🔥 Exclusive Offer: Get 30% OFF Your First 3 Months
Learn more

Privacy Policy

Last Updated: 6 July 2026

Hostify.com, Inc. (“Hostify”, “we”, “us”, or “our”) is a Delaware corporation located at 16192 Coastal Hwy, Lewes, DE 19958, United States. We provide property management and channel management software to hospitality businesses worldwide.

This Privacy Policy explains how we collect, use, store, share, and protect personal data when you use our platform and services. It also describes your rights regarding your personal data.

If you have any questions, contact us at info@hostify.com.

1. WHO THIS POLICY APPLIES TO

This policy applies to:

      (a) Customers — property managers, hosts, and hospitality businesses that create accounts and use the Hostify platform.

      (b) Guests — individuals whose personal data is submitted to the platform by Customers in connection with bookings and stays at properties managed through Hostify.

      (c) Visitors — individuals who visit our website at hostify.com.

2. DATA ROLES

2.1 For Customer Data

When you create a Hostify account and use our platform, Hostify acts as the data controller of your personal data — we determine why and how your data is processed.

2.2 For Guest Data

When Customers submit guest personal data to the platform (names, ID details, booking information, etc.), the Customer is the data controller and Hostify acts as a data processor, processing guest data only on the Customer’s behalf and under their instructions. Our processing of guest data is governed by the Hostify Data Processing Agreement (DPA).

If you are a guest and have questions about how your personal data is used, please contact the property or host you made your booking with in the first instance. We will assist property managers in responding to guest data requests as required under the DPA.

3. DATA WE COLLECT

3.1 Customers

      Name, email address, phone number

      Company name and address

      Account login credentials

      Billing and payment information

      Property details (addresses, listing information)

      Platform usage data and logs

      Communications with our support team

      Browser and device information

3.2 Guests (submitted by Customers)

      Name, date of birth, nationality, address

      Identity document details (type, number, issue country, expiry date)

      Reservation and booking details

      Contact details (email, phone number)

      Communication content

      IP address and device information

3.3 Website Visitors

      IP address and approximate location

      Browser type and device information

      Pages visited and time spent

      Referral source

      Cookie data (see Section 9)

4. HOW WE COLLECT DATA

      Directly from you when you register, use the platform, or contact us

      From Customers when they submit guest data through the platform

      Automatically through cookies and similar technologies when you visit our website

      From third-party integrations and channel partners connected to your account

5. LAWFUL BASES FOR PROCESSING

We process personal data only where we have a lawful basis to do so.

5.1 Contract performance (GDPR Art. 6(1)(b))

We process Customer account data and billing information to provide the Services, manage your subscription, and fulfil our contractual obligations.

5.2 Legal obligation (GDPR Art. 6(1)(c))

We process data where required by applicable law, including tax and accounting obligations, fraud prevention requirements, and responses to lawful requests from authorities.

5.3 Legitimate interests (GDPR Art. 6(1)(f))

We process certain data for our legitimate business interests, including platform security, fraud prevention, product improvement, and internal analytics, where these interests are not overridden by your rights.

5.4 Consent (GDPR Art. 6(1)(a))

Where we rely on consent — for example for marketing communications — you may withdraw consent at any time by contacting info@hostify.com or using the unsubscribe link in any marketing email.

5.5 Guest data processed by Customers

Hostify processes guest data as a processor on behalf of Customers. The lawful basis for that processing is determined by the Customer as the data controller.

6. HOW WE USE YOUR DATA

6.1 To provide and maintain the platform

      Create and manage your account

      Synchronize listings across channels

      Manage reservations and availability

      Enable guest communication tools

      Provide customer support

6.2 To manage billing and payments

      Process subscription payments

      Issue invoices and receipts

      Handle disputes and refunds

6.3 To improve our services

      Analyse platform usage to identify improvements

      Monitor platform performance and uptime

      Develop new features and functionality

6.4 To communicate with you

      Send service notifications and product updates

      Respond to support requests

      Send marketing communications about our services (where you have consented or where permitted under applicable law)

6.5 For security and fraud prevention

      Detect and prevent unauthorized access

      Monitor for suspicious activity

      Protect the integrity of the platform

6.6 To comply with legal obligations

      Respond to lawful requests from courts, regulators, and law enforcement

      Meet statutory accounting and tax obligations

7. ARTIFICIAL INTELLIGENCE

Hostify uses artificial intelligence and machine learning technologies through third-party providers to power certain platform features and functionality.

We do not use Customer data or Guest data to train generalised AI or machine learning models without your express written consent.

Where AI features process personal data, this is disclosed in our Sub-processors list available at hostify.com/sub-processors.

8. DATA SHARING

We do not sell personal data for monetary consideration.

We use Google Ads remarketing on our public website (hostify.com) to show you relevant ads on other websites after you visit ours. This involves transmitting a device or browser identifier to Google, which Google may use for its own advertising purposes. Under the CCPA/CPRA, this constitutes a “share” of personal information for cross-context behavioural advertising, regardless of the fact that no money changes hands. Remarketing is not used within the guest check-in flow or the authenticated Customer platform — it operates only on the public marketing website through the marketing cookies described in Section 9.

You have the right to opt out of this sharing. You can do so by:

      Using the “Do Not Sell or Share My Personal Information” link in the footer of hostify.com; or

      Enabling the Global Privacy Control (GPC) signal in your browser, which we honour as a valid opt-out request; or

      Declining marketing cookies through the cookie settings link described in Section 9; or

      Contacting us using the details in Section 16.

We may also share personal data with:

      (a) Sub-processors — third-party service providers engaged to help us deliver the platform (infrastructure, payments, communications, support). A current list of our sub-processors is available at hostify.com/sub-processors. We require all sub-processors to maintain data protection standards equivalent to our own.

      (b) Customers — we share guest data with the relevant property manager / Customer as part of delivering the Services.

      (c) Google, for remarketing purposes as described above.

      (d) Legal and regulatory authorities — where required by applicable law or in response to a lawful request.

      (e) Business transfers — in connection with a merger, acquisition, or sale of assets, subject to confidentiality obligations.

9. COOKIES

We use cookies and similar technologies on our website. These include:

      Strictly necessary cookies: required for login, security, and core platform functionality. Cannot be disabled.

      Functional cookies: remember your preferences and settings.

      Analytics cookies: help us understand how the platform is used so we can improve it.

      Marketing cookies: used on our public website only, including the Google Ads remarketing tag, to measure campaign performance and show you relevant ads on other sites. See Section 8 for details on how this may constitute a “share” of personal information under CCPA/CPRA and how to opt out. Not used within the guest check-in flow.

You can manage your cookie preferences through your browser settings or via the cookie settings link in the footer of our website. For full details see our Cookie Policy at hostify.com/cookies.

10. INTERNATIONAL DATA TRANSFERS

Hostify is established in the United States. If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, your personal data may be transferred to and processed in the United States.

Such transfers are carried out under appropriate safeguards, which may include:

      Standard Contractual Clauses adopted by the European Commission (Decision 2021/914)

      UK International Data Transfer Addendum

      Other lawful transfer mechanisms as applicable

You may request further information about the applicable transfer safeguards by contacting info@hostify.com.

In accordance with Article 27 of the GDPR, Hostify has appointed NetReact Ltd. as its representative in the European Union for data protection matters. EEA residents may contact our EU representative at:

NetReact Ltd. Hadzhi Dimiter 151 Sofia, Bulgaria info@netreact.com

11. DATA RETENTION

We retain personal data only for as long as necessary for the purposes described in this policy.

Data category

Retention period

Customer account data

Duration of subscription + 90 days

Billing and payment records

7 years (statutory accounting obligation)

Support correspondence

3 years from last interaction

Platform usage logs

12 months

Guest data (as processor)

Per Customer instruction and applicable law

Marketing contact data

Until consent withdrawn or opt-out received

Website visitor data

12 months

 

Where retention is required by applicable law, we retain data for the period required by that law regardless of the above.

12. DATA SECURITY

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration, and disclosure. These measures include encryption in transit and at rest, access controls, multi-factor authentication for privileged access, and regular security monitoring.

No method of transmission over the internet or electronic storage is completely secure.

If we become aware of a breach of security leading to the accidental or unlawful destruction, loss, alteration, or unauthorised disclosure of, or access to, personal data, we will notify affected individuals and, where required, the relevant supervisory authority without undue delay and, in any event, within 72 hours of becoming aware of the breach where required under Article 33 of the GDPR, or within the timeframe required under other applicable law. 

13. CHILDREN

Our platform is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected such data, please contact us at info@hostify.com and we will delete it promptly.

Where a Customer submits personal data relating to a minor in connection with a Guest’s booking or stay (for example, a child travelling with a parent or guardian), that data is provided and controlled by the Customer and/or the accompanying adult, not collected by us directly from the minor. The statement above — that we do not knowingly collect personal data from children under 16 — refers to direct collection from individuals interacting with our platform as Customers or website visitors, and does not apply to Guest data submitted about a minor by a Customer or accompanying adult under the arrangement described in Section 2.2.

14. YOUR RIGHTS

14.1 EEA, UK, and Swiss residents

Under applicable data protection law you have the right to:

      Access your personal data

      Correct inaccurate or incomplete data

      Request erasure of your data

      Restrict processing of your data

      Receive your data in a portable format

      Object to processing based on legitimate interests

      Withdraw consent at any time where processing is based on consent

      Lodge a complaint with your national data protection supervisory authority

EEA residents may also direct data protection queries to our EU representative: NetReact Ltd., Hadzhi Dimiter 151, Sofia, Bulgaria — info@netreact.com

14.2 California residents (CCPA / CPRA)

If you are a California resident, you have the right to:

      Know what personal information we collect, use, disclose, and sell

      Delete your personal information

      Correct inaccurate personal information

      Opt out of the sale or sharing of personal information (see Section 8 above regarding Google Ads remarketing)

      Limit the use of sensitive personal information

      Non-discrimination for exercising your rights

For full detail, see our California Privacy Notice, which supplements this Policy.

To exercise any of these rights, contact us using the details in Section 16 below. We will respond within the timeframe required by applicable law. We may need to verify your identity before processing your request.

Authorized agents may submit requests on behalf of California residents with appropriate verification.

14.3 Residents of other U.S. states

If you are a resident of Virginia, Colorado, Connecticut, Utah, Oregon, Texas, or another U.S. state with a comprehensive consumer privacy law, you may have similar rights to those described in Section 14.2, including the right to access, correct, delete, and obtain a portable copy of your personal data, and to opt out of processing for targeted advertising, the sale of personal data, or profiling used to make decisions that produce legal or similarly significant effects. To exercise these rights, contact us using the details in Section 16 below. We will respond within the timeframe required by the applicable law of your state of residence.

14.4 All users

To exercise any of the rights listed above, contact us at info@hostify.com or via our online request form at hostify.com/contacts. We will respond within one month of receiving your request. This period may be extended by a further two months where necessary, in which case we will inform you.

15. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. We will notify you of material changes by email or via the platform at least 30 days before the changes take effect. The “Last Updated” date at the top of this page reflects the most recent version.

16. CONTACT

For any questions, requests, or complaints regarding this Privacy Policy or our data practices:

Hostify.com, Inc. 16192 Coastal Hwy Lewes, DE 19958 United States info@hostify.com Online request form: hostify.com/contacts

 

EU Representative (GDPR Art. 27): NetReact Ltd. Hadzhi Dimiter 151 Sofia, Bulgaria info@netreact.com