Privacy Policy

1. Our Role and Commitment

BookAStay.homes is committed to protecting your privacy while operating as a transparent booking platform. This policy explains how we collect, use, store, and protect your information in compliance with the Australian Privacy Act 1988 and Australian Privacy Principles.

Our Platform Role

As a platform connecting hosts and guests, we process personal information necessary for:

• •Facilitating property listings and bookings
• •Processing payments through secure escrow
• •Enabling secure communication between parties
• •Maintaining platform security and fraud prevention

2. Information We Collect

Personal Information:

• Full name and email address
• Phone number and country code
• Government-issued identification (for verification purposes only)
• Payment information (processed and stored by Stripe, not by us)
• Property ownership documents (for hosts only)
• Profile photo (optional)

Booking Information:

• Property search history and preferences
• Booking details (dates, guests, special requests)
• Payment history and transaction records
• Communication between hosts and guests through our messaging system
• Reviews and ratings

Technical Information:

• IP address and approximate location
• Device type, browser, and operating system
• Pages visited and features used
• Time spent on platform
• Cookies and similar tracking technologies

3. How We Use Your Information

Platform Operations:

• Booking Management: Process reservations, manage calendars, coordinate check-ins
• Payment Processing: Handle payments, security bonds, and escrow management
• Communication: Send booking confirmations, updates, and important notices
• User Support: Respond to inquiries and provide platform assistance

Security and Verification:

• Verify user identity to prevent fraud
• Detect and prevent unauthorized access
• Monitor for suspicious activity or policy violations
• Maintain transaction records for dispute purposes

Platform Improvement:

• Analyze usage patterns to improve user experience
• Develop new features based on user behavior
• Optimize search and recommendation algorithms
• Test platform performance and reliability

4. Data Storage and Security

Storage Infrastructure:

Primary Storage: Firebase (Google Cloud Platform)
Region: australia-southeast1 (Australian servers)
Backup Location: Redundant Australian data centers
Encryption: TLS/SSL in transit, AES-256 at rest
Backup Frequency: Daily automated backups with 30-day retention

Security Measures:

• End-to-end encryption for payment processing
• Multi-factor authentication for account access
• Regular security audits and penetration testing
• Employee access controls and monitoring
• Secure API communications with rate limiting

5. Data Sharing and Third Parties

We share your information only when necessary:

Service Providers:

• Stripe: Payment processing and PCI-compliant card storage
• Google Cloud: Hosting infrastructure and database services
• Google Maps: Location services and property mapping
• Twilio: SMS notifications for emergency cleaner requests

Between Users:

• Hosts see: Guest name, booking dates, number of guests, messages
• Guests see: Host name, property details, house rules, messages
• Not shared automatically: Phone numbers, email addresses, home addresses

Users may choose to share personal contact information through our messaging system, but we do not disclose this automatically. Once shared, we are not responsible for how that information is used.

Legal Requirements:

We may disclose information when legally required to:

• Comply with court orders or subpoenas
• Respond to law enforcement requests
• Protect our rights or property
• Prevent fraud or illegal activity
• Comply with tax reporting obligations (ATO)

What We Do NOT Do:

• We do NOT sell your personal information to third parties
• We do NOT share data with advertisers
• We do NOT rent or lease user lists
• We do NOT use your data for unrelated marketing purposes

6. Your Privacy Rights

Under the Australian Privacy Act 1988, you have the following rights:

Access and Correction:

• Access your personal information stored on our platform
• Request correction of inaccurate or incomplete data
• Update your profile and account settings at any time
• Download your booking history and transaction records

Deletion and Restriction:

• Request deletion of your account and associated data
• Opt-out of marketing communications (booking confirmations still sent)
• Request restriction of certain data processing activities
• Object to automated decision-making processes

Data Portability:

• Export your data in machine-readable format (JSON/CSV)
• Transfer your data to another service provider
• Receive copies of communications and transaction history

Note: Some data retention is legally required for tax and financial record-keeping (7 years for booking and payment records per ATO requirements). We cannot delete this data until the retention period expires.

7. Cookies and Tracking Technologies

Essential Cookies (Always Active):

• Authentication and session management
• Security and fraud prevention
• Platform functionality and preferences

Analytics Cookies (Optional):

• Google Analytics for usage statistics
• Performance monitoring and error tracking
• Search and feature usage analysis

See our Cookie Policy for detailed information about cookies, how to manage preferences, and opt-out options.

8. Data Retention

• Active Accounts: Retained until account deletion requested
• Booking Records: 7 years after booking date (tax law requirement)
• Payment Records: 7 years after transaction (ATO requirement)
• Messages: 2 years after booking completion
• Identity Verification: Duration of account plus 7 years
• Inactive Accounts: Deleted after 3 years of inactivity with 90-day notice

9. Children's Privacy

BookAStay.homes is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we become aware that a child has provided personal information, we will delete it immediately. Parents or guardians who believe their child has provided information should contact privacy@bookastay.homes.

10. International Data Transfers

While we primarily store data on Australian servers, some service providers (Stripe, Google Cloud) may process data internationally. All international transfers comply with Australian Privacy Principles and include appropriate safeguards through:

• Standard contractual clauses
• Privacy Shield certification (where applicable)
• Adequate data protection agreements

11. Changes to Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Material changes will be communicated via:

• Email notification to registered users
• Prominent notice on the Platform
• Updated "Last Modified" date at the top of this policy

Continued use of the Platform after changes constitutes acceptance of the updated policy.

12. Contact and Complaints

Privacy Inquiries:

Email: privacy@bookastay.homes
Data Protection Officer: dpo@bookastay.homes
General Support: support@bookastay.homes
Response Time: Within 30 days of request

Making a Complaint:

If you believe we have breached the Australian Privacy Principles:

1. Contact our privacy team at privacy@bookastay.homes
2. We will investigate and respond within 30 days
3. If unsatisfied with our response, contact the Office of the Australian Information Commissioner (OAIC)

OAIC Contact:

Phone: 1300 363 992
Website: www.oaic.gov.au
Mail: GPO Box 5288, Sydney NSW 2001