Privacy Policy

1. Information We Collect

Account Information: When you create an account, we collect your name, email address, and password (stored as a secure one-way hash using PBKDF2 with 310,000 iterations — never stored in plain text).

Business Information: Information you voluntarily provide including business name, EIN, AZ TPT license number, address, and owner names used for reporting and compliance purposes.

Property Data: Property details, booking records, pricing rules, financial transactions, and calendar data you enter into the Service.

Guest Data: Guest names, contact information, and booking history you input on behalf of your guests. You are the data controller for this information.

Usage Data: Log data including IP addresses, browser type, pages visited, and actions taken within the Service for security monitoring and product improvement.

Device Data: Session fingerprints derived from your device type and network subnet, used to detect unauthorized access to your account.

2. How We Use Your Information

• To provide, maintain, and improve the Service
• To authenticate your identity and protect your account
• To generate the financial reports, owner statements, and tax summaries you request
• To send transactional emails (password resets, email verification, booking notifications)
• To detect and prevent fraud, unauthorized access, and abuse
• To comply with legal obligations

We do not use your data for advertising, sell it to data brokers, or share it with third parties except as described in this policy.

3. Data Storage & Security

Your data is stored in Cloudflare D1 (SQLite database) hosted on Cloudflare's global infrastructure. All data is encrypted at rest and in transit using TLS 1.3. We apply industry-standard security measures including rate limiting, session management, and audit logging. Photos and attachments are stored as encrypted database records.

Cloudflare processes data in accordance with their Data Processing Addendum and applicable privacy regulations. Data centers are primarily located in the United States.

4. Data Retention

• Account data: Retained for the lifetime of your account, plus 90 days after deletion.
• Financial records: Retained for 7 years to comply with tax record requirements.
• Audit logs: Retained for 2 years for security purposes.
• Session tokens: Expire after 30 days of inactivity.
• Password reset tokens: Expire after 15 minutes.

5. Third-Party Services

• Cloudflare: Infrastructure, CDN, and database hosting. Privacy Policy
• Groq AI: Powers the AI Advisor feature. Only your chat messages are sent — no personal or financial data. Privacy Policy
• Stripe: Payment processing for direct bookings (when enabled). Subject to Stripe's privacy policy. Privacy Policy
• Airbnb / VRBO: iCal calendar sync. Only calendar availability data is exchanged. No credentials or personal data are shared.
• MailChannels: Transactional email delivery (password resets, verification).

6. Your Privacy Rights

7. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that a minor has provided personal information, we will delete it promptly.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice within the Service at least 14 days before changes take effect.

9. Contact Us

For privacy-related questions, requests, or to exercise your rights, contact us at:
Email: privacy@ratelab.pro
Address: Phoenix Metro Area, Arizona, United States