Privacy Policy

1. Introduction

StayDesk Ltd. ("StayDesk", "we", "our", or "us") is committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our website at staydesk.in or use our hotel automation platform (collectively, the "Services").

Please read this policy carefully. If you disagree with its terms, please discontinue use of our Services.

2. Who We Are

StayDesk Ltd. is the data controller for personal data collected through this website and our platform accounts. For personal data processed on behalf of hotels and accommodation providers (such as guest identity documents), StayDesk acts as a data processor, with the hotel being the data controller.

3. Information We Collect

3.1 Information You Provide

• Contact & Account Data: When you fill in our contact form or create an account, we collect your name, work email address, property type, and any message you submit.
• Billing Data: Payment details are collected and processed by our third-party payment provider (Stripe). We do not store full card numbers.
• Support Communications: Records of any support requests, feedback, or correspondence you send us.

3.2 Data Processed on Behalf of Hotels

When hotels use our OCR and check-in automation features, our platform processes guest identity document data (names, document numbers, nationalities, dates of birth) strictly as a data processor on the hotel's written instructions. This data is:

• Used solely to populate police-port or accommodation-register submissions required by law.
• Never sold, shared, or used for StayDesk's own marketing purposes.
• Deleted from our systems within 30 days of processing unless a longer retention period is required by applicable law.

3.3 Automatic Data Collection

• Log Data: IP address, browser type, pages visited, timestamps, and referring URLs.
• Cookies & Tracking: See our Cookie Policy for details.
• Device Information: Hardware model, operating system, and unique device identifiers.

4. How We Use Your Information

We use collected information to:

• Provide, operate, and improve our Services.
• Respond to enquiries and schedule product demos.
• Process payments and manage subscriptions.
• Send transactional emails (onboarding, invoices, service alerts).
• Send marketing communications where you have opted in (you may unsubscribe at any time).
• Comply with legal obligations (e.g., tax, accounting, anti-money laundering).
• Detect and prevent fraud or abuse of our platform.
• Analyse aggregate usage trends to enhance our product.

5. Legal Bases for Processing (GDPR)

6. Sharing Your Information

We do not sell personal data. We may share information with:

• Service Providers: Hosting (AWS / Vercel), payment processing (Stripe), analytics (PostHog), email delivery (Resend), and customer support tools — all bound by Data Processing Agreements.
• Hotels & Accommodation Providers: The hotel that engages our platform receives the extracted guest data it instructed us to process.
• Legal Authorities: Where required by law, court order, or regulatory demand.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, data may be transferred subject to the same privacy commitments.

7. Data Retention

We retain personal data for as long as necessary to fulfil the purposes described in this policy, unless a longer retention period is required by law:

• Account & billing data: Duration of contract + 7 years (tax/legal requirements).
• Contact form submissions: 2 years from last interaction.
• Guest document OCR data: Up to 30 days after processing; longer only where the hotel instructs and applicable law requires.
• Server logs: 90 days rolling.
• Marketing opt-in: Until you withdraw consent.

8. International Transfers

Our servers are primarily located in the EU/EEA. Where data is transferred outside the EEA, we rely on the European Commission's Standard Contractual Clauses (SCCs) or adequacy decisions to ensure an equivalent level of protection.

9. Security

We implement industry-standard technical and organisational measures to protect your data, including TLS encryption in transit, AES-256 encryption at rest, strict role-based access controls, and regular penetration testing. No system is completely secure; in the event of a data breach we will notify affected parties and supervisory authorities as required by law.

10. Your Rights

Depending on your jurisdiction, you may have rights to:

• Access the personal data we hold about you.
• Rectify inaccurate or incomplete data.
• Erase your personal data ("right to be forgotten").
• Restrict processing in certain circumstances.
• Data portability — receive your data in a structured, machine-readable format.
• Object to processing based on legitimate interests or for direct marketing.
• Withdraw consent at any time, without affecting prior lawful processing.

To exercise any of these rights, email privacy@staydesk.in. We respond within 30 days. For complaints, you may also lodge a claim with your local data-protection authority.

11. Children's Privacy

Our Services are not directed to individuals under 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, contact us at privacy@staydesk.in and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by posting the new policy on this page and, where appropriate, by email. The "Last updated" date at the top of this page indicates when the policy was last revised.