Privacy Policy

1. Who we are (Data Controller)

PlayTime is a venue-booking marketplace based in Tbilisi, Georgia, operated by an Individual Entrepreneur (ინდ. მეწარმე) registered in Georgia. For the purposes of Georgian data-protection law, PlayTime is the data controller responsible for your personal data.

You can contact us about privacy at [email protected], by phone at +995 571 600 999, or by post at Nutsubidze Street 95, Tbilisi 0179, Georgia.

2. What data we collect

Account and sign-in data: When you create an account, we collect the data your chosen sign-in method provides. If you sign in with Google or Apple, we receive your email address, name, and a unique provider account identifier; we do not receive your social-account password. If you sign in with your phone number, we collect that phone number.

Booking data: details of the venues you book, dates, times, party size, prices, booking status, and your booking history.

Communications: messages you send us through the contact form, chat widget, email, or phone, and the venue sign-up details venue owners submit.

Technical and usage data: session identifiers, authentication tokens, device and browser type, IP address, and pages viewed. See Section 6 on cookies and similar technologies.

We do not intentionally collect special categories of data (such as health, religious, or biometric data) and ask that you do not send such data to us.

3. How we use your data

To create and manage your account and authenticate you when you sign in with Google, Apple, or your phone number.

To provide the core service: showing venues, processing bookings, generating check-in codes, and connecting you with the venue you book.

To communicate with you about bookings, confirmations, changes, support requests, and important service notices (for example via SMS sent through our messaging provider).

To keep the Platform secure, prevent fraud and abuse, and debug and improve the service.

To comply with our legal, tax, and accounting obligations in Georgia.

With your consent, to measure how the Platform is used through analytics.

4. Legal basis for processing

We process your data where it is necessary to perform our contract with you (for example, to take and fulfil a booking), where we have a legitimate interest (for example, securing the Platform and preventing fraud), where we are required to by Georgian law (for example, tax record-keeping), and where you have given consent (for example, analytics cookies and certain marketing communications).

Where we rely on consent, you can withdraw it at any time, and we will stop the relevant processing in line with applicable Georgian law.

5. Who we share data with (third parties)

Venues you book: when you make a booking, we share the information the venue needs to honour it (such as your name, booking time, and party size).

Sign-in providers: Google and Apple, when you choose to sign in with them. Their handling of your data is governed by their own privacy policies.

Hosting and infrastructure: our application and database are hosted on Railway, which stores data on our behalf.

SMS provider: we send transactional text messages (such as verification codes and booking notifications) through Sender.ge.

Payment provider: payment is taken either in cash at the venue or online through the Platform. Online payments are processed by our licensed payment service provider, Paysera, using cards (Visa, Mastercard), Apple Pay or Google Pay, or a bank-link (open-banking) transfer with Georgian banks. PlayTime does not see or store your full card details — these are handled by the provider under the PCI-DSS standard. When you pay online you also agree to the provider's terms.

Analytics: with your consent, Google Analytics helps us understand aggregate, mostly anonymised usage. IP anonymisation is enabled and advertising signals are disabled.

Authorities and advisers: we may disclose data where required by law or to our professional advisers (such as our accountant or lawyer).

We do not sell your personal data.

6. Cookies and similar technologies

We use strictly necessary cookies and similar local storage to keep you signed in, keep your session secure, and remember your cookie choice. These are always active because the Platform cannot work without them.

With your consent, we use analytics cookies to measure how the Platform is used. You can accept or decline analytics cookies using the cookie banner shown on your first visit, and analytics are not loaded unless you accept.

Most browsers also let you block or delete cookies through their settings.

7. International data transfers

Some of our service providers (for example, hosting, sign-in, and analytics) may process data outside Georgia. Where data is transferred internationally, we take steps intended to ensure an adequate level of protection consistent with Georgian data-protection law.

8. How long we keep data

We keep account and booking data for as long as your account is active and for a reasonable period afterwards to handle disputes, comply with Georgian tax and accounting record-keeping requirements, and protect our legal interests. When data is no longer needed, we delete or anonymise it.

You can ask us to delete your account at any time; some records may be retained where the law requires.

9. Your rights

Under Georgian data-protection law you have the right to be informed about how your data is processed; to access your data; to correct inaccurate data; to request deletion or blocking of your data; to object to or restrict certain processing; and to withdraw consent where processing is based on consent.

To exercise any of these rights, contact us at [email protected]. We will respond within the timeframes set by Georgian law. You also have the right to lodge a complaint with the Personal Data Protection Service of Georgia.

10. Security

We use technical and organisational measures intended to protect your data, including encrypted connections (HTTPS), access controls, and secure handling of authentication tokens. No system is perfectly secure, but we work to protect your information and to respond promptly to any incident.

11. Children

The Platform is intended for users who can enter into a binding contract under Georgian law. If you believe a child has provided us personal data without appropriate consent, contact us and we will take appropriate steps.

12. Changes to this Policy

We may update this Policy from time to time. We will post the updated version here with a new "last updated" date and, where appropriate, notify you of significant changes.

13. Contact us

For any privacy questions or to exercise your rights, contact us at [email protected], by phone at +995 571 600 999, or by post at Nutsubidze Street 95, Tbilisi 0179, Georgia. This Policy is governed by the law of Georgia.