BetaVerbaterm is in beta. You may encounter bugs, incomplete features, or unexpected results while we improve reliability.

Verbaterm

Privacy policy

Resy

Review these first

Score80.0
Reviewed
Policy typePrivacy policy
Concern findings4
Protections1
Source supportStrong

Source provenance

Verified official source
Retrieved
Published

Snapshot hash 57a544d24c005747a9c1e16705681f3463a8936e83352ddc7905b2b3153bf035

Snapshot of the source text at fetch time — not a live mirror of the policy page.

Plain-English summary

Resy's privacy policy indicates that restaurants and their affiliates may act as data controllers for your reservation data and could share your information with their partners for analytics and marketing purposes (data_use-1, data_use-2, data_use-3). Additionally, Resy may transfer your personal information to other countries, where it might be subject to lawful access by foreign authorities (data_use-4).

89% confidence

Ask Verbaterm

Follow up on findings with grounded answers from this review. Not legal advice.

Risk Flags

Critical issues that users should be aware of, as they may lead to significant harm or unexpected loss.

Not clearly stated: No high-severity risk flags were clearly stated in the provided clauses. The policy does not contain clauses that indicate hard-to-reverse harm, loss of account access, weakened dispute rights, or broad ownership/control of user content without notice or recourse.

Data Use & Sharing

Practices concerning the collection, usage, and sharing of user data, including potential privacy impacts.

Not clearly stated: No other data use concerns were clearly stated or supported by the provided text.
medium90% confidence confidence

Restaurants act as data controllers for reservation data

When personal information is disclosed to a restaurant for facilitating your dining request, the restaurant collects and processes your personal information as a controller, and their privacy policy and practices apply.

Why it matters: When you make a dining request, the restaurant you are booking with becomes a data controller for your personal information, meaning their own privacy practices and policy will govern that data.

When we disclose your information to a restaurant for the purposes of facilitating your dining request, the restaurant is collecting and processing your personal information as a controller and your personal information is subject to the restaurant's privacy policy and practices.

SHARING & DISCLOSING INFORMATION, paragraph 2 · Citation strength: strong

medium85% confidence confidence

Restaurants may share personal information with affiliates

Resy or the restaurant may share user information with restaurant affiliates to enhance hospitality, provide customized service, and improve table and shift planning.

Why it matters: Your dining information might be shared within a restaurant group to tailor your experience or assist with their internal planning.

We or the restaurant may share your information with their affiliates (e.g., other restaurants in the same restaurant group) to enhance the hospitality such restaurant group provides you when you dine with them to provide you with customized service and to improve the restaurant's table and shift planning.

SHARING & DISCLOSING INFORMATION, paragraph 2 · Citation strength: strong

medium85% confidence confidence

Restaurants and affiliates may share information with partners for analytics and marketing

By interacting with you, the restaurant and their affiliates may, as permitted by law, share your information with their partners to support operations, such as to perform analytics and tailor marketing to you.

Why it matters: Restaurants and their affiliates can share your information with their partners for analytics and to deliver tailored marketing.

By interacting with you, the restaurant and their affiliates may, as permitted by applicable law, share your information with their partners to support operations, such as to perform analytics and tailor marketing to you.

SHARING & DISCLOSING INFORMATION, paragraph 2 · Citation strength: strong

medium90% confidence confidence

Cross-border data transfers may occur, subject to foreign legal access

Personal information may be transferred to countries such as Australia, Canada, the United Kingdom, and the United States, and Resy and its service providers may disclose personal information if required or permitted by applicable law or legal process, including lawful access by foreign courts, law enforcement, or other government authorities.

Why it matters: Your personal information may be transferred and processed in other countries, and could be accessed by foreign legal authorities as permitted by local laws.

No matter where we process personal information about you, we'll always protect it in the manner described in the [American Express Data Protection and Privacy Principles](https://www.americanexpress.com/en-iec/company/legal/privacy-centre/privacy-principles/) and this Privacy Policy, and in accordance with applicable laws. We and our service providers may disclose your personal information if we are required or permitted by applicable law or legal process, which may include lawful access by foreign courts, law enforcement, or other government authorities in the jurisdictions in which we or our service providers operate.

SHARING & DISCLOSING INFORMATION, paragraph 4 · Citation strength: strong

Cancellation & Renewal

Terms related to account cancellation, service renewal, and associated policies.

Not clearly stated: No concerns regarding cancellation or renewal were clearly stated in the provided clauses.

Gotchas

Potentially overlooked clauses that could disadvantage users, including hidden fees, unexpected obligations, or difficult-to-understand terms.

Not clearly stated: No 'gotchas' were clearly stated in the provided clauses that meet the criteria for user harm.

Protections

Commitments and features that protect user rights, privacy, and security.

Not clearly stated: No other protective clauses were clearly stated in the provided text.
Protection90% confidence confidence

No collection of data from minors

Resy states that its websites and apps are not intended for individuals under 18 years of age (or the age of majority in their location) and that they do not knowingly collect information online from or market online to minors.

Why it helps: This commitment helps protect minors by explicitly stating that the service is not for them and that the company does not knowingly collect their data. This reduces the risk of data collection from a vulnerable population.

Our websites and apps are not intended for individuals under 18 years of age (or the age of majority in the location in which they reside or where a Resy restaurant partner is located) ("Minors"). We do not knowingly collect information online from or market online to minors.

* [Global Privacy Policy](https://resy.com/privacy), paragraph 9 · Citation strength: strong

Report an issue

Flag a citation problem, stale policy text, or incorrect company match.

Verbaterm boundaries

This public review is informational only and is not legal advice. Verbaterm shows only findings tied to the cited source snapshot above.