Privacy Policy

CoverCount (“CoverCount”, “we”, “us”, or “our”) is a reservation, waitlist, and events platform for hospitality operators, operated by CloudScope. This Privacy Policy explains how we collect, use, disclose, and protect information when you use the CoverCount website, applications, APIs, hosted booking pages, embeddable widgets, and related services (collectively, the “Service”). By using the Service, you agree to this Privacy Policy.

CoverCount serves two categories of people:

• Venue operators — restaurants, wineries, tasting rooms, and other hospitality businesses that subscribe to CoverCount to run their reservation, waitlist, and event operations.
• Guests — people who book reservations, join waitlists, register for events, or otherwise interact with a venue that uses CoverCount.

CoverCount provides the reservation, waitlist, event, and guest-messaging platform for participating restaurants and venues. When a guest submits a reservation, joins a waitlist, registers for an event, or opts in on a restaurant or venue booking page, that restaurant or venue is the business the guest is interacting with and the business that sends reservation-related messages, or promotional messages where separate marketing consent has been provided.

Where guest information is collected through CoverCount on a venue’s booking flow, the venue is the primary controller of that information and CoverCount processes it on the venue’s behalf. This Privacy Policy describes CoverCount’s practices in either role.

1. Information We Collect

From venue operators (our direct customers):

• Identifiers: name, email address, phone number, business name, billing address, account identifiers.
• Subscription data: plan tier, billing history, payment method tokens (the payment instrument itself is handled by our payment processor; we receive a token).
• Configuration data: floor plans, service schedules, message templates, branding assets, integration credentials.
• Usage & device data: IP address, browser/OS, pages viewed, events, timestamps.
• Support content: messages, attachments, and metadata you provide to support.

From guests (collected on behalf of venues):

• Reservation information: name, date, party size, occasion, special requests, dietary notes.
• Contact details: email address and, where the venue’s booking flow collects it, mobile phone number.
• Messaging data: mobile phone number, SMS opt-in status, consent source, consent timestamp, message preferences, and message records when you choose to receive SMS messages relating to your reservation, waitlist position, event registration, or post-visit follow-up.
• Payment information: if a venue requires a deposit or sells event tickets, payment data is collected and processed by our payment processor under that processor’s terms; CoverCount retains a transaction reference and amount, not full card details.
• Visit history & tags: venues may record tags, visit history, and notes about guests to deliver hospitality.

Cookies and similar tech: session, analytics, preference, and security cookies on the CoverCount marketing site, application, and hosted booking pages.

2. Sources of Personal Information

We collect information directly from you (when you sign up as a venue, or when you book a reservation at a venue using CoverCount), automatically from your device, and from service providers (e.g., analytics, payment processors, integration partners that a venue has connected to its account).

3. How We Use Your Information

• Provide and maintain the Service (authentication, account servicing, reservation/waitlist/event delivery).
• Send transactional messages: reservation confirmations, reminders, waitlist alerts, event registration confirmations, post-visit ratings requests, deposit receipts, refund notices, and account-related notifications.
• Process deposits, ticket sales, and subscription billing through third-party processors.
• Improve reliability, security, and performance; debug and prevent fraud or abuse.
• Comply with legal obligations and enforce our Terms of Service.

4. Legal Bases (GDPR/UK GDPR)

• Contract: to provide the Service you (or the venue acting on your behalf) request.
• Legitimate interests: security, fraud prevention, product improvement, analytics.
• Consent: where required (certain cookies, SMS messaging). You may withdraw consent at any time.
• Legal obligation: compliance with applicable laws and requests.

5. How We Share Information

We share information with vendors acting on our behalf (“processors” or “sub-processors”), including hosting, analytics, email delivery, SMS delivery, payment processing, and integration partners that a venue has connected to its CoverCount account. We require appropriate contractual safeguards and use providers that implement reasonable security controls. We do not sell your personal information.

SMS and mobile information: No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. This includes mobile phone numbers, text messaging opt-in data, and text messaging consent status. We do not sell, rent, release, disclose, disseminate, make available, transfer, or otherwise communicate this information to third parties or affiliates for their own marketing or promotional purposes.

All categories of sharing described above exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties. We do not buy, sell, rent, or transfer SMS consent. We use mobile information and SMS consent records only to deliver the messages a Guest has requested or consented to receive, operate and secure the messaging program, document consent and opt-out status, respond to support or legal requests, and comply with applicable law.

Venue access to guest information. When you book a reservation, join a waitlist, or register for an event at a venue that uses CoverCount, the venue receives your reservation details so they can deliver hospitality. The venue is the controller of that information for its own purposes and is responsible for its own privacy practices. CoverCount provides the platform and the messaging delivery; the venue chooses what messages to send and to whom, within the limits described in this policy and our Terms of Service.

Categories of sub-processors:

• Cloud hosting and storage (Microsoft Azure).
• Email delivery (Amazon Simple Email Service).
• SMS delivery (Twilio).
• Payment processing (Stripe Connect, when a venue takes deposits or sells event tickets).
• Optional venue-enabled integrations (e.g., Square POS, Vinoshipper wine-club). These are activated only by a venue at the venue’s choosing.
• Analytics and product instrumentation.

6. Cookies and Analytics

The CoverCount application uses essential cookies to keep you signed in and to protect against cross-site request forgery. We do not use advertising cookies or sell data to advertisers.

For product analytics we use a cookieless measurement provider that does not set tracking cookies, does not perform device fingerprinting, and does not collect personally identifying information. The CoverCount marketing site itself does not set tracking cookies.

We honor browser-level Global Privacy Control (GPC) signals where required. We do not respond to legacy Do Not Track signals.

7. Data Retention

We retain personal data only as long as needed to provide the Service, comply with law, resolve disputes, and enforce agreements. Retention periods vary by data type and legal requirements. Venues control retention of their guest records subject to applicable law; if a venue cancels its CoverCount subscription, we provide a 90-day window to export data before archival.

8. Security

• Transport security via HTTPS/TLS; hardened infrastructure and access controls.
• Least-privilege and role-based access for personnel.
• Authentication via secure session cookies with CSRF protection.
• Industry-standard practices to detect and mitigate threats.

No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

9. International Transfers

If you access the Service from outside the U.S., your data may be processed in the U.S. or other jurisdictions with different privacy laws. Where applicable, we rely on transfer mechanisms such as Standard Contractual Clauses.

10. Your Privacy Rights

Depending on your location, you may have rights to access, correct, delete, restrict, or receive a portable copy of your data, and to object to certain processing.

• EU/UK: rights under GDPR/UK GDPR; you may lodge a complaint with a supervisory authority.
• California (CCPA/CPRA): right to know, delete, correct, and limit the use of sensitive personal information; right to non-discrimination. We do not “sell” personal information as defined by CCPA/CPRA.

If your data was provided to a venue’s CoverCount account (for example, when you booked a reservation), the venue may also have controller obligations under applicable law. Contacting the venue directly is often the fastest path; we will also assist as required.

To exercise rights with CoverCount, email privacy@covercount.io. We may need to verify your identity. Authorized agents may submit requests with proof of authorization.

11. Automated Decision-Making

We do not use automated decision-making that produces legal or similarly significant effects without human involvement.

12. Children’s Privacy

The Service is not directed to individuals under 18. If you believe a minor has provided personal data, contact us to request deletion.

13. Communications Preferences

You may manage marketing email preferences via unsubscribe links. Transactional emails (e.g., password resets, receipts, account notices) are required for Service delivery.

SMS messages are sent only when you provide consent — for example, by checking an SMS-consent box on a venue’s booking form, joining a venue’s waitlist with a phone number, or otherwise initiating a text conversation with a venue using CoverCount. SMS consent is voluntary and is not a condition of making a reservation, joining a waitlist, registering for an event, or using the Service. SMS use cases include reservation confirmations, reminders, waitlist position alerts, event registration confirmations and reminders, deposit receipts, refund notices, and post-visit ratings requests. Message frequency varies based on your reservation activity at the venue. Message and data rates may apply.

You can opt out of SMS messages at any time by replying STOP to any message. After you opt out, we may send one final confirmation message and then stop sending SMS messages unless you opt in again. For help, reply HELP or contact support@covercount.io.

14. Changes to This Policy

We may update this policy from time to time. If changes are material, we will provide reasonable notice (for example, by email or in-app notice). Continued use of the Service after changes become effective constitutes acceptance.

15. Contact Us

• Privacy inquiries: privacy@covercount.io
• Support: support@covercount.io