Privacy Policy
Last updated: April 2026
1. Who We Are
DirectBookings is operated by DirectBookingHost, based in California, USA. We provide a website builder and management platform for short-term rental hosts. Contact: support@directbookinghost.com.
2. Information We Collect
Host account data: name, email address, and billing information (processed by Stripe — we do not store credit card numbers).
Property data: rental listings, photos, pricing, policies, waivers, and message placeholders you create.
Guest data (collected on your behalf): name, email, phone number, booking details, waiver signatures, IP addresses, user agent strings, and check-in timestamps. You are the data controller for guest data; we act as a data processor.
Usage data: pages visited, features used, browser type, and device information. We plan to use Google Analytics for aggregated usage insights.
3. How We Use Your Data
We use your data to: operate and improve the Service; process payments via Stripe; send transactional emails (booking confirmations, check-in links, reminders); store waiver signatures and rental agreements for legal compliance; provide customer support; send product updates (you can opt out).
4. Data Sharing
We do not sell your personal data. We share data only with: Stripe — for payment processing; Resend — for transactional email delivery; Google Analytics — for anonymized usage analytics. We may disclose data if required by law or to protect our legal rights.
5. Data Storage & Security
All data is stored in the United States on encrypted PostgreSQL databases. Sensitive data (waiver signatures, IP addresses) is stored securely. We use HTTPS for all data transmission. Passwords are securely hashed and never stored in plain text. We do not store credit card numbers — all payment data is handled by Stripe.
6. Data Retention
Account data: retained while your account is active, plus 30 days after deletion.
Waiver signatures & rental agreements: retained for 7 years for legal compliance or as required by applicable law, even after account deletion.
Guest booking data: retained while your account is active. Anonymized upon data deletion request.
Usage analytics: aggregated data retained indefinitely; individual session data retained for 26 months.
7. Your Rights
You have the right to: access your personal data; correct inaccurate data; delete your account and data (subject to legal retention requirements); export your data; opt out of marketing communications. To exercise these rights, email support@directbookinghost.com.
8. Guest Rights
Guests whose data is collected through your booking site may contact you directly to exercise their privacy rights. As the data controller, you are responsible for responding to guest data requests. We will assist you in fulfilling these requests upon your instruction.
9. Cookies
We use essential cookies for authentication and session management. We plan to use Google Analytics cookies for usage insights — these can be opted out of via browser settings. We do not use advertising cookies or tracking pixels.
10. California Privacy Rights (CCPA)
California residents have the right to: know what personal data we collect; request deletion of personal data; opt out of the sale of personal data (we do not sell data); not be discriminated against for exercising privacy rights. To make a request, email support@directbookinghost.com.
11. Children's Privacy
The Service is not intended for users under 18. We do not knowingly collect data from children.
12. Data Breach Notification
In the event of a data breach that affects your personal information, we will notify affected users via email within 72 hours of becoming aware of the breach, as required by California law. We will also notify relevant authorities as required.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email at least 30 days before they take effect.
14. Contact
For privacy questions or data requests, contact us at support@directbookinghost.com.