Join the waiting list

Privacy Policy

Last Updated: 14 April 2026

 

1. Introduction

Welcome to Reef! We’re committed to protecting your privacy and being transparent about how we handle your personal information. This Privacy Policy explains how Reef (“we,” “us,” or “our”) collects, uses, stores, and shares your personal data when you use our website at https://workfromreef.com, our mobile application, and our services (collectively, the “Services”).

 

By using our Services, you acknowledge that you have read and understood this Privacy Policy. If you have any questions, please don’t hesitate to contact us using the details provided below.

 

2. Who We Are
Reef is a subscription-based platform that provides remote workers, hybrid teams, and field-based professionals access to thousands of laptop-friendly venues across more than twenty countries. For the purposes of data protection legislation, Reef is the data controller responsible for your personal data.

 

3. Information We Collect
We only collect what we need to run Reef, improve it, keep it secure, and (where you choose) tell you about updates and offers.

 

3.1 Information You Provide to Us
We collect information you voluntarily provide when using our Services, including:

  • Account Information: Name, email address, password, phone number, and profile photograph.
  • Payment Information: Payment method details and transaction history. Payments are processed by Stripe (and/or other payment providers we may use from time to time). We don’t store complete payment card numbers on our systems.
  • Subscription Details: Your subscription tier (Standard, Premium, or Enterprise), membership start date, renewal/cancellation details, and (if applicable) your employer/team organisation and administrator details.
  • Booking Information: Your bookings, booking history, check-in/verification details, guest invitations, meeting room requests (where available), and colleague coordination data (for team accounts).
  • Communications: Messages you send to us, feedback, reviews, and customer support enquiries.
  • Business Account Information: For team solutions (including Enterprise), we may collect company name, business address, VAT/tax details (where relevant), team size, and administrator contact details.

 

3.2 Information We Collect Automatically
When you use our Services, we automatically collect certain information, including:

  • Device Information: Device type, operating system, unique device identifiers, browser type, and language settings.
  • Usage Information: Pages visited, features used, booking patterns, search queries, and interaction with our Services.
  • Location Information (venue discovery): With your permission, we may collect precise or approximate location data from your device to show nearby venues and improve venue discovery. You can turn this off in your device settings (and you can still use Reef without enabling precise location, though results may be less accurate).
  • Log Data: IP address, access times, referring URLs, and error logs.
    Cookie/Similar Tech Data: Information collected through cookies, pixels, SDKs, and similar technologies (see our Cookie Policy for details).

 

3.3 Information from Third Parties
We may receive information about you from third parties, including:

  • Venue Partners: Booking verification information (e.g., that you arrived/checked in, or that a booking was honoured), and venue-related issues you report or the venue reports to us (for support and quality control).
  • Social Media Platforms / Ad Partners: If you interact with our ads or choose to link accounts, we may receive information in line with your settings and the partner’s policies (e.g., campaign performance, aggregated audiences, and interaction signals).
  • Business Administrators: If you use Reef through a business/team account, your employer or team administrator may provide your work contact details and may manage aspects of your subscription.

 

4. How We Use Your Information
We use your personal information for the following purposes:

 

4.1 Providing Our Services (including subscriptions)

  • Creating and managing your account
  • Processing your subscription (Standard, Premium, or Enterprise) and payments
  • Facilitating venue discovery, bookings, and booking verification/check-ins
  • Issuing and managing your digital Reef card
  • Enabling colleague coordination and guest invitations (where available)
  • Providing exclusive food and drink offers (where available)
  • Delivering customer support and handling disputes/issues with bookings

 

4.2 Improving Our Services

  • Analysing usage patterns and trends (including booking and venue discovery behaviour)
  • Developing new features and functionality
  • Running reporting and analytics to understand what’s working and what isn’t
  • Troubleshooting technical issues

 

4.3 Communications & Marketing

  • Sending booking confirmations and reminders
  • Providing subscription, billing, and account updates
  • Responding to your enquiries and requests
  • Sending service-related announcements
  • Sending marketing communications (like product updates and offers) where permitted by law and/or with your consent.
  • You can opt out anytime via the unsubscribe link or by contacting us.
  • We use tools like HubSpot to manage customer communications, CRM, and marketing campaigns.

 

4.4 Safety, Security & Fraud Prevention

  • Detecting and preventing fraud, abuse, and security incidents
  • Securing our website and apps (including via Cloudflare)
  • Verifying identity and preventing misuse of subscriptions and bookings
  • Enforcing our terms and policies
  • Complying with legal obligations

 

5. Legal Bases for Processing
We process your personal data based on the following legal grounds under applicable data protection laws:

  • Contract Performance: Processing necessary to fulfil our contract with you, including providing our Services and managing your subscription.
  • Legitimate Interests: Processing necessary for our legitimate business interests, such as improving our Services, preventing fraud, and marketing (where you have not opted out).
  • Consent: Processing based on your explicit consent, such as sending marketing communications or collecting location data.
  • Legal Obligation: Processing necessary to comply with our legal obligations.

 

6. How We Share Your Information
We may share your personal information with the following categories of recipients:

 

6.1 Venue Partners (booking verification)

  • When you make a booking, we share the minimum information a venue needs to recognise and verify your booking. This typically includes:
    – your name (and/or booking reference);
    – booking time/date and party size (including guests, if any);
    – subscription/entitlement status needed to honour the booking (e.g., that you have an active subscription tier); and
    – any notes you add that are relevant to the booking.

Venues may also share back limited information with us, such as whether you checked in or whether there was an issue with the booking, so we can support you and improve the service.

 

6.2 Service Providers / Processors
We use trusted third-party companies to help us run Reef. These providers act as our processors where they process personal data on our behalf, and they’re contractually required to protect it and only use it for our instructions.

 

Examples include:

  • Payments: Stripe (to process subscription payments and handle payment authentication and fraud prevention).
    CRM / Marketing & Customer Comms: HubSpot (to manage customer relationships, support, emails, and marketing preferences/campaigns).
  • Security & Performance: Cloudflare (to help protect against malicious traffic and improve performance).
    Analytics & Ads: Tools like Google and Meta/Facebook may be used for analytics, measurement, and advertising (e.g., understanding which campaigns drive sign-ups). Depending on your cookie/consent settings, these tools may use cookies/SDKs and similar technologies.

We may also use cloud hosting providers, email delivery services, error monitoring, and customer support platforms.

 

6.3 Business/Team Account Administrators (including Enterprise)
If you access Reef through a business/team subscription (including Enterprise), certain information may be visible to your organisation’s admins to manage the account—typically user lists, subscription status, and booking activity at an aggregated or user level (depending on how the team features are configured).

 

6.4 Colleagues and Guests
When you use team features or invite guests, limited information is shared to enable coordination and booking access (for example, that a booking exists, who’s invited, and the time/location).

 

6.5 Legal and Regulatory Requirements
We may disclose your information where required by law, regulation, legal process, or governmental request, or to protect our rights, privacy, safety, or property.

 

6.6 Business Transfers
In the event of a merger, acquisition, reorganisation, or sale of assets, your personal data may be transferred as part of that transaction.

 

7. International Data Transfers
As we operate across more than twenty countries, your personal data may be transferred to and processed in countries outside your country of residence. When we transfer data internationally, we implement appropriate safeguards, including:

  • Standard Contractual Clauses approved by relevant authorities
  • Adequacy decisions where applicable
  • Other lawful transfer mechanisms

 

8. Data Retention
We retain your personal data for as long as necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Specifically:

  • Account Information: Retained for the duration of your account and for a reasonable period thereafter for legal and business purposes.
  • Booking History: Retained for up to seven years for accounting and tax purposes.
  • Marketing Preferences: Retained until you withdraw consent or update your preferences.
  • When we no longer need your personal data, we will securely delete or anonymise it.

 

9. Your Rights (UK GDPR / GDPR)
If you’re in the UK/EEA (and in some other locations too), you have rights over your personal data. These include:

  • Access: request a copy of the personal data we hold about you.
  • Rectification: ask us to correct inaccurate or incomplete data.
  • Erasure (deletion): ask us to delete your personal data in certain circumstances.
  • Restriction: ask us to limit how we use your data in certain circumstances.
  • Portability: request your data in a structured, commonly used, machine-readable format (where applicable).
  • Objection: object to processing based on legitimate interests and object to direct marketing at any time.
  • Withdraw consent: where we rely on consent (for example, precise location or certain cookies/marketing), you can withdraw it at any time.

To exercise any of these rights, contact us using the details below. We’ll respond within the time limits required by applicable law (and usually much quicker).

 

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) (or your local supervisory authority in the EEA).

 

10. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Secure access controls and authentication
  • Regular security assessments and testing
  • Employee training on data protection

However, no method of transmission over the Internet or electronic storage is completely secure. While we strive to protect your personal data, we cannot guarantee its absolute security.

 

11. Children’s Privacy
Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without appropriate consent, we will take steps to delete that information promptly.

 

12. Third-Party Links
Our Services may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party sites you visit.

 

13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the updated policy on our website and updating the “Last Updated” date. We encourage you to review this Privacy Policy periodically.

 

14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:
Reef App Ltd (data controller)
Email: hello@workfromreef.com
Website: https://workfromreef.com

 

If you’re contacting us to exercise your rights, it helps if you tell us which email address your account uses and what you’d like to do (access, deletion, etc.). We’re here to help and we’ll do our best to sort things quickly.

 

This Privacy Policy is governed by and construed in accordance with the laws of England and Wales.

Company

Resources

Links

© 2026 Reef App Ltd