Reserva
Sign In Sign Up
🇨🇦 Built for Canadian Healthcare

Privacy Policy

Your privacy matters. This policy explains how we collect, use, and protect your information.

Last updated: December 22, 2025

Contents

1. Information We Collect 2. How We Use Information 3. Priority Scores 4. Information Sharing 5. Data Storage & Security 6. Data Retention 7. Your Rights 8. Canadian Compliance 9. Children's Privacy 10. Third-Party Links 11. Policy Changes 12. Contact Us

Reserva ("we," "our," or "us") is committed to protecting the privacy and security of personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use the Reserva platform, including our website, patient booking tools, clinic dashboards, and related services (collectively, the "Service").

By using Reserva, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Information We Collect

a. Information You Provide Directly

Depending on whether you are a patient or a clinic, we may collect:

  • Name
  • Email address
  • Phone number
  • Date of birth
  • Appointment preferences and availability
  • Visit type selections and optional notes
  • Clinic profile details (for clinics), including staff names and schedules

Reserva does not collect medical diagnoses, treatment records, or clinical notes unless explicitly entered by a clinic or patient for scheduling purposes.

b. Guest Patients

Guest patients who book appointments without creating an account are subject to the same privacy protections as registered users. Personal information collected from guest patients is used solely for appointment scheduling and communication and may be retained only as long as necessary to fulfill those purposes.

c. Automatically Collected Information

When you use the Service, we may automatically collect:

  • IP address
  • Device and browser type
  • Operating system
  • Usage data (pages visited, actions taken, timestamps)

This data is used for security, analytics, and platform improvement.

d. Cookies and Similar Technologies

Reserva uses essential cookies and similar technologies to operate the Service, including authentication, security, and session management. These include cookies set by our infrastructure providers such as Supabase and Cloudflare. We do not use cookies for advertising or behavioral tracking.

e. SMS and Communication Data

If you opt in to SMS or email notifications:

  • We store your contact details and notification preferences
  • Message delivery status and timestamps may be logged
  • Message content is limited to appointment reminders, waitlist updates, and system notifications

2. How We Use Information

We use collected information to:

  • Facilitate appointment booking and waitlist management
  • Notify patients of appointment availability and reminders
  • Enable clinics to manage schedules and reduce no-shows
  • Improve system performance and user experience
  • Maintain security and prevent abuse
  • Comply with legal and regulatory obligations

Reserva does not sell personal data.

3. Priority Scores and Automated Processing

Reserva may generate internal priority scores to help clinics manage waitlists. These scores are calculated using clinic-defined rules and system logic such as appointment urgency, timing, and patient status.

Priority scores:

  • Are informational only
  • Do not guarantee appointment availability
  • Do not replace clinical judgment
  • Are not used for automated medical decisions

4. Information Sharing and Disclosure

We may share information only in the following circumstances:

  • With clinics: Patient information is shared solely with clinics the patient interacts with
  • With service providers: Trusted vendors under confidentiality agreements
  • Legal obligations: When required by law, court order, or regulatory authority

Third-Party Service Providers

We use third-party service providers to support our operations, including but not limited to:

  • SMS delivery (e.g., Twilio)
  • Email communications (e.g., Resend)
  • Payment processing (e.g., Stripe)
  • Data hosting and authentication (e.g., Supabase)
  • Application hosting (e.g., Vercel)
  • Security and performance services (e.g., Cloudflare)

We do not share data with advertisers or data brokers.

5. Data Storage and Security

🇨🇦 Reserva stores primary application data on servers located in Canada.

Our primary data infrastructure provider, Supabase, utilizes cloud services hosted in Canadian data centres.

While primary data storage occurs in Canada, certain third-party service providers (such as payment processors or communication services) may process limited personal information outside Canada, including in the United States. Such providers are contractually required to protect personal information in accordance with applicable privacy laws.

Security Measures

We implement reasonable administrative, technical, and physical safeguards to protect personal information, including:

  • Encrypted data storage and transmission
  • Role-based access controls
  • Secure hosting environments

While no system is completely secure, we take commercially reasonable steps to protect your data.

Audit Logs

To ensure system integrity, security, and accountability, Reserva maintains audit logs that record certain user actions (such as appointment changes or access events). These logs are used solely for operational, security, and compliance purposes.

6. Data Retention

We retain personal information only as long as necessary to:

  • Provide the Service
  • Meet legal or regulatory requirements
  • Resolve disputes and enforce agreements

Personal information may be soft-deleted and retained for a limited period to comply with legal, regulatory, or audit obligations. Clinics are responsible for complying with any statutory record-retention requirements applicable to their practice.

Clinics control retention of patient data within their accounts, subject to applicable laws.

7. Your Rights and Choices

Depending on your jurisdiction, you may have the right to:

  • Access your personal information
  • Request corrections
  • Withdraw consent for communications
  • Request deletion of your data, subject to legal obligations

Requests can be made by contacting us at the email below.

8. Canadian Privacy Compliance

Reserva complies with applicable Canadian privacy legislation, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and, where applicable, provincial health information privacy laws such as Ontario's Personal Health Information Protection Act (PHIPA).

9. Children's Privacy

Reserva is not intended for use by children under the age of 13 without parental or guardian involvement. Clinics are responsible for obtaining appropriate consent where required.

Where provincial health privacy legislation permits, capable minors may provide their own consent for health information handling.

10. Third-Party Links

The Service may contain links to third-party websites. We are not responsible for the privacy practices of those sites.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Updates will be posted within the Service with a revised "Last updated" date.

Continued use of the Service constitutes acceptance of the updated policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, contact us at:

Reserva

Email: support@reserva.ca

Reserva
Privacy Policy Terms of Service © 2025 Reserva. All rights reserved.