Last updated: 18 February 2026
BYTABLE is a product of Bloodstone Ltd, registered in England and Wales. We provide restaurant management software including reservations, guest CRM, marketing, and analytics tools. For the purposes of data protection law, Bloodstone Ltd is the data controller for data we collect about our platform users (restaurant operators), and a data processor for guest data that restaurants collect through our platform.
Restaurant operators: Name, email address, phone number, business name, billing information, and usage data (pages visited, features used, login times). Restaurant guests: On behalf of restaurants, we may process guest names, email addresses, phone numbers, dietary preferences, visit history, and booking details. Website visitors: We use cookies and analytics to understand how visitors use our marketing site.
We use operator data to provide and improve the BYTABLE platform, communicate about your account, and for billing. Guest data is processed on behalf of restaurants for reservation management, marketing communications (where opted in), and analytics. We do not sell personal data to third parties.
We process data under the following legal bases: Contract: Providing our service to restaurant operators. Legitimate interests: Platform improvement, security, and fraud prevention. Consent: Marketing emails to guests (opt-in required). Guests can withdraw consent at any time via the unsubscribe link in every email.
We share data with: Supabase (database hosting, EU region), Vercel (application hosting), Resend (email delivery), and Stripe (payment processing). All processors are GDPR-compliant. We do not share guest data between restaurants.
Restaurant operator accounts and their associated data are retained while the account is active and for 90 days after deletion. Guest data is retained by the restaurant and can be deleted upon request via the GDPR tools in the BYTABLE dashboard (Settings → GDPR & Privacy).
Under GDPR, you have the right to access, rectify, erase, restrict processing, data portability, and object to processing of your personal data. Restaurant guests should direct requests to the relevant restaurant. To exercise your rights as a platform user, email privacy@bytable.co.uk.
We use essential cookies for authentication and session management. We use analytics cookies only with your consent. You can manage preferences through your browser settings.
We implement appropriate technical and organisational measures including encryption in transit (TLS), encryption at rest, row-level security policies, role-based access control, and regular security audits. All data is stored in EU data centres.
We may update this policy from time to time. We will notify registered users of material changes by email. Continued use of the platform after changes constitutes acceptance.
For privacy enquiries: privacy@bytable.co.uk. Bloodstone Ltd, United Kingdom.