Privacy Policy

Last updated: July 2026

This Privacy Policy explains how StayOn ("we", "us") collects and uses personal data when hosts and agencies use our platform and when guests extend their stay through a StayOn link or QR code. We act as data controller for the data described below. Contact: privacy@stay-on.app.

Data we collect

Agency accounts: your email, name and agency name when you sign up, and the apartments and settings you create.

Guests: at checkout we collect the email and name you provide to Stripe, and your booking details (apartment, type of extension, amount, date). We do not store card numbers — payment data is handled entirely by Stripe.

Technical: essential cookies to keep you signed in, and basic server logs for security and reliability.

Why we use it

To provide the service (accounts, apartments, availability, bookings), process payments, send booking confirmations and notifications, and keep the platform secure. The legal bases are the performance of a contract and our legitimate interest in running a reliable service.

Service providers

We share data only with the processors needed to run StayOn: Supabase (database & authentication), Stripe (payments), Resend (transactional emails), and Vercel (hosting). Each processes data on our behalf under their own terms and security measures.

Retention

We keep account and booking data for as long as your account is active and as required to meet legal, accounting and tax obligations, then delete or anonymise it.

Your rights

Under the GDPR you may request access to, correction of, or deletion of your personal data, object to certain processing, and request data portability. To exercise these rights, email privacy@stay-on.app. You may also lodge a complaint with your local data protection authority.

Cookies

We use only strictly necessary cookies (for authentication and security). We do not use advertising or tracking cookies.

Changes

We may update this policy. Material changes will be reflected by the "Last updated" date above.