Privacy Policy
Last updated: 26 February 2026
HostStock ("we", "us", "our") is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights under the General Data Protection Regulation (GDPR) and other applicable data protection laws.
1. Data We Collect
Account Information
When you create an account, we collect your name, email address, and authentication credentials. If you sign in via a third-party provider (e.g. Google), we receive your name, email, and profile image from that provider.
Usage Data
We collect information about how you interact with HostStock, including pages visited, features used, and actions taken within the application. This data is only collected if you consent to analytics cookies.
Property and Inventory Data
You provide property details, room configurations, inventory items, supplier information, and booking data as part of using HostStock. This data is stored securely and is necessary for the service to function.
Essential Cookies
We use essential cookies that are strictly necessary for the application to work. These include session cookies for authentication and preference cookies (e.g. theme selection). These do not require consent as they are essential to the service.
Analytics Cookies
With your explicit consent, we use PostHog to collect anonymised usage analytics. These cookies help us understand how users interact with HostStock so we can improve the service. You can opt out at any time by clearing your cookie preferences from your browser storage.
2. How We Use Your Data
- To provide and maintain the HostStock service
- To authenticate your identity and manage your account
- To process payments and manage subscriptions
- To send transactional emails (e.g. invitations, alerts, password resets)
- To improve the service based on aggregated, anonymised usage data (with consent)
- To detect and prevent fraud or abuse
- To comply with legal obligations
3. Legal Basis for Processing
We process your personal data under the following legal bases:
- Contract: Processing necessary to provide the HostStock service you signed up for.
- Consent: Analytics and non-essential cookies are only activated with your explicit consent.
- Legitimate interest: Security monitoring and fraud prevention.
- Legal obligation: Where required by law (e.g. financial record-keeping).
4. Third-Party Services
We share data with the following third-party processors, each with appropriate safeguards:
| Service | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing | Email, billing details, subscription status |
| PostHog (EU) | Product analytics | Anonymised usage events (with consent only) |
| Sentry | Error monitoring | Error context, stack traces (no personal data) |
| Zoho ZeptoMail | Transactional email delivery | Email address, email content |
| Vercel | Hosting and deployment | Access logs, IP addresses |
| Neon (PostgreSQL) | Database hosting | All application data (encrypted at rest) |
| AWS S3 | File storage | Uploaded images (e.g. delivery photos) |
5. Data Retention
- Account data: Retained while your account is active and for 30 days after deletion request.
- Usage analytics: Anonymised and retained for up to 12 months.
- Transaction records: Retained for 7 years as required by financial regulations.
- Audit logs: Retained for 2 years for security purposes.
- Session cookies: Expire when you sign out or after 30 days of inactivity.
6. Your Rights Under GDPR
As a data subject, you have the following rights. To exercise any of these rights, contact us at the email address below.
- Right of access: Request a copy of your personal data.
- Right to rectification: Request correction of inaccurate data.
- Right to erasure: Request deletion of your data ("right to be forgotten").
- Right to restrict processing: Request limitation of how we use your data.
- Right to data portability: Request your data in a machine-readable format.
- Right to object: Object to processing based on legitimate interest.
- Right to withdraw consent: Withdraw analytics consent at any time by clearing your browser storage for this site.
7. Data Security
We implement appropriate technical and organisational measures to protect your data, including:
- Encryption in transit (TLS) and at rest
- Role-based access control within the application
- Regular security audits and monitoring
- Secure authentication with session management
8. International Transfers
Your data may be processed outside the EEA by our third-party providers. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.
9. Children
HostStock is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children.
10. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of significant changes via email or an in-app notice. The "last updated" date at the top reflects the most recent revision.
11. Contact Us
If you have questions about this privacy policy or wish to exercise your data rights, please contact us at:
Email: privacy@hoststock.app