Privacy Policy

Last updated: May 6, 2026

Your privacy is important to us. This Privacy Policy explains how ALUUM MEDIA PRIVATE LIMITED (“AllReserve”, “we”, “our”, or “us”) collects, uses, shares, and protects information about you when you use the AllReserve platform, including our website at allreserve.in and our mobile applications (collectively, the “Service”).

1. Introduction

ALUUM MEDIA PRIVATE LIMITED is a company incorporated in India with its registered office at Bahadurgarh Sector 6, Jhajjar Bahadurgarh, Haryana 124507, India. We operate the AllReserve platform — an all-in-one solution for managing bookings, memberships, events, and services. As part of providing this Service, we necessarily collect certain information about you and your use of our platform.

This policy applies to all users of the Service, including consumers who make bookings and business operators who list services on the platform. By using the Service, you consent to the data practices described in this Privacy Policy. If you disagree with any part of this policy, you should discontinue use of the Service.

2. Information We Collect

We collect information in several ways — directly from you, automatically through your use of the Service, and in some cases from third-party sources.

Personal Information

When you create an account or interact with the Service, we collect information you provide directly, including:

  • Full name and display name
  • Email address and phone number
  • Profile photo and other optional profile information
  • Business information for operators (business name, address, and contact details)
  • Communications you send to us or through our platform

Note on payments: Bookings are currently settled offline (in person, at the time of service). The AllReserve app does not collect or store credit card numbers, bank account details, or any other online payment information at this time. If we introduce online payments in the future, this Privacy Policy will be updated and you will be notified.

Usage Data

We automatically collect data about how you interact with the Service, including:

  • Pages visited, features used, and buttons clicked
  • Search queries and booking history
  • Timestamps, session duration, and frequency of use
  • Referring URLs and navigation paths through the platform
  • Error logs and performance data

Device Information

We collect technical information about the device you use to access the Service, including:

  • Device type, model, and manufacturer
  • Operating system and version
  • Browser type and version (for web access)
  • IP address and approximate geographic location derived from it
  • Unique device identifiers and advertising identifiers (where permitted by platform settings — see Section 3 on App Tracking Transparency)

Camera & Photos

We access your device camera to allow you to take profile photos, capture images for chat messages, and upload files. Photos are stored securely and only shared as you direct. Camera access is requested only when you initiate an action that requires it — such as updating your profile picture or attaching an image to a message. You can revoke camera permission at any time through your device settings without affecting your ability to use other features of the Service.

Location Data

We collect location data to show nearby businesses and services, and to provide location-based search results. Precise location is accessed only when you grant permission through your device. You may use the Service with only approximate location (derived from your IP address) if you prefer not to share precise GPS data. You can revoke location permission at any time through your device settings.

3. App Tracking Transparency

On Apple iOS devices, our mobile app uses Apple's App Tracking Transparency (ATT) framework as required by the Apple App Store. When you first launch the app, iOS will display a system prompt asking whether AllReservemay track your activity across other companies' apps and websites. This permission is requested before we collect any device-level identifier (such as the iOS Identifier for Advertisers, or “IDFA”) for analytics purposes.

If you grant permission

  • We may use anonymized device identifiers to improve our analytics — for example, to understand which features are most useful and to debug issues across user sessions.
  • Your device identifier may be shared with our analytics provider, PostHog, as described in Section 6 (Third-Party Services).

If you deny permission (or do not respond)

  • We will not use the IDFA or any other identifier classified by Apple as a tracking identifier.
  • Analytics continue to function in a privacy-respecting, anonymized form using a randomly-generated installation-scoped ID that cannot be correlated to your activity in other apps.
  • All booking, search, messaging, and other Service features continue to work normally — your choice has no impact on the functionality of the Service.

You can change your tracking preference at any time through your device settings: Settings → Privacy & Security → Tracking → AllReserve, or by toggling “Allow Apps to Request to Track” off entirely. We do not share data collected through ATT with data brokers, and we do not use this data for cross-app or cross-site advertising.

4. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing the Service — to create and manage your account, process bookings, send booking confirmations, and facilitate communication between you and service providers
  • Customer support — to respond to your inquiries, resolve disputes, and troubleshoot technical issues
  • Personalization — to tailor search results, recommendations, and content to your preferences and location
  • Communications — to send transactional emails, booking reminders, and, with your consent, marketing communications about new features and offers
  • Safety and security — to detect and prevent fraud, abuse, and other harmful activity, and to enforce our Terms of Service
  • Analytics and improvement — to understand how users interact with the Service, identify areas for improvement, and develop new features
  • Legal compliance — to comply with applicable laws, regulations, legal processes, and government requests

5. Information Sharing

We do not sell your personal information to third parties. We share your information only in the following limited circumstances:

  • Service providers — We share information with trusted vendors who help us operate the Service. See Section 6 for the specific list of third-party services we use. These providers are contractually bound to use your data only as necessary to perform services on our behalf.
  • Business operators — When you make a booking, we share relevant information (such as your name, contact details, and booking details) with the service provider you are booking with, to facilitate your reservation.
  • Legal requirements — We may disclose your information if required by law, subpoena, court order, or other governmental authority, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business transfers — In the event of a merger, acquisition, reorganization, or sale of all or substantially all of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website before your information becomes subject to a different privacy policy.
  • With your consent — We may share your information for any other purpose with your express consent.

6. Third-Party Services

We integrate the following third-party services to operate and improve the Service. Each provider receives only the data necessary to perform its specific function, and each is contractually bound to use your data only as instructed by us. We do not sell your personal information to any of these providers.

  • PostHog — Product analytics. Receives: device identifiers (subject to your ATT choice on iOS), usage data, and performance data. Used for tracking and analytics. Privacy policy: posthog.com/privacy
  • Sentry — Error tracking and performance monitoring. Receives: crash data, performance data, stack traces, and other diagnostic data. Helps us identify and fix technical issues. Privacy policy: sentry.io/privacy
  • Apple Sign-In & Google Sign-In — Authentication providers. If you choose to sign in with Apple or Google, the provider shares your name, email address, and (for Google) profile picture with us. Apple privacy policy: apple.com/legal/privacy. Google privacy policy: policies.google.com/privacy
  • Convex — Backend infrastructure and database hosting. Receives: account data, bookings, messages, and other application state stored on our behalf. Convex acts as a data processor and does not access your data except as required to provide its hosting service. Data is encrypted in transit and at rest. Privacy policy: convex.dev/legal/privacy

We do not use Razorpay or any other online payment processor at this time. All payments are handled offline between you and the service provider.

If we add or change third-party services in the future in a way that affects your privacy, we will update this list and notify you where required by law.

7. Cookies & Tracking Technologies

On our website (allreserve.in), we use cookies and similar technologies to keep you signed in, remember your preferences, and measure aggregate site usage. The mobile app does not use browser cookies but uses similar technologies (such as local storage and device identifiers, subject to your ATT preferences on iOS) for the same purposes.

For details on the specific cookie types we use, their durations, and how to control them in your browser, see our Cookie Policy.

8. Data Retention

We retain your personal information for as long as your account is active or as necessary to provide you with the Service. We also retain data to comply with legal obligations, resolve disputes, prevent fraud, and enforce our agreements.

When you request deletion of your account, we will delete or anonymize your personal information within 30 days of receiving your verified request, except where we are required to retain certain data for legal or regulatory reasons (such as transaction records required for tax purposes, which we retain for up to 7 years). You can submit a deletion request at allreserve.in/delete.

9. Data Security

We implement appropriate technical and organizational security measures to protect your information from unauthorized access, disclosure, alteration, and destruction. Our security practices include:

  • Encryption of data in transit using TLS (Transport Layer Security)
  • Encryption of sensitive data at rest
  • Strict access controls limiting data access to authorized personnel on a need-to-know basis
  • Regular security audits and vulnerability assessments of our infrastructure
  • Incident response procedures to address potential data breaches

While we take reasonable measures to protect your data, no security system is impenetrable. We cannot guarantee the absolute security of your information. In the event of a data breach that affects your rights and freedoms, we will notify you as required by applicable law.

10. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access — You have the right to request a copy of the personal information we hold about you.
  • Correction — You have the right to request that we correct inaccurate or incomplete information about you. Many corrections can be made directly through your account settings.
  • Deletion — You have the right to request deletion of your personal information. Submit a deletion request at allreserve.in/delete.
  • Data portability — You have the right to request an export of your personal data in a structured, machine-readable format (JSON). Contact us at contact@allreserve.in to request a data export.
  • Opt-out of marketing — You can opt out of marketing communications at any time by clicking the “unsubscribe” link in any marketing email or by updating your notification preferences in your account settings. Opting out does not affect transactional communications related to your bookings.
  • Restriction of processing — In certain circumstances, you may have the right to request that we restrict how we process your personal information.
  • Object to processing — Where we process your data based on legitimate interests, you may have the right to object to that processing.

To exercise any of these rights, contact us at contact@allreserve.in. We will respond to your request within 30 days. We may need to verify your identity before fulfilling any request.

11. California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with additional rights regarding your personal information.

Do Not Sell or Share My Personal Information

We do not sell your personal information. We share limited data with our service providers (as described in Sections 5 and 6) for business purposes only. If you wish to opt out of any data sharing that may be considered a “sale” or “share” under California law, you can submit a request to contact@allreserve.in. We will process your request within 45 days.

Right to limit use of sensitive personal information

We do not use sensitive personal information (such as precise geolocation) for purposes beyond those necessary to provide the Service.

Right to non-discrimination

We will not deny services, charge different prices, or provide a different level of service because you exercised any of your California privacy rights.

Categories of personal information collected

In the past 12 months, we have collected the following categories of personal information: identifiers (name, email, phone); commercial information (booking history); internet activity (usage data, device information); geolocation data; and inferences drawn from the above.

12. EU/UK Privacy Rights (GDPR / UK GDPR)

If you are in the European Economic Area (EEA), the United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) and equivalent laws give you specific rights regarding your personal data. For the purposes of GDPR, ALUUM MEDIA PRIVATE LIMITED is the data controller of your personal data.

Legal basis for processing

We process your personal data on the following legal bases:

  • Contract — to perform the Service you have requested (account creation, bookings, messaging).
  • Consent — for optional features such as marketing emails, push notifications, location-based recommendations, and (on iOS) tracking permission via ATT. You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
  • Legitimate interests — for fraud prevention, security, anonymized analytics, and improving the Service. We balance these interests against your privacy rights.
  • Legal obligation — to comply with applicable laws and respond to lawful government requests.

Your additional rights under GDPR

In addition to the rights described in Section 10, you have:

  • The right to object to processing based on legitimate interests
  • The right to withdraw consent at any time without affecting the lawfulness of processing before withdrawal
  • The right not to be subject to a decision based solely on automated processing that produces legal effects (we do not currently engage in such automated decision-making)
  • The right to lodge a complaint with your local data protection supervisory authority. UK residents may contact the Information Commissioner's Office at ico.org.uk; EEA residents can find their authority via the European Data Protection Board at edpb.europa.eu.

We have not appointed a Data Protection Officer (DPO) as we are not required to do so under Article 37 of the GDPR. For privacy inquiries, please contact us at contact@allreserve.in.

13. India Digital Personal Data Protection Act 2023

ALUUM MEDIA PRIVATE LIMITEDis incorporated in India and complies with the Digital Personal Data Protection Act, 2023 (“DPDP Act”). For the purposes of the DPDP Act, we act as the Data Fiduciary in relation to your personal data, and you are the Data Principal. Under this law, you have the following rights:

  • Right to access — You can request a summary of your personal data being processed and the identities of the Data Fiduciaries with whom your data has been shared.
  • Right to correction and erasure — You can request that we correct inaccurate or misleading data, complete incomplete data, and request erasure of your data that is no longer necessary for the purpose for which it was collected.
  • Right to grievance redressal — You have the right to readily available means of registering a grievance with our designated Grievance Officer (contact details below).
  • Right to nominate — You have the right to nominate any other individual who shall, in the event of your death or incapacity, exercise your rights under the DPDP Act.

We process your personal data based on your consent and for certain legitimate uses as permitted under the DPDP Act. You may withdraw your consent at any time, with the ease of doing so being comparable to the ease with which consent was given. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

Grievance Officer

In accordance with Section 8(9) of the DPDP Act, 2023, our designated Grievance Officer can be contacted at:

Attn: Grievance Officer
ALUUM MEDIA PRIVATE LIMITED
Bahadurgarh Sector 6, Jhajjar Bahadurgarh, Haryana 124507, India
Email: contact@allreserve.in

We will acknowledge your grievance within 7 working days and endeavour to resolve it within 30 days. If you are not satisfied with our response, you may approach the Data Protection Board of India.

14. Children's Privacy

The AllReserveService is intended for adults aged 18 and over and is not directed at children. Different jurisdictions define “child” differently, and we comply with each:

India (DPDP Act 2023)

Under India's Digital Personal Data Protection Act, 2023, a “child” means any individual under the age of 18. We do not knowingly process the personal data of children under 18 without verifiable consent of a parent or legal guardian. We do not perform tracking, behavioural monitoring, or targeted advertising directed at children.

United States (COPPA)

Under the U.S. Children's Online Privacy Protection Act (COPPA), we do not knowingly collect personal information from children under 13.

European Union (GDPR)

Where consent is the legal basis for processing, we require parental or guardian consent for users below the digital-consent age set by their EU member state (typically 16, but as low as 13 in some member states).

If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us immediately at contact@allreserve.in. Upon verification, we will promptly delete any personal information we may have inadvertently collected from a child.

15. International Data Transfers

ALUUM MEDIA PRIVATE LIMITED is incorporated and based in India. Our backend infrastructure provider (Convex) hosts data in the United States. Our analytics and crash-reporting providers (PostHog, Sentry) may store data in the United States or the European Union depending on regional configuration.

If you access the Service from outside India, your information will be transferred to and processed in India and may be further transferred to the United States or other countries where our service providers are located. These countries may have data protection laws that differ from those in your country.

By using the Service, you consent to these transfers. Where required by applicable law (such as the GDPR), we rely on standard contractual clauses, vendor data-processing agreements, and other legally approved transfer mechanisms to ensure your information receives an adequate level of protection.

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the “Last updated” date at the top of this page and, where required by law or appropriate given the nature of the changes, notify you by email or through a prominent notice within the Service.

Your continued use of the Service following the posting of changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this policy periodically. If you disagree with any changes, you should stop using the Service and may request deletion of your account.

17. Contact Us & Grievance Officer

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

ALUUM MEDIA PRIVATE LIMITED
Attn: Privacy Team / Grievance Officer
Bahadurgarh Sector 6, Jhajjar Bahadurgarh, Haryana 124507, India
Email: contact@allreserve.in
Website: allreserve.in