Privacy Policy
Last updated: 14 July 2026
This Privacy Policy explains how [Company Name] ("iStay", "we", "us") collects, uses, and protects your personal information when you use the iStay Platform. By using the Platform you consent to the practices described here.
1. Information we collect
- Account details — your name, email address, mobile number, and a securely hashed password.
- Booking details — the hotels, room types, dates, times, guest count, and booking references associated with your reservations.
- Consent record — the date and time you accepted this Policy and our Terms at registration.
- Technical data — limited log data such as your IP address and the time of login attempts, used for security and abuse prevention.
We do not collect or store any card or online-payment information, because iStay takes no payment online.
2. How we use your information
- To create and manage your account.
- To process reservations and share the details necessary for your stay (such as your name, contact number, and booking reference) with the hotel you book.
- To send you transactional emails about your bookings (reservation, confirmation, cancellation) and password resets.
- To protect the Platform — for example, rate-limiting login attempts and investigating misuse.
- To comply with legal obligations.
3. Sharing your information
We share your booking-relevant details with the hotel you reserve, so that it can honour your stay. We may use a third-party email service to deliver transactional messages. We do not sell your personal information. We may disclose information where required by law or to protect our rights and users.
4. Data retention
We retain your account and booking records for as long as your account is active and as required for legitimate business and legal purposes. You may request deletion of your account (see below); some records may be retained where the law requires.
5. Security
We take reasonable technical measures to protect your data, including hashing passwords, using prepared database statements, protecting forms against cross-site request forgery, and transmitting data over HTTPS. No method of transmission or storage is completely secure, but we work to safeguard your information.
6. Your rights
You may access or update your name and mobile number from your profile page, change your password, and cancel eligible bookings. To request access to, correction of, or deletion of other personal data, contact us at the address below.
7. Cookies
We use a single essential session cookie to keep you logged in and to protect forms. It is necessary for the Platform to function and is not used for advertising or third-party tracking.
8. Children
The Platform is not intended for anyone under 18, and we do not knowingly collect their personal information.
9. Changes to this Policy
We may update this Policy from time to time; the "last updated" date above reflects the latest revision.
10. Contact
For privacy questions or requests: [privacy@yourdomain.com], [Company Name, address].
This document is a template provided for convenience and is not legal advice. [Company Name] should have it reviewed by a qualified legal professional and replace all [bracketed] placeholders before launch.