Privacy Policy

1. Who We Are

Offer2Stay ("we", "us", "our") operates the Offer2Stay platform at https://www.offer2stay.co.uk. We are the data controller responsible for your personal data under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Protection Officer (DPO): enquiries@offer2stay.co.uk

2. What Data We Collect

• Account data: name, email address, phone number, role (guest or host).
• Enquiry data: preferred location, dates, number of guests, budget, amenity requirements.
• Property data (hosts): property address, photos, descriptions, pricing, availability.
• Booking & payment data: booking dates, amounts, Stripe payment references (we do not store full card numbers).
• Messages: content of conversations between guests and hosts on the platform.
• Technical data: IP address, browser type, device info, pages visited, timestamps — collected via server logs and cookies.

3. How We Use Your Data

• To create and manage your account.
• To match guest enquiries with suitable host properties.
• To process bookings and payments via Stripe.
• To send transactional emails (booking confirmations, offer notifications, reminders).
• To provide customer support and resolve disputes.
• To detect fraud and enforce our terms of service.
• To improve our platform through aggregated, anonymised analytics.

4. Legal Bases for Processing

• Contract: processing necessary to provide the platform services you signed up for.
• Legitimate interests: fraud prevention, platform security, service improvement.
• Legal obligation: tax records, regulatory compliance.
• Consent: marketing communications (you can opt out at any time).

5. Data Sharing

We share your data only when necessary:

• Between guests and hosts: to facilitate bookings (name, dates, enquiry details).
• Stripe (Stripe Connect):payment processing via destination charges. A 10% platform fee is deducted before funds are transferred to the host's connected Stripe account. Card details are handled entirely by Stripe and never touch our servers. Governed by Stripe's Privacy Policy.
• Supabase: authentication and database hosting. User credentials are managed via Supabase Auth; application data is stored in a PostgreSQL database hosted by Supabase.
• Resend: transactional email delivery.
• Law enforcement: when required by law or valid legal process.

We do not sell your personal data to third parties.

6. Data Retention

We retain your account data for as long as your account is active. After account deletion, we retain booking and payment records for 7 years for tax and legal compliance. Anonymised analytics data may be retained indefinitely.

7. Your Rights

Under UK GDPR, you have the right to:

• Access the personal data we hold about you.
• Rectify inaccurate data.
• Erase your data (subject to legal retention requirements).
• Restrict or object to certain processing.
• Data portability (receive your data in a structured format).
• Withdraw consent at any time (for consent-based processing).
• Lodge a complaint with the Information Commissioner's Office (ICO).

To exercise your rights, email our DPO at enquiries@offer2stay.co.uk. We will respond within 30 days.

8. Cookies

We use essential cookies for authentication and session management. We may use analytics cookies (e.g. PostHog) with your consent. You can manage cookie preferences in your browser settings.

9. Security

We implement industry-standard security measures including encryption in transit (TLS), encrypted database connections, role-based access controls, and regular security reviews. However, no system is 100% secure — please use a strong, unique password.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or a notice on the platform. Continued use of Offer2Stay after changes constitutes acceptance of the revised policy.

11. Contact

For any questions about this privacy policy or your personal data, contact our Data Protection Officer at enquiries@offer2stay.co.uk.