Privacy Policy

This Privacy Policy explains how HOTELO LLC (“HOTELO”, “we”, “us”, “our”) collects, uses, stores, protects, and shares personal data when you:

use the HOTELO Platform, create a Property account, make a reservation through a HOTELO-powered booking engine, interact with any of our websites, APIs, or services.

By using our Platform, you agree to the processing practices described in this Policy.

1. DATA CONTROLLER & DATA PROCESSOR ROLES

Depending on the context:

1.1 When HOTELO acts as a Data Processor (GDPR Art. 28)

For reservations made through the HOTELO Platform, the Property is the Data Controller, and HOTELO processes personal data on behalf of the Property.

1.2 When HOTELO acts as a Data Controller

When users browse the HOTELO website or interact with our corporate services (marketing, support, analytics), HOTELO is the Data Controller.

2. TYPES OF PERSONAL DATA WE COLLECT

2.1 Guest Data

Full name
Email address
Phone number
Reservation details
Number of guests
Check-in/check-out dates
IP address
Payment information (tokenized via Stripe)

2.2 Property / Partner Data

Name of legal entity
Email, phone, and contact details
Billing and invoicing information
Business registration data
PMS/Channel Manager configuration
API logs and security tokens

2.3 Automatically Collected Data

Device and browser information
Cookies and tracking pixels
Usage logs and system events
Website analytics
API calls
Performance metrics

2.4 Sensitive Data

We do not collect or process special-category data (GDPR Art. 9) unless voluntarily provided by Guests in note fields.

3. HOW WE USE PERSONAL DATA

We process data for the following lawful purposes:

3.1 Fulfillment of Reservations

Process and confirm bookings
Transmit Guest details to the Property
Manage cancellations, modifications, and communication

3.2 Payment Processing (Stripe)

Authorize and capture payments
Manage fraud prevention
Issue refunds when required
Ensure PCI-DSS Level 1 secure payment flow

3.3 Platform Operations

API sync with PMS/Channel Manager
Website rendering
Availability and price updates
Notifications
Technical support

3.4 Legal Obligations

Financial reporting
Anti-fraud compliance
Tax requirements
Court orders or legal requests

3.5 Marketing (only with consent)

Newsletters
Product updates
Property promotions
Onboarding messages

We never sell or rent personal data.

4. LEGAL BASES FOR PROCESSING (GDPR)

We rely on:

Performance of a Contract (Art. 6(1)(b)) for reservations
Legitimate Interests (Art. 6(1)(f)) for analytics and fraud prevention
Legal Obligations (Art. 6(1)(c)) for financial and tax compliance
Consent (Art. 6(1)(a)) for marketing communications

5. DATA SHARING & THIRD PARTIES

We only share data with:

5.1 The Property (Accommodation)

Required for booking fulfillment.

5.2 Payment Gateway — Stripe

Payment processing
Fraud screening
Chargeback management

5.3 Service Providers

Hosting (AWS or equivalent)
Email delivery systems
Analytics tools
Customer support tools
PMS/Channel Manager for syncing

5.4 Legal Authorities

Only when required by law.

We never share personal data with advertisers or unrelated third parties.

6. INTERNATIONAL DATA TRANSFERS

Because HOTELO is a U.S.-based company, personal data may be transferred outside the EU.

We rely on:

Standard Contractual Clauses (SCCs)
Supplementary protective measures
GDPR-compliant agreements with vendors

All data is encrypted in transit and at rest.

7. DATA RETENTION

We retain:

Guest reservation data: 7 years (legal/tax purposes)
Guest communications: 3 years
Payment metadata: as long as required by Stripe
Marketing data: until consent is withdrawn
Technical logs: 6–24 months

After expiration, data is securely erased or anonymized.

8. SECURITY MEASURES

We implement:

Encryption (AES-256, TLS 1.2+)
Role-based access control
Multi-factor authentication
Firewalls & intrusion detection
Secure API tokens
3D Secure mandatory for online payments
Regular security audits
Backups & redundancy

9. YOUR RIGHTS (GDPR + CCPA)

Depending on your location, you may exercise:

Right of access
Right to rectification
Right to erasure
Right to restrict processing
Right to object
Right to data portability
Right to withdraw consent
CCPA: right to know, delete, opt-out

Requests may be sent to: privacy@hotelo.com

10. COOKIES & TRACKING

We use functional cookies, analytics cookies, and session cookies for authentication.

Full details appear in the Cookie Policy.

11. CHILDREN’S PRIVACY

We do not offer services directed at individuals under 16.

We do not knowingly collect children’s data.

12. CHANGES TO THIS POLICY

We may update this Policy.

We will notify users at least 30 days in advance in case of major changes.

13. CONTACT INFORMATION

HOTELO LLC

Wilmington, Delaware

Email: privacy@hotelo.com