Last Updated: 6 July 2026
Hostify.com, Inc. (“Hostify”, “we”, “us”, or “our”) is a Delaware corporation located at 16192 Coastal Hwy, Lewes, DE 19958, United States. We provide property management and channel management software to hospitality businesses worldwide.
This Privacy Policy explains how we collect, use, store, share, and protect personal data when you use our platform and services. It also describes your rights regarding your personal data.
If you have any questions, contact us at info@hostify.com.
This policy applies to:
● (a) Customers — property managers, hosts, and hospitality businesses that create accounts and use the Hostify platform.
● (b) Guests — individuals whose personal data is submitted to the platform by Customers in connection with bookings and stays at properties managed through Hostify.
● (c) Visitors — individuals who visit our website at hostify.com.
When you create a Hostify account and use our platform, Hostify acts as the data controller of your personal data — we determine why and how your data is processed.
When Customers submit guest personal data to the platform (names, ID details, booking information, etc.), the Customer is the data controller and Hostify acts as a data processor, processing guest data only on the Customer’s behalf and under their instructions. Our processing of guest data is governed by the Hostify Data Processing Agreement (DPA).
If you are a guest and have questions about how your personal data is used, please contact the property or host you made your booking with in the first instance. We will assist property managers in responding to guest data requests as required under the DPA.
● Name, email address, phone number
● Company name and address
● Account login credentials
● Billing and payment information
● Property details (addresses, listing information)
● Platform usage data and logs
● Communications with our support team
● Browser and device information
● Name, date of birth, nationality, address
● Identity document details (type, number, issue country, expiry date)
● Reservation and booking details
● Contact details (email, phone number)
● Communication content
● IP address and device information
● IP address and approximate location
● Browser type and device information
● Pages visited and time spent
● Referral source
● Cookie data (see Section 9)
● Directly from you when you register, use the platform, or contact us
● From Customers when they submit guest data through the platform
● Automatically through cookies and similar technologies when you visit our website
● From third-party integrations and channel partners connected to your account
We process personal data only where we have a lawful basis to do so.
We process Customer account data and billing information to provide the Services, manage your subscription, and fulfil our contractual obligations.
We process data where required by applicable law, including tax and accounting obligations, fraud prevention requirements, and responses to lawful requests from authorities.
We process certain data for our legitimate business interests, including platform security, fraud prevention, product improvement, and internal analytics, where these interests are not overridden by your rights.
Where we rely on consent — for example for marketing communications — you may withdraw consent at any time by contacting info@hostify.com or using the unsubscribe link in any marketing email.
Hostify processes guest data as a processor on behalf of Customers. The lawful basis for that processing is determined by the Customer as the data controller.
● Create and manage your account
● Synchronize listings across channels
● Manage reservations and availability
● Enable guest communication tools
● Provide customer support
● Process subscription payments
● Issue invoices and receipts
● Handle disputes and refunds
● Analyse platform usage to identify improvements
● Monitor platform performance and uptime
● Develop new features and functionality
● Send service notifications and product updates
● Respond to support requests
● Send marketing communications about our services (where you have consented or where permitted under applicable law)
● Detect and prevent unauthorized access
● Monitor for suspicious activity
● Protect the integrity of the platform
● Respond to lawful requests from courts, regulators, and law enforcement
● Meet statutory accounting and tax obligations
Hostify uses artificial intelligence and machine learning technologies through third-party providers to power certain platform features and functionality.
We do not use Customer data or Guest data to train generalised AI or machine learning models without your express written consent.
Where AI features process personal data, this is disclosed in our Sub-processors list available at hostify.com/sub-processors.
We do not sell personal data for monetary consideration.
We use Google Ads remarketing on our public website (hostify.com) to show you relevant ads on other websites after you visit ours. This involves transmitting a device or browser identifier to Google, which Google may use for its own advertising purposes. Under the CCPA/CPRA, this constitutes a “share” of personal information for cross-context behavioural advertising, regardless of the fact that no money changes hands. Remarketing is not used within the guest check-in flow or the authenticated Customer platform — it operates only on the public marketing website through the marketing cookies described in Section 9.
You have the right to opt out of this sharing. You can do so by:
● Using the “Do Not Sell or Share My Personal Information” link in the footer of hostify.com; or
● Enabling the Global Privacy Control (GPC) signal in your browser, which we honour as a valid opt-out request; or
● Declining marketing cookies through the cookie settings link described in Section 9; or
● Contacting us using the details in Section 16.
We may also share personal data with:
● (a) Sub-processors — third-party service providers engaged to help us deliver the platform (infrastructure, payments, communications, support). A current list of our sub-processors is available at hostify.com/sub-processors. We require all sub-processors to maintain data protection standards equivalent to our own.
● (b) Customers — we share guest data with the relevant property manager / Customer as part of delivering the Services.
● (c) Google, for remarketing purposes as described above.
● (d) Legal and regulatory authorities — where required by applicable law or in response to a lawful request.
● (e) Business transfers — in connection with a merger, acquisition, or sale of assets, subject to confidentiality obligations.
We use cookies and similar technologies on our website. These include:
● Strictly necessary cookies: required for login, security, and core platform functionality. Cannot be disabled.
● Functional cookies: remember your preferences and settings.
● Analytics cookies: help us understand how the platform is used so we can improve it.
● Marketing cookies: used on our public website only, including the Google Ads remarketing tag, to measure campaign performance and show you relevant ads on other sites. See Section 8 for details on how this may constitute a “share” of personal information under CCPA/CPRA and how to opt out. Not used within the guest check-in flow.
You can manage your cookie preferences through your browser settings or via the cookie settings link in the footer of our website. For full details see our Cookie Policy at hostify.com/cookies.
Hostify is established in the United States. If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, your personal data may be transferred to and processed in the United States.
Such transfers are carried out under appropriate safeguards, which may include:
● Standard Contractual Clauses adopted by the European Commission (Decision 2021/914)
● UK International Data Transfer Addendum
● Other lawful transfer mechanisms as applicable
You may request further information about the applicable transfer safeguards by contacting info@hostify.com.
In accordance with Article 27 of the GDPR, Hostify has appointed NetReact Ltd. as its representative in the European Union for data protection matters. EEA residents may contact our EU representative at:
NetReact Ltd. Hadzhi Dimiter 151 Sofia, Bulgaria info@netreact.com
We retain personal data only for as long as necessary for the purposes described in this policy.
Data category | Retention period |
Customer account data | Duration of subscription + 90 days |
Billing and payment records | 7 years (statutory accounting obligation) |
Support correspondence | 3 years from last interaction |
Platform usage logs | 12 months |
Guest data (as processor) | Per Customer instruction and applicable law |
Marketing contact data | Until consent withdrawn or opt-out received |
Website visitor data | 12 months |
Where retention is required by applicable law, we retain data for the period required by that law regardless of the above.
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration, and disclosure. These measures include encryption in transit and at rest, access controls, multi-factor authentication for privileged access, and regular security monitoring.
No method of transmission over the internet or electronic storage is completely secure.
If we become aware of a breach of security leading to the accidental or unlawful destruction, loss, alteration, or unauthorised disclosure of, or access to, personal data, we will notify affected individuals and, where required, the relevant supervisory authority without undue delay and, in any event, within 72 hours of becoming aware of the breach where required under Article 33 of the GDPR, or within the timeframe required under other applicable law.
Our platform is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected such data, please contact us at info@hostify.com and we will delete it promptly.
Where a Customer submits personal data relating to a minor in connection with a Guest’s booking or stay (for example, a child travelling with a parent or guardian), that data is provided and controlled by the Customer and/or the accompanying adult, not collected by us directly from the minor. The statement above — that we do not knowingly collect personal data from children under 16 — refers to direct collection from individuals interacting with our platform as Customers or website visitors, and does not apply to Guest data submitted about a minor by a Customer or accompanying adult under the arrangement described in Section 2.2.
Under applicable data protection law you have the right to:
● Access your personal data
● Correct inaccurate or incomplete data
● Request erasure of your data
● Restrict processing of your data
● Receive your data in a portable format
● Object to processing based on legitimate interests
● Withdraw consent at any time where processing is based on consent
● Lodge a complaint with your national data protection supervisory authority
EEA residents may also direct data protection queries to our EU representative: NetReact Ltd., Hadzhi Dimiter 151, Sofia, Bulgaria — info@netreact.com
If you are a California resident, you have the right to:
● Know what personal information we collect, use, disclose, and sell
● Delete your personal information
● Correct inaccurate personal information
● Opt out of the sale or sharing of personal information (see Section 8 above regarding Google Ads remarketing)
● Limit the use of sensitive personal information
● Non-discrimination for exercising your rights
For full detail, see our California Privacy Notice, which supplements this Policy.
To exercise any of these rights, contact us using the details in Section 16 below. We will respond within the timeframe required by applicable law. We may need to verify your identity before processing your request.
Authorized agents may submit requests on behalf of California residents with appropriate verification.
If you are a resident of Virginia, Colorado, Connecticut, Utah, Oregon, Texas, or another U.S. state with a comprehensive consumer privacy law, you may have similar rights to those described in Section 14.2, including the right to access, correct, delete, and obtain a portable copy of your personal data, and to opt out of processing for targeted advertising, the sale of personal data, or profiling used to make decisions that produce legal or similarly significant effects. To exercise these rights, contact us using the details in Section 16 below. We will respond within the timeframe required by the applicable law of your state of residence.
To exercise any of the rights listed above, contact us at info@hostify.com or via our online request form at hostify.com/contacts. We will respond within one month of receiving your request. This period may be extended by a further two months where necessary, in which case we will inform you.
We may update this Privacy Policy from time to time. We will notify you of material changes by email or via the platform at least 30 days before the changes take effect. The “Last Updated” date at the top of this page reflects the most recent version.
For any questions, requests, or complaints regarding this Privacy Policy or our data practices:
Hostify.com, Inc. 16192 Coastal Hwy Lewes, DE 19958 United States info@hostify.com Online request form: hostify.com/contacts
EU Representative (GDPR Art. 27): NetReact Ltd. Hadzhi Dimiter 151 Sofia, Bulgaria info@netreact.com