StayHub Privacy Policy

Last updated: 16 September 2025

This Privacy Policy explains how StayHub ("we", "us", "our") collects, uses, discloses, and safeguards personal data when you use the StayHub platform and related services.

1. Scope

This policy applies to: (a) StayHub web and mobile interfaces; (b) APIs and administrative dashboards; (c) operational modules including check‑in/out, room management, maintenance, payment, finance, survey, HR, account and analytics features.

2. Data We Collect

Category	Examples	Purpose
Identity	Name, phone, email, government ID (where required by law)	Booking, legal compliance, user identification
Booking & Stay	Reservation details, room number, check‑in/out timestamps, door access logs	Automate & audit stay operations
Device & Technical	IP, device model, OS, browser/app version, crash reports	Security, diagnostics, performance
Usage & Interaction	Feature usage events, notification tokens, survey responses	Service improvement, analytics
Staff Operational	Role, shift / location assignment, action logs	Access control, audit, HR oversight

Sensitive data (e.g. government ID) is only collected where mandated (local hospitality / KYC laws) and retained only for the legally required duration.

3. Sources of Data

Directly from users (forms, check‑in, account setup)
Automatically via application telemetry & Firebase Analytics / Crashlytics
Payment gateway notifications
Operational staff inputs (room status, maintenance tickets)

4. Legal Bases (where applicable)

Performance of contract (booking, access control)
Legitimate interests (security monitoring, service improvement)
Legal obligation (record retention, tax invoicing)
Consent (optional surveys, marketing notifications, push messaging)

5. How We Use Data

Process reservations, digital self check‑in, contract acknowledgment, and door code provisioning
Manage room lifecycle (booked / vacant / cleaning / maintenance)
Generate accurate invoices; reconcile payments (cash, card, transfer)
Provide real‑time dashboards (occupancy, revenue forecasting: daily/monthly/quarterly/yearly)
Manage multi‑property operations & staff role‑based access
Monitor maintenance & housekeeping workflows
Send transactional & operational push notifications (check‑in reminders, housekeeping updates)
Improve reliability via analytics & crash diagnostics
Security auditing and fraud prevention

6. Data Minimization & Retention

We keep personal data only as long as necessary for the purposes above or as required by law (e.g. fiscal retention periods). Operational logs are routinely cycled and aggregated. Access tokens & session data follow strict TTL policies.

7. Infrastructure & Security

Region: Microsoft Azure Cloud (Singapore) with high security standards
Multi‑tenancy: Fine‑grained access control; logically isolated dedicated storage per tenant
Encryption: In transit (TLS 1.2+) and at rest (platform managed encryption)
Identity & Auth: Google Firebase Authentication (hashed credentials / OAuth providers)
Monitoring: Firebase Analytics, Crashlytics; security metrics & anomaly detection
Least privilege IAM & role‑scoped API keys
Hardening: Regular patching, secret rotation, static & dependency scanning
Backups: Encrypted, periodic, tested for restorability
Audit: Critical actions (room status change, financial ops, door code generation) are logged

We do NOT sell personal data. We use service providers strictly under data processing agreements:

Google Firebase (Auth, Analytics, Crashlytics, FCM Push)
Cloud infrastructure (Azure) for hosting & storage
Payment processors / banks (for transaction settlement)
Communication / notification gateways (where regionally required)

Disclosures may occur to competent authorities where legally compelled or necessary to protect rights, safety, or investigate misuse.

9. International Transfers

Primary storage resides in Azure Singapore. Where sub‑processors store or route data across regions, safeguards (e.g. SCCs, contractual controls) are applied.

10. Your Rights (subject to jurisdiction)

Access & portability
Rectification
Erasure (where no overriding legal basis)
Restriction & objection to certain processing
Withdraw consent (surveys / marketing / push categories)
Complaint to a supervisory authority

Requests: Contact us at privacy@stayhub.app (identity verification may be required).

11. Cookies & Similar Technologies

We may use local storage / cookies / tokens for session continuity and security. Analytics SDK event collection is pseudonymized. You may adjust notification & analytics consent in account settings (where feature supported).

12. Children

StayHub is not directed to children under the age required by local guest registration law. Accounts must be created by adults or authorized representatives.

13. Security Incident Response

We maintain an incident response plan including triage, containment, eradication, recovery, and notification (where legally required) within defined SLA windows.

14. Changes

Material updates will be notified via in‑app notice or email. Revision date will update above.

15. Contact

info@appsindie.com

This policy forms part of the StayHub Terms & Conditions.

1. Scope​

2. Data We Collect​

3. Sources of Data​

4. Legal Bases (where applicable)​

5. How We Use Data​

6. Data Minimization & Retention​

7. Infrastructure & Security​

8. Data Sharing & Processors​

9. International Transfers​

10. Your Rights (subject to jurisdiction)​

11. Cookies & Similar Technologies​

12. Children​

13. Security Incident Response​

14. Changes​

15. Contact​