Privacy Policy

1. Introduction

This Privacy Policy describes how Encore Stays ("we," "us," or "our") collects, uses, shares, and protects personal information when you use our vacation rental loyalty and rewards platform (the "Service").

This policy applies to vacation rental hosts ("Hosts") who use our platform to create and manage loyalty programs. A separate privacy policy applies to guests who participate in host loyalty programs.

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

When you register for and use the Service, we collect information you provide directly, including:

• Account Information: Email address, name, account name, password
• Property Information: Property names, descriptions, locations, and seasonal details
• Loyalty Program Data: Program names, rules, rewards, and configurations
• Guest Information: Guest names, email addresses, booking details, and reward activity that you upload or enter
• Payment Information: Billing details processed through our payment processor (Stripe)
• Communications: Messages, support requests, and feedback you send to us

2.2 Information Collected Automatically

When you access the Service, we automatically collect certain technical information:

• Usage Data: Pages viewed, features used, actions taken, time spent on the Service
• Device Information: IP address, browser type and version, device type, operating system
• Cookies and Similar Technologies: Session identifiers, preferences, authentication tokens
• Log Data: Access times, error logs, and diagnostic information

2.3 Information from Third Parties

We may receive information about you from third-party services:

• Payment Processors: Stripe provides us with billing and payment status information
• Analytics Providers: Aggregated usage statistics and performance metrics

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 To Provide the Service

• Create and maintain your account
• Process and manage your loyalty programs and rewards
• Enable communication with your guests
• Store and manage your property and program data
• Process subscription payments and billing

3.2 To Improve and Optimize

• Analyze usage patterns to improve features and performance
• Diagnose and fix technical issues
• Develop new features and functionality
• Conduct research and analytics

3.3 To Communicate With You

• Send transactional emails (account updates, billing notices, security alerts)
• Provide customer support and respond to inquiries
• Send product updates and feature announcements (with your consent)
• Request feedback and conduct surveys

3.4 To Ensure Security and Compliance

• Detect and prevent fraud, abuse, and security threats
• Enforce our Terms of Service
• Comply with legal obligations and respond to legal requests
• Protect our rights, privacy, safety, and property

4. How We Share Your Information

We do not sell your personal information. We share information only in the following limited circumstances:

4.1 Service Providers

We share information with third-party service providers who perform services on our behalf:

• Payment Processing: Stripe processes payment information securely
• Hosting and Infrastructure: DigitalOcean hosts our application and database
• Email Delivery: Email service providers send transactional and notification emails
• Analytics: Analytics services help us understand usage patterns

These service providers are contractually obligated to use your information only for the specified purposes and to maintain appropriate security measures.

4.2 Legal Requirements

We may disclose your information when required by law or in response to:

• Court orders, subpoenas, or legal process
• Law enforcement requests or government investigations
• Legal claims or disputes
• Emergency situations involving danger to persons or property

4.3 Business Transfers

If we are involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred to the successor entity. We will notify you of any such change and how it affects your data.

4.4 With Your Consent

We may share your information for other purposes with your explicit consent.

5. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: Data is encrypted in transit (TLS/SSL) and at rest
• Access Controls: Strict authentication and authorization mechanisms
• Regular Backups: Automated daily backups stored securely
• Security Monitoring: Continuous monitoring for threats and vulnerabilities
• Secure Infrastructure: Hosted on secure, reputable cloud infrastructure

However, no method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

6. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this policy:

• Account Data: Retained while your account is active and for a reasonable period after cancellation to allow reactivation
• Guest Data: Retained as long as you maintain an active account or as required for your loyalty programs
• Transaction Data: Retained for accounting and tax purposes (typically 7 years)
• Log Data: Retained for security and diagnostic purposes (typically 90 days)

When information is no longer needed, we securely delete or anonymize it. Some information may be retained in backups for a limited time as part of our disaster recovery procedures.

7. Your Rights and Choices

You have certain rights regarding your personal information:

7.1 Access and Portability

You can access and download your data through your account settings. You may also request a copy of your personal information by contacting us.

7.2 Correction and Update

You can update your account information, property details, and program settings directly through the Service.

7.3 Deletion

You can delete your account and associated data through account settings or by contacting us. We will delete your information within 30 days, subject to legal retention requirements.

7.4 Marketing Communications

You can opt out of promotional emails by clicking the unsubscribe link in any marketing email or by adjusting your communication preferences in account settings. Note that you cannot opt out of transactional emails necessary for the Service.

7.5 Cookies

You can control cookies through your browser settings. Note that disabling cookies may affect the functionality of the Service.

8. Regional Privacy Rights

8.1 California Residents (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act:

• Right to know what personal information we collect, use, and share
• Right to request deletion of personal information
• Right to opt out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising these rights

To exercise these rights, contact us at privacy@encorestays.com.

8.2 European Economic Area Residents (GDPR)

If you are located in the EEA, you have rights under the General Data Protection Regulation:

• Right to access, correct, and delete your personal data
• Right to restrict or object to processing
• Right to data portability
• Right to withdraw consent
• Right to lodge a complaint with a supervisory authority

Our legal basis for processing your information includes:

• Contract Performance: Processing necessary to provide the Service
• Legitimate Interests: Improving the Service, security, and customer support
• Legal Obligations: Compliance with applicable laws
• Consent: Where you have given explicit consent

9. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately and we will delete it.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. By using the Service, you consent to the transfer of your information to the United States and other jurisdictions where we operate.

We implement appropriate safeguards, such as standard contractual clauses, to protect your information during international transfers.

11. Your Responsibilities

As a Host using the Service to collect and process guest information, you are responsible for:

• Obtaining proper consent from your guests before collecting their personal information
• Providing guests with appropriate privacy notices
• Complying with all applicable data protection laws (GDPR, CCPA, etc.)
• Ensuring guest information is accurate and up-to-date
• Honoring guest requests to access, correct, or delete their information
• Using guest information only for legitimate loyalty program purposes

You agree to indemnify us for any violations of data protection laws arising from your use of the Service.

12. Third-Party Links and Services

The Service may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:

• Posting the updated policy on our website with a new "Last Updated" date
• Sending you an email notification
• Displaying a notice in the Service

Your continued use of the Service after the effective date constitutes acceptance of the updated policy. We recommend reviewing this policy periodically.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Encore Stays
Email: privacy@encorestays.com
Subject Line: Privacy Inquiry

For data deletion requests, please include "Data Deletion Request" in the subject line and provide your account email address.

We will respond to all inquiries within 30 days, or sooner as required by applicable law.

15. Summary of Data We Collect

For your convenience, here is a summary of the categories of personal information we collect: