Privacy Policy

Legal basis — European law

This policy complies with Regulation (EU) 2016/679 (GDPR) and the Finnish Data Protection Act (Tietosuojalaki 1050/2018). We process personal data only when we have a lawful basis: consent, contract performance, legal obligation, or legitimate interest.

Data controller

The data controller responsible for your personal data is The Receptionist. For requests or complaints, use our Contact page or the details in this policy.

Personal information we collect

We collect only the data necessary to provide our services:

• Account data — Name, email address, phone number (optional), password. Legal basis: contract performance.
• Profile data — Avatar, country, city, address, zipcode, location (if you choose to share it). Legal basis: consent or contract.
• Merchant data — Company name, business email, phone, business ID, address. Legal basis: contract performance.
• Booking data — Customer name, email, phone when making or managing bookings. Legal basis: contract performance.
• Communication data — Chat messages, voice transcripts, emails sent through the platform. Legal basis: contract performance and legitimate interest.
• Payment data — Billing details for subscriptions. Payment card data is handled by our payment providers (Stripe, Fapshi); we do not store full card numbers. Legal basis: contract performance.
• Technical data — IP address, browser type, session data, cookies. Legal basis: legitimate interest (security, functionality) or consent.

How we use your information

• To create and manage your account
• To process bookings and send confirmations
• To provide AI-powered chat and voice booking
• To send transactional emails (verification, password reset, booking updates)
• To process subscription payments
• To improve our services and ensure security
• To comply with legal obligations

Sharing and transfers

We may share data with:

• Payment providers (Stripe, Fapshi) for processing payments
• AI service providers for chat and voice features
• Email and notification services
• Hosting and infrastructure providers

When we transfer data outside the EEA, we ensure appropriate safeguards (e.g. adequacy decisions, standard contractual clauses) as required by GDPR Article 44–50.

Retention

We retain personal data only as long as necessary for the purposes described, or as required by law. Account data is kept while your account is active; you may request deletion at any time. Booking and communication records may be retained for legal and accounting purposes as permitted by applicable law.

Your rights under European law

Under GDPR, you have the right to:

• Access your personal data
• Rectify inaccurate data
• Request erasure (“right to be forgotten”)
• Restrict processing
• Data portability
• Object to processing
• Withdraw consent at any time (where consent is the basis)
• Lodge a complaint with a supervisory authority

To exercise these rights, contact us. In Finland, you may contact the Data Protection Ombudsman at tietosuoja.fi.

Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction, in line with GDPR Article 32.