SPOTLY
HomeVenuesEvents
SpotlySPOTLY

The future of nightlife reservations. Book your perfect table instantly and experience unforgettable nights out.

Product

  • Features
  • Download App
  • How It Works

Company

  • Contact

Legal

  • Privacy Policy
  • Terms of Use

© 2026 Spotly. All rights reserved.

myspotlySpotly

Legal · Privacy

Privacy Policy.

Last updated: May 27, 2025

Spotly ("we," "us," or "our") takes your privacy seriously. This Privacy Policy explains how we collect, use, share, and protect your information when you use the Spotly mobile app and website (together, the "Service").

By accessing or using Spotly, you agree to the terms outlined below. If you have questions, see Section 12 ("Contact Us").

Contents

  1. 01Information We Collect
  2. 02How We Use Your Data
  3. 03Who We Share Data With
  4. 04Data Retention & Deletion
  5. 05Security Measures
  6. 06Your Rights
  7. 07Legal Basis for Processing
  8. 08International Data Transfers
  9. 09Cookies & Tracking Technologies
  10. 10Children's Privacy
  11. 11Changes to This Policy
  12. 12Contact Us
01

Information We Collect

1.1. Personal Data Provided by Users

When you sign up and use Spotly, you may choose to provide some or all of the following personal information:

  • —Name (first and last)
  • —Email address
  • —Phone number
  • —Date of birth (if you opt to enter it; we do not require DOB to create an account)
  • —Profile photo, bio, and venue/cuisine preferences (optional, for a more personalized experience)
  • —Payment information (e.g., credit card details, billing address)—processed securely via our payment providers, Stripe (for EU and international card payments) and Casys (as a local payment gateway in Macedonia)
  • —Location data (only if you enable location services, used to show nearby venues and events)

1.2. Automatically Collected Data

Whenever you use the Service—whether on mobile or web—we automatically collect certain technical and usage data, including:

  • —Device token and operating system (e.g., iOS or Android version)
  • —IP address and approximate geolocation (to help secure your account and serve local content)
  • —App usage data: which screens you visit, buttons you tap, search queries, reservation history, and crash reports
  • —Cookies and similar tracking technologies (see Section 3)
  • —Aggregated, cookieless analytics data via Vercel Analytics and Vercel Speed Insights (e.g., page views, performance metrics)—this does not identify you individually

1.3. Third‐Party Data

  • —Social media logins (if you choose to sign in via Facebook, Google, or Apple): we receive basic profile information (name, email, avatar).
  • —Data from venue/partner accounts: if you register as a venue owner or event organizer, you may upload event details, seating layouts, or promotional materials.
02

How We Use Your Data

We use the information collected in Section 1 for all of the following purposes:

2.1. To provide and improve the Service

  • —Authenticate and manage your account
  • —Process table reservations, ticket purchases, and any in‐app transactions (via Stripe and Casys)
  • —Send booking confirmations, reminder notifications, and important system alerts

2.2. To personalize your experience

  • —Recommend nearby venues, upcoming events, or promotions based on your location, past reservations, and stated preferences
  • —Remember your settings (e.g., favorite venues, language choice) so you don't have to re‐enter them

2.3. To enable secure payments and prevent fraud

  • —Work with our PCI-DSS-compliant payment processors (Stripe and Casys) to tokenize your payment method securely
  • —Monitor for suspicious activity and block accounts that appear to be violating our Terms of Use or engaging in fraudulent behavior

2.4. To comply with legal obligations

  • —Retain reservation logs and transaction records when required by local regulations
  • —Respond to valid law‐enforcement requests (e.g., subpoenas, court orders)

2.5. For analytics and service improvement

  • —Use Vercel Analytics and Vercel Speed Insights (cookieless) to understand which pages and features are most used and where performance bottlenecks occur
  • —Analyze aggregated data to find usage trends, fix bugs, and plan new features

2.6. To communicate with you

  • —Send newsletters, marketing emails (if you opt in), and promotional offers from Spotly or our partners
  • —Respond to customer‐support inquiries, feedback, or complaints

2.7. Other purposes

  • —If we undergo a merger, acquisition, or asset sale, your data may be transferred (see Section 3)
  • —Any other uses to which you consent
03

Who We Share Data With

We do not sell your personal information.

We may share your data in the following scenarios:

3.1. Service Providers

  • —Hosting & Infrastructure: AWS (or another cloud provider) stores your profile, reservation records, and media uploads
  • —Analytics & Hosting: Vercel (Vercel Inc.) hosts the Service and provides cookieless, aggregated analytics and performance monitoring under its own Privacy Policy; this data does not identify you individually
  • —Payments: Stripe (Stripe Payments Europe, Ltd.) and Casys process and store your credit‐card information under their own privacy policies and PCI-DSS certification; we only receive a tokenized reference, never your full card number

3.2. Law Enforcement & Legal Requests

  • —If required by law (court order, subpoena, or government inquiry), we'll share the minimum data necessary to comply
  • —To protect user safety—if we reasonably believe someone's life or property is at risk

3.3. Venue Owners & Event Organizers

  • —When you book a table or buy a ticket, we share your name, email, and phone number with the venue or organizer so they can confirm your reservation and contact you if needed
  • —We do not share sensitive payment data (e.g., your full credit‐card number) with venues—only a confirmation of payment

3.4. Other Users

  • —In public areas (e.g., venue reviews, event chat), certain profile fields (username, avatar, bio) may be visible to anyone using Spotly
  • —You can control what you share via your Privacy Settings in the app

3.5. Affiliates & Business Partners

  • —If Spotly acquires or merges with another company, your data may transfer as an asset, subject to notice and your continued rights under this policy
  • —We may share limited contact information with marketing partners if you expressly opt in (e.g., third‐party restaurant promotions)

3.6. With Your Consent

  • —Any other sharing not listed above will only occur if you explicitly agree (e.g., participating in a user‐research study)
04

Data Retention & Deletion

4.1. Account Data & Profile Information

We retain your personal data (profile, reservations, payment tokens) for as long as your account remains active. If you request deletion (see below), we'll delete or anonymize it unless we are required to keep it for legal reasons (e.g., tax records, fraud investigations).

4.2. Usage & Analytics Data

We keep aggregated, cookieless analytics (via Vercel) indefinitely in a form that does not identify you. Raw logs (device tokens, IP addresses, crash reports) are retained for up to 12 months, then purged or anonymized.

4.3. Payment & Transaction Records

For compliance with local regulations, we retain transaction receipts and billing records for at least 5 years (or as required by Macedonian law).

4.4. How to Delete Your Data

  1. 01In the Spotly app, go to Settings → Privacy → Delete Account.
  2. 02Follow the on-screen prompts to confirm.
  3. 03We will permanently remove your personal profile, reservations, and photos within 30 days, unless required otherwise for legal or security reasons.
  4. 04Even after deletion, anonymized usage statistics (e.g., "User X made 10 reservations in 2024") may remain in our analytics.
05

Security Measures

While we strive to protect your data, no system is 100% secure. If we become aware of a breach affecting your personal information, we will notify you within 72 hours (or as required by law).

We implement industry-standard safeguards to protect your data, including:

  • —Encryption in transit (TLS/HTTPS) whenever you interact with Spotly (mobile API calls, web dashboard).
  • —Encryption at rest for sensitive data (e.g., payment tokens) in our databases.
  • —Access Controls & Auditing: Only authorized personnel can access production data, and all access is logged.
  • —Regular Security Reviews: We perform quarterly vulnerability scans and annual penetration tests.
  • —User Responsibilities: You are responsible for safeguarding your login credentials. Do not share your password or authentication code with anyone.
06

Your Rights

Depending on where you live, you may have the following rights regarding your personal data:

6.1. Access & Correction

Can I access my personal data?
You can request a copy of all personal data we hold about you.
How do I correct my information?
If any information is inaccurate or incomplete, you can correct it via Settings → Profile or by emailing us.

6.2. Deletion ("Right to Be Forgotten")

Can I delete my account?
You can request account deletion as described in Section 4.
Will all my data be deleted?
Be aware that some data (e.g., transaction records) may remain for legal compliance.

6.3. Opt-Out

How do I unsubscribe from marketing emails?
If you receive newsletters or promotional emails, click "Unsubscribe" at the bottom of any message or toggle off marketing under Settings → Notifications.
Can I disable location tracking?
You can disable location services for Spotly via your device's system settings. Note: Disabling location may limit personalized venue recommendations.

6.4. Data Portability

Can I export my data?
Upon request, we can provide your profile data (name, email, reservation history) in a common, machine-readable format (e.g., CSV or JSON).

6.5. Withdraw Consent

Can I withdraw my consent?
If you previously consented to processing (e.g., for marketing), you can withdraw that consent at any time—either in the app or by emailing us.

6.6. Complaint to Supervisory Authority

Where can I file a complaint?
If you're in Macedonia (or the EU), you have the right to lodge a complaint with the relevant data protection authority.
07

Legal Basis for Processing

We only process your personal data where we have a valid legal basis to do so under applicable data protection law (including the EU General Data Protection Regulation (GDPR) and the Republic of Macedonia's Law on Personal Data Protection). Depending on the activity, we rely on one or more of the following bases:

[TO VERIFY WITH LEGAL COUNSEL: Confirm the specific lawful basis assigned to each processing purpose in Section 2, especially the boundary between consent and legitimate interest for analytics and personalization, and confirm this reflects your actual practices.]

7.1. Performance of a Contract

To create and manage your account and to process the reservations, ticket purchases, and other transactions you request, we process your data because it is necessary to provide the Service you have asked for.

7.2. Consent

For optional activities—such as sending marketing emails, push notifications, location-based recommendations, and setting non-essential cookies—we rely on your consent. You can withdraw your consent at any time (see Section 9), without affecting the lawfulness of processing carried out before withdrawal.

7.3. Legitimate Interests

To keep our platform secure, prevent fraud and abuse, analyze and improve the Service, and send service-related communications, we rely on our legitimate interests—balanced against your rights and freedoms. You may object to processing based on legitimate interests at any time.

7.4. Legal Obligation

To retain transaction and tax records and to respond to valid requests from competent authorities, we process your data to comply with our legal obligations.

7.5. Profiling & Automated Processing

We use limited automated processing to personalize venue and event recommendations based on your location, preferences, and past activity. These do not produce legal or similarly significant effects on you, and you can opt out of personalization in your settings.

08

International Data Transfers

Spotly is operated from the Republic of Macedonia. Some of our service providers (for example, AWS and Vercel for hosting, Vercel for cookieless analytics, and Stripe for payments) may store or process your personal data on servers located outside of Macedonia and the European Economic Area (EEA). For EU users, card payments are handled by Stripe Payments Europe, Ltd. (Ireland).

  • —Whenever we transfer personal data internationally, we take steps to ensure it receives an adequate level of protection.
  • —Where applicable, we rely on European Commission adequacy decisions, or we put in place Standard Contractual Clauses (SCCs) or other safeguards approved by the relevant authorities.
  • —You may request more information about the safeguards we apply to a specific transfer by contacting us (see Section 12).

[TO VERIFY WITH LEGAL COUNSEL: Confirm the exact processing locations of each sub-processor (AWS, Vercel, Stripe, Casys, and any others) and the specific transfer mechanism—adequacy decision, SCCs, or other—in place for each, and ensure a signed Data Processing Agreement (DPA) is in place with each processor.]

09

Cookies & Tracking Technologies

We aim to keep tracking on the Service to a minimum. We do not currently use advertising cookies, third-party marketing pixels, or cross-site tracking. The technologies we rely on fall into two categories:

  • —Strictly necessary: required for core functionality such as authentication, session management, and security. These do not require consent and cannot be switched off.
  • —Analytics & performance: we use Vercel Analytics and Vercel Speed Insights, which are cookieless—they measure aggregated usage and performance without setting cookies, storing identifiers on your device, or tracking you across other websites.

Because our analytics are cookieless and we set no non-essential cookies, a cookie-consent banner is not currently required for these technologies. If we later introduce non-essential cookies or third-party marketing/analytics tools (such as Google Analytics or advertising pixels), we will request your prior consent and provide controls to accept or reject them. [TO VERIFY WITH LEGAL COUNSEL: Confirm that no other scripts set cookies or device identifiers in production, and that this assessment holds for your live deployment.]

10

Children's Privacy

Spotly is intended for adults. You must be at least 18 years old to create an account and complete transactions. We do not knowingly collect or maintain personal data from anyone under the age of 16 without verified parental or guardian consent, in line with applicable data protection law. If we discover that a person under this age has provided us with personal information without the required consent, we will promptly delete it.

[TO VERIFY WITH LEGAL COUNSEL: Confirm the applicable minimum digital-consent age under Macedonia's data protection law and ensure the age threshold is stated consistently across the Terms of Use (Section 2) and this Privacy Policy.]

11

Changes to This Policy

We may update this Privacy Policy from time to time (e.g., to reflect new features or legal requirements). When we make material changes, we will:

  • —Update the "Last updated" date at the top.
  • —Notify you in-app and by email (if you have an account).
  • —Encourage you to review it periodically—continued use of Spotly after changes indicates your acceptance of the revised policy.
12

Contact Us

If you have any questions, requests, or concerns about this Privacy Policy or Spotly's data practices, please contact us by email at support@myspotly.com, or through our website at myspotly.com/contact.

[TO VERIFY WITH LEGAL COUNSEL: Determine whether your processing activities require you to appoint a Data Protection Officer (GDPR Art. 37) and/or an EU representative (GDPR Art. 27). If so, add their contact details here.]