Read our latest case study
Use Revasi for your business
PricingAbout
Revasi
Log in
[ FOOTER · INDEX ]REVASI · ASIA · 2026
Revasi

Built with chefs, for chefs

[ BUILT ALONGSIDE THE OPERATORS USING IT ]

The reservation platform built for high-end venues across Asia — Bali, Jakarta, Singapore, Kuala Lumpur, Bangkok, and anywhere else across the region.

[ 01 ]

Product

  • Search
  • Join
  • Pricing
[ 02 ]

Features

  • All features
  • No-show reduction
  • Upsell at booking
  • Dietary management
[ 03 ]

Resources

  • Blog
  • Case Studies
[ 04 ]

Company

  • About
  • Contact
[ 05 ]

Legal

  • License
  • Privacy
  • Cookies
  • Security
[ 06 ]

Compare

Honest breakdowns vs the major reservation platforms.

  • All alternatives
  • SevenRooms
  • OpenTable
  • Chope
  • TableCheck
  • Resy
  • Tock
  • TheFork
  • UMAI
  • ResDiary
[ FOLLOW ]
[ DIRECT LINE ]contact@revasi.netWhatsApp

© 2026 Revasi · Made by Pandu & Digics with care in Indonesia

PrivacyCookiesLicenseSecurity

Last updated: June 2026

Privacy Policy

This policy explains what personal data we collect when you use Revasi to make a reservation at our partner restaurants and bars, how we use it, and what rights you have. It applies to guests booking through our platform and to visitors of revasi.net.

Contents

  1. 1. Who we are
  2. 2. Personal data we collect
  3. 3. Why we process your data and our legal basis
  4. 4. Dietary and health-related information
  5. 5. Who we share your data with
  6. 6. International data transfers
  7. 7. How long we keep your data
  8. 8. Your rights
  9. 9. Cookies
  10. 10. Security
  11. 11. Children
  12. 12. Changes to this policy

1. Who we are

This Privacy Policy applies to reservations made at our partner restaurants and bars, operated by PT Locavore Nusantara Indonesia (“Locavore Group”, “we”, “us”, “our”). The Service is accessible via revasi.net and the venue booking pages of our partner restaurants and bars (collectively, the “Service”).

For questions about this policy or to exercise your data rights, contact us at privacy@revasi.net.

2. Personal data we collect

When you make or manage a reservation, we collect:

  • Identity data: first name, last name, salutation
  • Contact data: email address, phone number, country
  • Reservation data: date, time, party size, dining preferences, special occasions, accommodation type
  • Dietary information: allergies, dietary restrictions, and food preferences you choose to share (see Section 4)
  • Payment data: masked card number and payment reference (full card details are handled by our payment processor, Xendit — we never store your full card number)
  • Marketing preferences: your opt-in or opt-out status for email communications from each venue
  • Guest profile data: categories and notes recorded by venue staff to personalise your experience, such as VIP status, visit frequency, cancellation history, and labels (e.g. “returning guest”, “influencer”). You have the right to access and object to this categorisation — see Section 8.
  • Usage data: pages visited on our platform (collected via server logs)

3. Why we process your data and our legal basis

PurposeLegal basis (GDPR)Legal basis (Indonesian PDP)
Processing and managing your reservationContract (Art. 6(1)(b))Contractual necessity (Art. 20(2)(b))
Sending transactional emails (confirmation, reminder, cancellation)Contract (Art. 6(1)(b))Contractual necessity (Art. 20(2)(b))
Preparing your dining experience (dietary & special occasions)Explicit consent (Art. 9(2)(a))Explicit consent (Art. 20(2)(a))
Sending marketing emails about Locavore Group venuesConsent (Art. 6(1)(a))Consent (Art. 20(2)(a))
Guest profiling by venue staff (VIP status, visit labels, preferences) to personalise serviceLegitimate interests (Art. 6(1)(f))Legitimate interests (Art. 20(2)(f))
Improving our service and analysing venue performanceLegitimate interests (Art. 6(1)(f))Legitimate interests (Art. 20(2)(f))
Complying with legal obligationsLegal obligation (Art. 6(1)(c))Legal obligation (Art. 20(2)(c))

4. Dietary and health-related information

Dietary restrictions you provide (such as allergies, halal, coeliac, or other food preferences) may reveal information about your health or religious beliefs. Under GDPR Article 9 and Indonesian PDP Article 4, this is treated as sensitive personal data. We collect it only to prepare your dining experience and do not share it with any third party outside of the kitchen team at the venue you are visiting. You are not required to provide this information to complete your booking.

5. Who we share your data with

We share your personal data only with the following processors, each bound by a Data Processing Agreement:

  • Resend (Resend, Inc., USA) — sends transactional and reminder emails (booking confirmation, reminders, and cancellations) on our behalf. We share your name and email address with Resend solely to deliver these messages.
  • Xendit (PT Xendit Pembayaran Indonesia) — processes credit card payments and deposit authorisations. We share the minimum data required to create a payment request.
  • Clerk (Clerk, Inc., USA) — manages authentication for our administrative staff. Guest personal data is not shared with Clerk.
  • Supabase (Supabase Inc., USA) — our database and infrastructure provider. All data described in this policy is stored on Supabase-managed servers.

We do not sell your personal data. We do not share your data with advertisers or data brokers.

6. International data transfers

Some of our service providers are located outside Indonesia and the European Economic Area (EEA). Where personal data is transferred internationally, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission and, for transfers from Indonesia, we ensure safeguards equivalent to those required by Indonesian PDP Law (UU No. 27/2022) Article 56. Specifically: Resend, Clerk, and Supabase are US-based and operate under Standard Contractual Clauses (and equivalent data-processing agreements) for these transfers. If you would like a copy of the applicable transfer mechanism, contact us at privacy@revasi.net.

7. How long we keep your data

We retain personal data only as long as necessary:

  • Reservation records: 3 years from the reservation date, after which records are anonymised or deleted
  • Marketing contact lists: until you withdraw consent or request deletion
  • Payment references: 5 years, as required by Indonesian tax regulations
  • Activity logs: 12 months

8. Your rights

Under GDPR and Indonesian PDP Law (UU No. 27/2022), you have the following rights regarding your personal data:

  • Right to access: request a copy of the personal data we hold about you
  • Right to rectification: ask us to correct inaccurate or incomplete data
  • Right to erasure: request deletion of your personal data (“right to be forgotten”), subject to legal retention requirements
  • Right to portability: receive your data in a structured, machine-readable format
  • Right to withdraw consent: withdraw marketing consent at any time via the unsubscribe link in any email, or by contacting us
  • Right to object: object to processing based on legitimate interests
  • Right to restrict processing: request that we limit how we use your data

To exercise any of these rights, email privacy@revasi.net with your name, email address, and the right you wish to exercise. We will respond within 30 days. Indonesian residents may also lodge a complaint with the Badan Siber dan Sandi Negara (BSSN). EU/EEA residents may lodge a complaint with their local data protection authority.

9. Cookies

We use essential cookies to keep your session active during the booking process and to remember your sidebar preferences in the admin panel. No advertising or tracking cookies are set. For full details, see our Cookies Policy.

10. Security

We implement technical and organisational measures to protect your personal data, including row-level security on our database, encrypted connections (TLS), and access controls limiting data access to authorised staff only. In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within the timeframe required by law (72 hours under GDPR, and within 3×24 hours under Indonesian PDP Law (UU No. 27/2022) Article 46) and will inform affected individuals without undue delay.

11. Children

Our Service is not directed at children under the age of 17. We do not knowingly collect personal data from minors. If you believe a minor has submitted data through our platform, please contact us at privacy@revasi.net and we will delete it promptly.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date below and, where required by law, notify affected users by email. Continued use of the Service after a change constitutes acceptance of the updated policy.

Questions? Email privacy@revasi.net.

Back to Revasi