Privacy Policy

Article 1 - Data Controller

The data controller is Jean-Baptiste ALDEBERT, person in charge of GASTRONOGUIDE.

Article 2 - Data Collected

Collected data includes: first name, last name, email address, phone number, appointment date and time, and number of participants.

Payment information (card number, expiration date, security code) is collected and processed directly by our payment provider Stripe Inc., certified PCI-DSS Level 1. GASTRONOGUIDE does not have access to full banking data and does not store it on its servers.

Article 3 - Purpose of Processing

Personal data is collected for booking management, customer follow-up, communication relating to booked services, and SMS notifications to the manager when new bookings are made (the manager receives customer contact details for operational follow-up).

No data is sold or transferred to third parties.

Article 4 - User Rights

In accordance with GDPR (EU 2016/679), each user has the right to access, rectify, delete and port their data. Any request may be sent to gastronoguide@gmail.com.

Article 5 - Retention Period

Personal data is kept only for the time strictly necessary for the purposes of processing, subject to applicable legal retention obligations.

Article 6 - Processors

GASTRONOGUIDE uses the following processors:

These processors are subject to personal data protection obligations within the scope of their services.

• Stripe Inc. (payment processing) - PCI-DSS Level 1 certified
• Vercel Inc. (website hosting)
• Supabase Inc. (database)
• Brevo (formerly Sendinblue) - transactional emails and SMS notifications

Article 7 - Security

Data is stored on secure servers (Vercel and Supabase). Payments are handled via Stripe (PCI-DSS compliant). Email and SMS communications are managed via Brevo.

Article 8 - Cookies and Trackers

See the Cookie Policy available on the website.

Article 9 - Contact

For any question related to personal data protection, users may write to gastronoguide@gmail.com.