Privacy Policy
Last updated: 13 July 2026
HostHives ("we", "us") provides property-management software to short-term-rental hosts and agencies. This policy explains what personal data we process, why, and the rights you have under the EU General Data Protection Regulation (GDPR) and comparable laws.
Two roles matter here. For data about our account holders (hosts and agency staff) we are the data controller. For data about guests that a host stores in HostHives, the host is the controller and we act as their processor under a Data Processing Agreement; guests should direct access or erasure requests to the host who manages their booking.
1. Data we collect
Account data: name, email, phone number, organization details, and role.
Guest data entered by hosts: names, contact details, booking history, messages, and — where a host uses the identity features — identity-document references and verification status.
Payment data: processed by Stripe. We store payout/transaction metadata, never full card numbers.
Usage and technical data: log events, request identifiers, device/browser information, and cookies (see our Cookie Policy).
2. Why we process it (legal bases)
- Performance of a contract — to provide the service you signed up for.
- Legitimate interests — to secure, maintain, and improve the platform, and to prevent abuse.
- Legal obligation — to meet tax, accounting, and regulatory-reporting requirements.
- Consent — for non-essential cookies and optional marketing, which you can withdraw at any time.
3. Sub-processors
We share data with vetted providers only as needed to run the service, each under a data-processing agreement:
- Neon — managed PostgreSQL database hosting (EU region).
- Cloudflare — application hosting, CDN, and object storage (R2) for media and documents.
- Stripe — payment processing and payouts.
- Resend — transactional email delivery.
- Twilio — SMS and WhatsApp messaging, where enabled.
- Anthropic — AI features such as message drafting, on request.
A current list is available on request and will be maintained on this page.
4. International transfers
We aim to keep EU personal data in EU regions. Where a sub-processor transfers data outside the EEA, we rely on adequacy decisions or Standard Contractual Clauses.
5. Retention
Account data is retained for the life of the account and then deleted or anonymized, subject to legal retention windows.
Financial records are retained for the period required by applicable tax law.
Identity documents in the sensitive store are kept for the shortest period necessary and auto-expire.
When a guest is erased, personal fields are anonymized in place while non-personal booking/financial records are retained for lawful accounting.
6. Your rights
Subject to applicable law, you may request:
- Access to and a portable copy of your data.
- Correction of inaccurate data.
- Erasure of your data.
- Restriction of or objection to certain processing.
- Withdrawal of consent where processing is based on consent.
To exercise these rights as an account holder, contact us at privacy@hosthives.com. If you are a guest, contact the host who manages your booking. You also have the right to lodge a complaint with your local data-protection authority.
7. Security
We enforce tenant isolation at the database level (row-level security), encrypt credentials at rest, use short-lived signed URLs for sensitive media, and maintain an append-only audit log of administrative actions.
8. Contact
Questions about this policy or our data practices: privacy@hosthives.com.