Privacy
Policy

1. Data we collect

When you make a booking, we collect your first name, last name, email address, and optionally your phone number and notes for the host. We do not store your payment details — all transactions are handled directly by Stripe, which is PCI-DSS compliant.

2. How we use your data

Your data is used solely to process and manage your booking, send you confirmation and pre-experience emails, and improve the Mas & Table experience. We do not sell, rent, or share your personal data with third parties outside of what is strictly necessary to deliver your experience.

3. Who sees your data

Your first name, number of guests, and any notes you provide are shared with the relevant host to prepare your experience. Your email is used only by Mas & Table for booking-related communications. We use Resend to send transactional emails and Supabase to store booking data — both are GDPR-compliant.

4. Cookies

We use a minimal number of cookies necessary for the site to function — primarily for authentication (Supabase session cookie) and basic analytics. We do not use advertising cookies or third-party tracking pixels.

5. Your rights

Under GDPR, you have the right to access, correct, or delete your personal data at any time. To exercise these rights, contact us at hello@masandtable.com. We will respond within 30 days.

6. Data retention

Booking data is retained for a period of 5 years for accounting and legal compliance purposes, then permanently deleted. Account data is deleted upon request or after 3 years of inactivity.

7. Security

We take data security seriously. All data is encrypted in transit (HTTPS) and at rest. Access to personal data is strictly limited to the Mas & Table team.

8. Contact

For any questions regarding your privacy or personal data, contact us at hello@masandtable.com. You may also lodge a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés) at cnil.fr.