Privacy Policy.

1.1. Personal Data Provided by Users

When you sign up and use Spotly, you may choose to provide some or all of the following personal information:

• —Name (first and last)
• —Email address
• —Phone number
• —Date of birth (if you opt to enter it; we do not require DOB to create an account)
• —Profile photo, bio, and venue/cuisine preferences (optional, for a more personalized experience)
• —Payment information (e.g., credit card details, billing address)—processed securely via our payment providers, Stripe (for EU and international card payments) and Casys (as a local payment gateway in Macedonia)
• —Location data (only if you enable location services, used to show nearby venues and events)

1.2. Automatically Collected Data

Whenever you use the Service—whether on mobile or web—we automatically collect certain technical and usage data, including:

• —Device token and operating system (e.g., iOS or Android version)
• —IP address and approximate geolocation (to help secure your account and serve local content)
• —App usage data: which screens you visit, buttons you tap, search queries, reservation history, and crash reports
• —Cookies and similar tracking technologies (see Section 3)
• —Aggregated, cookieless analytics data via Vercel Analytics and Vercel Speed Insights (e.g., page views, performance metrics)—this does not identify you individually

1.3. Third‐Party Data

• —Social media logins (if you choose to sign in via Facebook, Google, or Apple): we receive basic profile information (name, email, avatar).
• —Data from venue/partner accounts: if you register as a venue owner or event organizer, you may upload event details, seating layouts, or promotional materials.

2.1. To provide and improve the Service

• —Authenticate and manage your account
• —Process table reservations, ticket purchases, and any in‐app transactions (via Stripe and Casys)
• —Send booking confirmations, reminder notifications, and important system alerts

2.2. To personalize your experience

• —Recommend nearby venues, upcoming events, or promotions based on your location, past reservations, and stated preferences
• —Remember your settings (e.g., favorite venues, language choice) so you don't have to re‐enter them

2.3. To enable secure payments and prevent fraud

• —Work with our PCI-DSS-compliant payment processors (Stripe and Casys) to tokenize your payment method securely
• —Monitor for suspicious activity and block accounts that appear to be violating our Terms of Use or engaging in fraudulent behavior

2.4. To comply with legal obligations

• —Retain reservation logs and transaction records when required by local regulations
• —Respond to valid law‐enforcement requests (e.g., subpoenas, court orders)

2.5. For analytics and service improvement

• —Use Vercel Analytics and Vercel Speed Insights (cookieless) to understand which pages and features are most used and where performance bottlenecks occur
• —Analyze aggregated data to find usage trends, fix bugs, and plan new features

2.6. To communicate with you

• —Send newsletters, marketing emails (if you opt in), and promotional offers from Spotly or our partners
• —Respond to customer‐support inquiries, feedback, or complaints

2.7. Other purposes

• —If we undergo a merger, acquisition, or asset sale, your data may be transferred (see Section 3)
• —Any other uses to which you consent

3.1. Service Providers

• —Hosting & Infrastructure: AWS (or another cloud provider) stores your profile, reservation records, and media uploads
• —Analytics & Hosting: Vercel (Vercel Inc.) hosts the Service and provides cookieless, aggregated analytics and performance monitoring under its own Privacy Policy; this data does not identify you individually
• —Payments: Stripe (Stripe Payments Europe, Ltd.) and Casys process and store your credit‐card information under their own privacy policies and PCI-DSS certification; we only receive a tokenized reference, never your full card number

3.2. Law Enforcement & Legal Requests

• —If required by law (court order, subpoena, or government inquiry), we'll share the minimum data necessary to comply
• —To protect user safety—if we reasonably believe someone's life or property is at risk

3.3. Venue Owners & Event Organizers

• —When you book a table or buy a ticket, we share your name, email, and phone number with the venue or organizer so they can confirm your reservation and contact you if needed
• —We do not share sensitive payment data (e.g., your full credit‐card number) with venues—only a confirmation of payment

3.4. Other Users

• —In public areas (e.g., venue reviews, event chat), certain profile fields (username, avatar, bio) may be visible to anyone using Spotly
• —You can control what you share via your Privacy Settings in the app

3.5. Affiliates & Business Partners

• —If Spotly acquires or merges with another company, your data may transfer as an asset, subject to notice and your continued rights under this policy
• —We may share limited contact information with marketing partners if you expressly opt in (e.g., third‐party restaurant promotions)

3.6. With Your Consent

• —Any other sharing not listed above will only occur if you explicitly agree (e.g., participating in a user‐research study)

4.1. Account Data & Profile Information

We retain your personal data (profile, reservations, payment tokens) for as long as your account remains active. If you request deletion (see below), we'll delete or anonymize it unless we are required to keep it for legal reasons (e.g., tax records, fraud investigations).

4.2. Usage & Analytics Data

We keep aggregated, cookieless analytics (via Vercel) indefinitely in a form that does not identify you. Raw logs (device tokens, IP addresses, crash reports) are retained for up to 12 months, then purged or anonymized.

4.3. Payment & Transaction Records

For compliance with local regulations, we retain transaction receipts and billing records for at least 5 years (or as required by Macedonian law).

4.4. How to Delete Your Data

1. 01In the Spotly app, go to Settings → Privacy → Delete Account.
2. 02Follow the on-screen prompts to confirm.
3. 03We will permanently remove your personal profile, reservations, and photos within 30 days, unless required otherwise for legal or security reasons.
4. 04Even after deletion, anonymized usage statistics (e.g., "User X made 10 reservations in 2024") may remain in our analytics.

6.1. Access & Correction

Can I access my personal data?

You can request a copy of all personal data we hold about you.

How do I correct my information?

If any information is inaccurate or incomplete, you can correct it via Settings → Profile or by emailing us.

6.2. Deletion ("Right to Be Forgotten")

Can I delete my account?

You can request account deletion as described in Section 4.

Will all my data be deleted?

Be aware that some data (e.g., transaction records) may remain for legal compliance.

6.3. Opt-Out

How do I unsubscribe from marketing emails?

If you receive newsletters or promotional emails, click "Unsubscribe" at the bottom of any message or toggle off marketing under Settings → Notifications.

Can I disable location tracking?

You can disable location services for Spotly via your device's system settings. Note: Disabling location may limit personalized venue recommendations.

6.4. Data Portability

Can I export my data?

Upon request, we can provide your profile data (name, email, reservation history) in a common, machine-readable format (e.g., CSV or JSON).

6.5. Withdraw Consent

Can I withdraw my consent?

If you previously consented to processing (e.g., for marketing), you can withdraw that consent at any time—either in the app or by emailing us.

6.6. Complaint to Supervisory Authority

Where can I file a complaint?

If you're in Macedonia (or the EU), you have the right to lodge a complaint with the relevant data protection authority.

7.1. Performance of a Contract

To create and manage your account and to process the reservations, ticket purchases, and other transactions you request, we process your data because it is necessary to provide the Service you have asked for.

7.2. Consent

For optional activities—such as sending marketing emails, push notifications, location-based recommendations, and setting non-essential cookies—we rely on your consent. You can withdraw your consent at any time (see Section 9), without affecting the lawfulness of processing carried out before withdrawal.

7.3. Legitimate Interests

To keep our platform secure, prevent fraud and abuse, analyze and improve the Service, and send service-related communications, we rely on our legitimate interests—balanced against your rights and freedoms. You may object to processing based on legitimate interests at any time.

7.4. Legal Obligation

To retain transaction and tax records and to respond to valid requests from competent authorities, we process your data to comply with our legal obligations.

7.5. Profiling & Automated Processing

We use limited automated processing to personalize venue and event recommendations based on your location, preferences, and past activity. These do not produce legal or similarly significant effects on you, and you can opt out of personalization in your settings.