Privacy Policy

Last Updated: April 29, 2026

This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our SaaS platform (the “Service”). Please read this policy carefully. If you disagree with its terms, please discontinue use of the Service.

1. Who We Are

This Service is operated by JPN Software Development Services, a sole proprietorship registered in the Philippines (“we”, “us”, or “our”).

We operate a business automation platform that helps businesses streamline their operations through AI-powered agents, booking management, customer support automation, and social media integrations. Businesses (“Business Owners”) use our platform to manage their operations, and their end customers (“Customers”) interact with the platform as part of receiving services.

2. Scope

This policy applies to:

  • Platform Users — individuals who register for an account (Business Owners, Managers, and Agents).
  • Team Members — individuals invited to join a business account on the platform.
  • Customers — end customers of businesses managed through the platform, including those who interact via Facebook Messenger.
  • Visitors — individuals who visit our website or interact with our APIs.

3. Information We Collect

3.1 Account & Profile Information

When you register, we collect:

  • First and last name
  • Email address (primary)
  • Profile image URL (provided via your authentication provider)
  • Account status and identifiers

3.2 Business Information

Business Owners provide:

  • Business name, slug, and description
  • Operating hours, time zone, scheduled breaks, and off-days
  • Business-related configuration and preferences

3.3 Team Member Information

When inviting team members, we collect:

  • Email addresses of invitees
  • Role assignments (Owner, Manager, or Agent)

3.4 Customer Information

Businesses may add Customer records that include:

  • First and last name
  • Email address (optional)
  • Phone number (optional)
  • Internal notes about the customer (optional)
  • Platform-specific identifiers (e.g., Facebook Messenger Platform-Specific ID / PSID)

3.5 Booking Information

When bookings are created, we collect:

  • Booking date and time (with time zone)
  • Assigned team member
  • Services booked, including duration, price, and currency
  • Booking status and history
  • Notes and cancellation reasons (if applicable)
  • Source platform (e.g., web, Facebook Messenger)

3.6 Communication & Conversation Data

If you connect a Facebook Messenger integration, we collect and store:

  • Message history between your business Page and your customers
  • Facebook Page IDs
  • Timestamps of messages
  • Conversation metadata (e.g., whether a conversation has been handed over to a human agent)

3.7 Uploaded Files & Knowledge Base

Business Owners may upload files (PDF, TXT, Markdown; max 5 MB per file) to power the AI agent. We store:

  • File content and metadata (filename, size, content type, upload timestamp)
  • Vectorized representations of file content for semantic search

3.8 Subscription & Billing Information

We collect subscription-related data, including:

  • Chosen subscription plan and tier
  • Subscription status and billing period
  • Payment-related identifiers issued by our payment processor (Xendit)
Note: We do not store raw payment card numbers or sensitive payment credentials. All payment method data is tokenized and managed by Xendit.

3.9 AI Usage Data

To manage fair usage limits, we track:

  • Monthly AI token consumption per user account
  • Bonus token grants and tier-based limits
  • AI agent configuration (language preference, tone, custom instructions)

3.10 Analytics Data

We generate and store aggregated analytics about your business activity, including:

  • Total and periodic booking counts and revenue
  • Booking status breakdowns and platform breakdowns
  • Customer growth metrics
  • Service performance rankings

3.11 Notification Data

We store in-app notification records, including:

  • Notification type, title, and body
  • Read/unread status
  • Timestamps and associated metadata

3.12 Technical & Log Data

We may automatically collect:

  • IP address and device/browser information
  • API request logs and error information
  • Redis cache entries (temporary, session-scoped)

4. How We Use Your Information

We use collected information to:

  • Provide and operate the Service — account management, booking processing, team collaboration, AI automation.
  • Enable integrations — connect your business to Facebook Messenger and manage conversations on your behalf.
  • Process payments — manage subscriptions and billing through our payment processor.
  • Deliver notifications — send transactional emails and in-app notifications about bookings, team activity, and account events.
  • Power the AI agent — use your uploaded documents and conversation context to generate relevant, accurate responses for your customers.
  • Display analytics — present aggregated performance data within your dashboard.
  • Manage token usage — enforce and monitor AI usage limits per your subscription tier.
  • Improve the Service — detect issues, debug errors, and improve platform reliability.
  • Comply with legal obligations — retain and disclose data as required by applicable law.

5. How We Share Your Information

We do not sell your personal data. We share data only in the following circumstances:

5.1 Third-Party Service Providers

We use the following third-party services to operate the platform:

ProviderPurposeData Shared
ClerkUser authentication and identity managementName, email, profile image, user ID
OpenAIAI language model (chat and embeddings)Business documents, conversation context, chat history
QdrantVector database for semantic document searchEmbedded document content and metadata
XenditPayment processing and subscription billingName, email, subscription tier; payment method (tokenized)
ResendTransactional email deliveryRecipient email, notification content
Facebook / MetaMessenger integration via Graph APIPage access tokens, message content, sender PSIDs
Amazon Web Services (S3)File storageUploaded business documents
PostgreSQLPrimary databaseAll application data
RedisCaching layerTemporary session and cache data

These providers are authorized to use your data only as necessary to provide services to us and are bound by confidentiality obligations.

5.2 Within Your Business Account

Your data may be visible to other members of your business account according to their role:

  • Owners and Managers have full access to all business data.
  • Agents have limited access and can only view bookings assigned to them.

5.3 Legal Requirements

We may disclose your information if required to do so by law, court order, or governmental authority, or if we believe disclosure is necessary to protect the rights, property, or safety of our platform, users, or others.

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections described here.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Specifically:

  • Account data is retained while your account is active. If you close your account, records may be soft-deleted and retained for a limited period for legal and operational purposes.
  • Customer and booking records are retained for the duration of your subscription and for a reasonable period thereafter.
  • Conversation history from Facebook Messenger is retained to support ongoing business operations.
  • Uploaded files are retained until deleted by the Business Owner, or until the account is terminated.
  • Notification records are retained for the life of the account.
  • Analytics data is aggregated and may be retained indefinitely in anonymized form.

7. Data Security

We implement appropriate technical and organizational safeguards to protect your information, including:

  • Encryption at rest for sensitive credentials (e.g., Facebook Page access tokens).
  • Environment-based secrets management for API keys and database credentials.
  • Webhook signature verification for all incoming webhooks (Clerk, Xendit, Facebook) using industry-standard HMAC verification.
  • Role-based access controls within the platform.
  • HTTPS for all data in transit.
  • Payment tokenization — raw payment card data is never stored on our servers.

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Cookies and Tracking

Authentication and session management is handled by Clerk. Clerk may use cookies and local storage on the client side to maintain user sessions. Please refer to Clerk’s Privacy Policy for details on their data practices.

We do not currently use independent advertising or tracking cookies.

9. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal data, please contact us and we will take steps to delete it.

10. International Data Transfers

Our infrastructure and third-party providers may be located in various countries. By using the Service, you consent to the transfer of your information to countries outside your country of residence, which may have different data protection rules.

Where required by law (e.g., GDPR), we ensure appropriate safeguards are in place for such transfers (e.g., Standard Contractual Clauses).

11. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Delete your personal data (subject to certain legal exceptions).
  • Restrict or object to certain processing activities.
  • Data portability — receive your data in a structured, machine-readable format.
  • Withdraw consent where processing is based on consent.

To exercise any of these rights, please contact us using the details in Section 14. We will respond within the timeframe required by applicable law.

12. AI and Automated Decision-Making

Our platform uses AI (powered by OpenAI) to automate customer interactions, including booking and support workflows. The AI agent acts on behalf of your business using context from:

  • Your uploaded knowledge base documents
  • Business configuration (hours, services, team members)
  • Ongoing conversation history

AI agents do not make legally significant automated decisions about end users. Businesses retain full control and can configure the AI, review conversations, and take over interactions at any time.

Conversation content sent to OpenAI is subject to OpenAI’s usage policies.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last Updated” date at the top of this page and, where appropriate, notify you via email or in-app notification. Your continued use of the Service after changes become effective constitutes your acceptance of the updated policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: support@reserve.ai

Phone: +639177282211

Address: Sitio Guinhawa, San Francisco, Mabini, Batangas

This Privacy Policy is effective as of the date listed above.