Data subjects may exercise the rights granted by the GDPR and the Swiss FADP, including access, rectification, erasure, restriction, portability and objection, as well as the right to lodge a complaint with a supervisory authority (in Estonia: the Andmekaitse Inspektsioon; in Switzerland: the FDPIC). Where we process data on behalf of a Customer, requests should be addressed to that Customer; we will assist Customers to respond within the timelines required by law. For all other requests, contact us at francesco@reserveme.ai.

8. Retention and updates

We retain personal data for the duration of the subscription with the Customer and for the legal retention periods that apply thereafter (accounting, tax, liability). After termination, Customers may export their data via self-service tools for 30 days, after which the data is deleted in accordance with the DPA. We may update this Policy; material changes will be notified by email to the Customer's primary contact and reflected in the "last updated" date above.

Contact us

For any privacy question, to exercise your rights, or to report a potential data incident, please contact our privacy team.

francesco@reserveme.ai