Skip to main content

Reservly Data Deletion Policy

Last updated: May 19, 2026

The short version

  • You have the right to ask Reservly to delete the personal information we hold about you.
  • The simplest path is in your dashboard: Settings → Account → Delete account. If you do not have a Reservly account (for example, you are an end-user customer of a business that uses Reservly), email support@reservly.io with subject line "Data Deletion Request".
  • We complete eligible requests within 30 days of receipt.
  • Some data is retained for legal, fraud-prevention, or accounting reasons — we explain which categories below and the legal basis for retaining each.

This page describes the policy and procedure. The right itself comes from GDPR Article 17 (right to erasure), CCPA / CPRA § 1798.105 (right to delete), and similar provisions in other applicable privacy laws.

1. Who this page is for

This page applies to anyone whose personal information Reservly processes, including:

  • Business owners — the people who subscribe to Reservly and operate booking pages.
  • Team members — staff invited to a business owner's Reservly workspace.
  • End-user customers — people who book a service, event, or rental through a business's Reservly-hosted booking page.

For end-user customers, two parties may hold your data: the business you booked with (as Controller under GDPR / "Business" under CCPA) and Reservly (as Processor / Service Provider acting on the business's behalf). This page describes Reservly's deletion procedure; the business may have an independent procedure under its own privacy policy. See our Data Processing Agreement for the Controller-Processor split.

2. How to submit a deletion request

Three paths. Pick whichever is easiest.

2.1 Self-service — dashboard (business owners and team members)

If you have a Reservly account, log in and go to Settings → Account → Delete account. You will be asked to confirm via a link sent to your account email. After confirmation, your account enters a 14-day cooling-off period during which you can cancel the deletion via the link in the confirmation email. After 14 days, the deletion proceeds on the timeline described in § 4.

2.2 Token link (end-user customers)

If you are an end-user customer who booked through a Reservly-hosted booking page, every booking confirmation email Reservly sends includes a "Request deletion" link in the footer. Following that link opens a Reservly-hosted page where you can confirm the request. You can also request deletion of an individual booking from the booking-management page that any confirmation email links to.

2.3 Email

Email support@reservly.io with subject line "Data Deletion Request". Include:

  • The email address you used at booking time or to create your account.
  • If you are requesting deletion of a specific booking, the booking ID (visible in the confirmation email) or the date and business name.
  • If you are requesting deletion as an authorised agent acting on someone else's behalf, attach written permission signed by that person (or an equivalent power-of-attorney instrument).

We confirm receipt within 10 business days and complete eligible requests on the timeline described in § 4.

3. What gets deleted

When Reservly completes a deletion request, the following are deleted from Reservly's production database within the deletion window (§ 4):

  • Your account record (name, email, phone number, hashed password, account preferences) — if you have a Reservly account.
  • Your booking records linked to the requested email or booking ID — including booking metadata (date, time, service, party size, prices), customer notes you submitted, and customer-supplied form-field answers.
  • Payment-method tokens linked to your bookings (Reservly never stored the card number itself — only a Stripe / PayPal token; the token is invalidated and removed).
  • Contact preferences and marketing-consent records linked to your email or phone number.
  • Cookie-preference records linked to your account (in-browser cookies are also cleared on next visit).
  • Any support correspondence with Reservly that you specifically ask to be deleted.

Backups containing your data are retained for up to 30 days after deletion completes (per § 5.1 below) and are then automatically rotated out.

4. Timeline

StepMaximum elapsed time
Receipt confirmation10 business days from request
Verification (if needed)up to 10 business days
Production-database deletionup to 30 days from a verified request
Backup rotationa further 30 days

For most requests submitted via the self-service or token-link paths, deletion completes within 24 hours of confirmation. The longer windows above are the outer limits required by GDPR Article 12(3) and applicable state laws.

5. What is retained, and why

A small amount of data may be retained after a deletion request. Each retained category has a specific legal basis.

5.1 Encrypted backups

Reservly's production database is backed up daily. Backups containing your data persist for up to 30 days after deletion completes, then are automatically rotated out. Restoring from a backup during this window would not re-create your account — the next backup cycle replaces the older snapshots without your data. Legal basis: GDPR Article 17(3)(b) (compliance with legal obligation — disaster-recovery and security requirements under Article 32) and equivalent state-law provisions.

5.2 Anonymised analytics

Booking aggregates that have been stripped of personal identifiers (no name, no email, no phone, no IP) and reduced to numeric counts may be retained for service-improvement analytics. After anonymisation, the data is no longer personal information under GDPR Article 4(1) or CCPA / CPRA § 1798.140(o)(3); anonymisation is permanent and irreversible. Legal basis: GDPR Article 17(3)(b) (legitimate interest in service operation); CCPA / CPRA § 1798.105(d)(7) (debugging and service improvement) — applied only after irreversible anonymisation.

5.3 Audit log and fraud-prevention records

Reservly maintains an internal audit_log of administrative actions (sign-ins, permission changes, account deletions themselves, billing actions, security events). Audit-log entries that reference a deleted account are retained for 24 months for fraud-detection and regulatory record-keeping, then deleted. These entries contain only operational metadata (timestamps, IP addresses, action types) — they do not contain the substantive personal information described in § 3 above. Legal basis: GDPR Article 17(3)(b) (legitimate interest in fraud prevention and security under Article 32); CCPA / CPRA § 1798.105(d)(2) (detect security incidents, protect against malicious or fraudulent activity).

5.4 Records the business legitimately needs

If you are an end-user customer of a business that uses Reservly, the business may have its own legitimate basis to retain a booking record after you request deletion from Reservly — for example, tax law (typical retention 5–10 years depending on jurisdiction), consumer-rights compliance (for cancellation-window disputes), or an active dispute or chargeback related to your booking. Reservly's deletion procedure is separate from the business's procedure. If a business retains your data after you request deletion from Reservly, you should address that retention with the business directly under the business's own privacy policy. Reservly will provide a notification mechanism on request so that the business is aware of your deletion request even if the business does not itself proceed with deletion. Legal basis: GDPR Article 17(3)(b) and (e) (compliance with legal obligation; establishment, exercise, or defence of legal claims).

5.5 Records Reservly itself must retain

A small set of records related to Reservly's own subscription billing may be retained beyond the deletion window where Reservly is legally required to do so — typically billing invoices and tax records (held by Paddle as Merchant of Record, but Reservly retains a reference and a tax-jurisdiction code for accounting purposes). Legal basis: GDPR Article 17(3)(e); CCPA / CPRA § 1798.105(d)(4) (comply with a legal obligation).

6. Verification

Reservly may need to verify that a deletion request genuinely comes from you (or from someone you have authorised) before we act on it. Typical verification is low-friction: confirming an email on file, or matching a booking to the request.

We will not ask for government-issued ID for a routine deletion request. If a request appears to have been submitted by someone other than the data subject (for example, a request that does not match account-level details), we will reject the request and notify the email on file before taking action.

7. Free of charge — and exceptions

Deletion requests are free of charge.

GDPR Article 12(5) and CCPA / CPRA § 1798.130(c) permit Reservly to charge a reasonable fee, or to refuse to act on a request, where requests are manifestly unfounded or excessive — in particular because of their repetitive character. Reservly's policy is to honour the first request from any data subject without further questions and to apply the unfounded-or-excessive carve-out only against demonstrable abuse (e.g., automated request submission). The carve-out has not been invoked in Reservly's operating history.

8. Appeals

If Reservly denies a deletion request, you may appeal the denial.

  • EU / EEA / UK / Switzerland: Lodge a complaint with your supervisory authority (for the UK, the Information Commissioner's Office, ico.org.uk/make-a-complaint).
  • US states with a statutory appeal right (including Texas, Colorado, Virginia, Connecticut, and others as state laws evolve): Reply to our denial email with subject line beginning "Appeal". We respond within the time the state law provides, typically 45–60 days.
  • Other regions: Contact your jurisdiction's data-protection regulator. Our Privacy Policy § 9 has the regulator contact details.

9. Related rights

This page covers the right to deletion. Other rights — access, correction, portability, restriction, and objection — are described in our Privacy Policy § 9. The opt-out of sale or sharing is on the Do Not Sell or Share page. Reservly's role-and-responsibility split for business-customer data is in our Data Processing Agreement.

10. Contact

Reservly c/o Northwestern Registered Agent Services 30 N Gould St Ste R Sheridan, WY 82801 United States

Email: support@reservly.io Subject line for deletion requests: Data Deletion Request Subject line for authorised-agent requests: Data Deletion — Agent Request Privacy Officer: Stjepan Luburic, Founder — support@reservly.io (subject line Privacy Officer)

This page works together with our Privacy Policy, Terms of Service, Data Processing Agreement, Do Not Sell or Share, and Cookie Policy.