Privacy Policy

Introduction

Welcome to Guesty, a software-based and staff-powered property and vacation rental management service, which shall include Guesty Pro, Guesty Lite, and Guesty for Hosts (the “Service”).

The Service is owned and operated by Guesty, Inc., a Delaware corporation and its subsidiary (collectively, the “Company”, “we”, “us” and “our”).

We, at Guesty, respect your privacy. This Privacy Policy (the “Policy”) outlines our privacy practices with respect to the Service, including the ways your personal information and data is collected, stored, used and shared.

Providing us with your personal information is a choice you make. We appreciate that and thank you for making this choice. You are not legally obligated to provide us with this information, but we do need it to allow you to use the Service.

This Policy is combined into all Guesty Pro’s Terms of Services, Guesty Lite’s Terms of Service, and Guesty for Hosts’ Terms of Use (together, the “Terms”), and is a part of them. Please refer to our Terms of Service for more information about how our Services work. This Privacy Policy does not apply to data that is not personal data, including anonymous, de-identified, or aggregated data, even when such data has been derived from personal data.

What Data Do We Collect And Why

We may collect various types of information from and about users of our Services. Below is a detailed breakdown of the data we collect, how we use it, and the purposes for such collection:

Purpose	Data Collected	Details and Use
General Services	Name, address, email address, mobile phone number Business information and professional details Account credentials (username, password) IP address Device information (browser type, operating system)	Customers and website visitors data — we may use it when you submit an inquiry, make a customer service request or register an account, you provide contact information such as your name, address, mobile phone number and email address. Because our customers are rental businesses, our knowledge of your business is generally considered professional information. We may use this data to process transactions with you, authenticate you when you log in, and operate and maintain our Services. We may also use it to communicate with you about the Services, respond to your support requests, provide customer support to resolve technical issues you encounter, including through the use of automated tools, chatbots or other AI-based agents.
General Services	Guest name, email, phone number Reservation details (start date, end date, property information) Employee data of our customers	Customers and Guests’ data — we are a service provider to our customers and access user data relating to the employees of our customers and guest data on behalf of our customers. Guest personal information is shared with us for business purposes only. This data will not be used beyond what is necessary to provide our Service as specified in our Terms of Service, and will not be sold, retained or disclosed beyond what is necessary to provide our Service.
Payments Services (through GuestyPay)	Credit card or debit card information Bank account details Billing address Payment transaction data (amount, date, time, payment method) IP address (for security and fraud prevention)	To provide our payment services effectively, we collect and process certain personal and financial information. This includes: Payment Details: When you make a payment for our services, your credit card or debit card information is securely processed by a third-party payment processor operating on our behalf. We do not store your full payment card details on our systems unless explicitly required and legally permitted (e.g., for recurring payments). Bank Details: If necessary, for specific transactions such as payments to property owners or refunds, we may collect and process bank account information. IP Address: To ensure the security of transactions and prevent fraudulent activities, we may collect your IP address when using our services. Transaction Data: Information about the transaction, including amount, date, time, and payment method. All financial information is handled in accordance with applicable data protection laws, including GDPR and CCPA and is used solely for the purposes of facilitating payments, preventing fraud, and complying with legal obligations.
Marketing	Email address Name Communication preferences Marketing consent status Engagement data (email opens, clicks, interaction with marketing materials)	We may use data provided by you to send you email newsletters with updates on product features; to provide retargeted advertising and to conduct sales outreach to prospective customers. You may opt-out of marketing communications at any time.
Technical and Usage Information	Device information (device type, model, operating system, browser type and version) IP address and general location data (country, region) Clickstream data and navigation patterns Pages viewed and features accessed Time spent on pages and in the Services Links clicked and buttons pressed Session duration and frequency of use Referring URLs and search terms User preferences and settings Log files and error reports	We collect technical and usage information to: Operate, maintain, and provide the Services; Monitor and analyze how users interact with and use the Services; Understand user behavior, preferences, and usage patterns; Improve user experience and interface design; Troubleshoot technical issues and identify errors; Optimize Service performance and functionality; Develop and enhance new features; Conduct internal analytics and research; Ensure security and detect fraudulent or unauthorized activity; Comply with legal obligations and enforce our Terms of Service. This information is collected automatically when you access or use the Services through cookies, log files, device identifiers, and similar tracking technologies.
Cookies and Tracking Technologies	Cookie identifiers and session data Pixel tags and web beacons data Local storage data Advertising identifiers Browser and device information Website interaction data (pages visited, clicks, time on site) Referring websites and campaigns	We use these technologies on our website, mobile applications, and emails to enhance functionality, monitor performance, support secure processing, analyze user behavior, remember your preferences, measure marketing effectiveness, and deliver personalized content. See below our Cookie Policy for detailed information about the specific cookies we use and how to manage your preferences.
Internal research, customer service and service improvement (including by AI tools)	All data categories mentioned above, as applicable User activity and behavior data Feedback and support communications Aggregated or anonymized data Content uploaded or entered by users (for AI training and improvement purposes)	We may use data provided by you to analyze user activity data, to provide you with customer service and to determine where we need to improve user and customer experience. We may also use artificial intelligence and automated technologies to support the above purposes, including analytics, internal research, customer support tools, content generation, search functionality, workflow automation, fraud prevention, and service optimization. Where personal data is processed through such technologies, such processing is performed solely for the purpose of providing and improving the Services and in accordance with this Privacy Policy and applicable data protection laws. We implement appropriate contractual, organizational, and technical safeguards when such processing involves third-party service providers. We may use the information we collect, as outlined above, to compile anonymized or aggregated information. We may share, sell or otherwise communicate and make available such anonymized or aggregated information to any other third party, at our sole discretion. However, we will not knowingly or intentionally share information that can be reasonably used to reveal your identity without your consent.
Affiliate, subsidiary and acquired business integration	Personal information originally collected by our affiliates, subsidiaries, wholly-owned entities, joint venture partners, or acquired or integrated businesses and services Customer account information Service usage and transaction data Support and communications data	We may process personal information originally collected by our affiliates, subsidiaries, wholly-owned entities, joint venture partners, or businesses or services that we currently operate or may acquire, invest in, or integrate with in the future, for compatible business purposes such as statistical analysis, research, service development, machine learning, product improvement, operational optimization, customer support enhancement, and the development of new features, products, and services, subject to applicable law and appropriate safeguards. We may also share and transfer personal information between the Company and such entities, including migrating data from a subsidiary, acquired company, or affiliated service to the Company or another affiliated entity, where reasonably necessary for internal administration, service integration, account management, analytics, security, legal compliance, improving and developing our Services, and providing, marketing, or offering relevant products and services to end customers of such subsidiary, acquired company, or affiliated service, all in accordance with applicable law and this Privacy Policy.
Security and Fraud Prevention	IP addresses and device information Login credentials and authentication data Access logs and activity patterns Transaction data and payment information Usage patterns and anomaly detection data Device fingerprints and identifiers Geolocation data (for risk assessment)	We may use your data to: Verify accounts and activity; Authenticate users and prevent unauthorized access; Monitor suspicious or fraudulent activity; Identify and investigate violations of Service policies; Detect and prevent security threats and cyberattacks; Protect against unauthorized transactions; Conduct risk assessments and fraud scoring; Maintain the security and integrity of the Services; Protect the rights, property, and safety of Guesty, our users, and the public.
Compliance with applicable laws and legal obligations	All data categories mentioned above, as necessary Communications with law enforcement or regulatory authorities Legal documents and correspondence Audit and compliance records	We may use your data to: Enforce the Terms and this Policy; Prevent misuse of the Service; Comply with any applicable law and regulations; Respond to lawful requests from public authorities; Assist law enforcement agencies and competent authorities, when legally required or justified; Establish, exercise, or defend legal claims; Take any action in any case of a dispute involving you, with respect or in relation to the Service; Meet regulatory, tax, or accounting requirements; Conduct audits and maintain records for compliance purposes.

Data Sharing

We may share your personal information with service providers, business partners, and other third party services to help perform essential business functions on our behalf. This may include third-party providers of artificial intelligence, machine learning, analytics, cloud infrastructure, fraud detection, or automation services, acting as our service providers or sub-processors under contractual safeguards.

See our main Sub-Processors list here.

We do not share any information unnecessarily, and we require all third parties to maintain appropriate security and confidentiality standards.

Below is a detailed breakdown of with whom we share it, and for what purposes.

Hosting, Database and Infrastructure Providers (e.g., AWS, Google LLC, Microsoft, MongoDB): We share account, usage, customer, and guest data to host our Services, store data, and provide secure cloud computing resources.
Payment Service Providers (e.g., Stripe): We share payment card information, billing details, and transaction data to process payments, manage subscriptions, and prevent fraud.
Customer Support and Communication Tools (e.g., Zendesk, Twilio, Mailgun, Justcall, Zoom): We share contact details, support inquiries, and usage data to provide customer support, send service notifications, and manage communications.
Analytics and Product Intelligence Providers (e.g., Sisense, Pendo, DataDog, Fullstory, Imply): We share usage data, device information, and anonymized identifiers to analyze user behavior, track product performance, and improve our Services.
Sales, Marketing and CRM Tools (e.g., Salesforce, HubSpot, Salesloft): We share contact and business information, as well as communication history, to manage sales activities, deliver marketing communications, and maintain accurate customer records.
Finance, Accounting and Tax Tools (e.g., NetSuite, Avalara): We share business information and transaction data to manage accounting, invoicing, financial reporting, and tax compliance.
Security, Identity and Fraud Prevention Services (e.g., Okta, Au10tix, Keeper, Snyk): We share IP addresses, device information, and authentication data to verify identities, detect and prevent fraud, identify security threats, and protect our Services.
AI and Machine Learning Providers (e.g., OpenAI): We may share certain data to power AI-driven features, automate processes, and improve our models.
Channel Managers and Industry Partners (e.g., Rentals United AB): We share property, availability, and reservation data to facilitate bookings and channel management.
Affiliates, Subsidiaries and Acquired Businesses: We may share and transfer personal information between the Company and its affiliates, subsidiaries, wholly-owned entities, and acquired or integrated businesses and services, including migrating data from a subsidiary, acquired company, or affiliated service to the Company or another affiliated entity, where reasonably necessary for internal administration, service integration, account management, analytics, statistical analysis, security, legal compliance, improving and developing our Services, and providing, marketing, or offering relevant products and services to end customers of such subsidiary, acquired company, or affiliated service, all in accordance with applicable law and this Privacy Policy.
Collaboration and Productivity Tools (e.g., Slack, Jira, Microsoft, Google): We share business communications and necessary files to enable internal collaboration and business operations.
Legal, Compliance and Document Management (e.g., DocuSign, MineOS): We share necessary information to manage electronic signatures, privacy compliance, and legal documentation.
Legal and Regulatory Authorities: We share required data categories to comply with legal obligations, respond to lawful requests, enforce our Terms of Service, and protect the rights and safety of Guesty and our users.
Business Transfer Recipients: In connection with any merger, acquisition, financing, sale of assets, or bankruptcy proceedings, we may share all relevant data categories. You will be notified before your data is transferred and becomes subject to a different privacy policy.
Advertising Networks (for retargeted advertising): We share device information, IP addresses, and cookie identifiers to display relevant advertisements on third-party websites after you visit our website. Under CCPA, this may be considered a “sale” of personal information.

We do not sell personal information about our customers’ guests or employees that we process on behalf of our customers. This data is processed solely to provide our Services as described in our Terms and customer agreements.

Children’s Privacy

This service is for people 16 years of age or older. We do not knowingly or intentionally collect information about children who are under 16 years of age. If we become aware that we have inadvertently collected personal information from a child under the age of 16 without proper parental consent, we will take steps to delete that information as soon as reasonably possible.

If you are a parent or guardian and you believe that your child under the age of 16 has provided us with personal information without your consent, please contact us immediately at the contact details provided in the “Contact Us” section below. We will investigate the matter and, if we determine that we have collected personal information from a child under 16, we will delete the information from our systems, terminate any account associated with that information and cease any further collection or use of that information.

While we do not specifically verify the age of our users, we rely on users to provide accurate information when creating accounts or using our Services. By using our Services, you represent that you are at least 16 years of age (or the applicable age of majority in your jurisdiction).

If you have any questions or concerns about how we handle children’s privacy, please contact us at the contact details provided below.

Cookie Policy

This website uses cookies to recognize you when you visit our website.

What are Cookies?

Cookies are small text files that are stored on your computer or mobile device. They are designed to hold a small amount of data specific to a website or server that can be accessed either by the website or your computer. We use cookies to capture information described in the What Data We Collect & Why section, such as IP address and electronic activity data.

Types of Cookies We Use:

Essential Cookies: Necessary for the operation of our Services, including user authentication, security features, and basic functionality. These cookies cannot be disabled without affecting the core functionality of the Services.
Analytics Cookies: Help us understand how visitors use our Services by collecting information about pages visited, time spent, user interactions, and navigation patterns. This helps us improve the Services and user experience.
Functional Cookies: Enable enhanced functionality and personalization, such as remembering your preferences, settings, language choices, and customized content.
Advertising and Marketing Cookies: Used to deliver relevant advertisements, measure campaign effectiveness, track conversions, and provide retargeted advertising based on your interests and browsing behavior.

Purposes of Use

We use this information to remember your site preferences and settings or provide personalized content and user experience. Additionally, we aggregate this data to analyze site traffic, user behavior or usage patterns; measure the effectiveness of our marketing efforts and campaigns; improve the functionality, performance, and design of our Services; conduct research and analytics to develop new features; deliver targeted advertising and retargeting campaigns; detect and prevent fraud, security threats, and unauthorized access; and ensure the security and integrity of our Services.

Cookie Retention

We retain cookies and information collected through them for different periods depending on their purpose, whether they are session-based or persistent, and our operational, security, analytics, and legal needs. Some cookies are deleted when you close your browser, while others may remain on your device until they expire or are deleted by you. Where specific retention periods cannot be identified in advance for each cookie, we will retain cookie-related information only for as long as reasonably necessary to fulfill the relevant purposes described in this Cookie Policy, including maintaining and improving the Services, security, analytics, and compliance with applicable law. We will review such retention practices periodically and seek to limit retention where reasonably possible.

Managing Your Cookie Preferences:

You can control and manage cookies through various methods:

Browser Settings: Most web browsers allow you to control cookies through their settings preferences. You can typically set your browser to refuse all cookies, accept only certain cookies, or notify you when a cookie is being sent. Please note that blocking or deleting certain cookies may impact the functionality of our Services.
Advertising Opt-Out: You can also delete advertising cookies in your browser by using this form: https://optout.aboutads.info/.
Google Analytics Opt-Out: You can opt-out of Google Analytics tracking by installing the Google Analytics Opt-Out Browser Add-on: https://tools.google.com/dlpage/gaoptout.
Mobile Device Settings: You can manage cookies and tracking on mobile devices through your device settings, including resetting your advertising identifier or limiting ad tracking.

Please be aware that if you choose to block or delete cookies, some features of our Services may not function properly, and your user experience may be affected. Essential cookies are necessary for the basic operation of the Services and cannot be disabled through browser settings alone.

Third-Party Cookies and Analytics Tools

Some cookies on our Services are placed by third-party service providers who perform services on our behalf, such as analytics providers, advertising networks, and customer support tools. We do not control these third-party cookies or the information they collect. We recommend reviewing the privacy policies of these third parties to understand their data collection and use practices.

Analytics and Tracking Providers We Use

We may use the following analytics and tracking providers (but are not limited to):

Google Analytics: For website and application analytics, user behavior tracking, and marketing optimization. Google Analytics uses cookies and other tracking technologies to generate aggregated reports that help us understand user behavior and optimize our content and marketing strategies. Data collected through Google Analytics is anonymized and does not include personally identifiable information unless explicitly provided by the user. You can learn more about Google’s privacy practices at https://policies.google.com/privacy.
Product Analytics Platforms (such as Mixpanel, Amplitude, Heap, or similar): To track user engagement, feature adoption, product usage patterns, and technical performance. These platforms help us track usage patterns, identify common user flows, and detect technical issues, enabling us to improve the product experience. The data collected may include anonymized usage events, device type, session time, and other behavioral metrics.
Customer Engagement and Communication Tools (such as Intercom, Zendesk, or similar): To manage customer interactions, provide support through in-app messaging, email, live chat, and chatbots, and analyze customer satisfaction. These tools may collect information such as your name, email address, device information, interaction history, and usage data to help us offer timely and personalized support. This data is used solely for communication and service purposes.
Marketing and Advertising Tools (such as Facebook Pixel, Google Ads, LinkedIn Insight Tag, or similar): To measure campaign effectiveness, deliver targeted advertising, track conversions, and optimize marketing strategies across various channels. These tools help us understand user behavior and tailor our communications accordingly. Information shared may include device data, engagement metrics, and interaction history.
Business Intelligence and Data Analytics Tools: To analyze business metrics, generate insights, create reports, and support data-driven decision making. These tools help us understand overall business performance and user trends.
CRM and Sales Tools (such as Salesforce, HubSpot, or similar): To manage customer relationships, track sales activities, and improve customer engagement. These tools help us maintain accurate records of our interactions with customers and prospects.

Please note that disabling certain analytics tools may impact your experience with our Services and limit our ability to improve and personalize the Services for you. We reserve the right to add or remove analytics tools as needed to improve our Services. We will update this Privacy Policy to reflect any material changes to the analytics tools we use.

Transfer of Data Outside Your Territory

We operate globally and may store and process information in various locations throughout the globe, including through cloud services and third-party service providers located in different countries. This means that your personal data may be transferred to, stored, and processed in countries other than your country of residence, including the United States, Israel, and other jurisdictions where our servers, service providers, or business operations are located.

The laws in those other countries may provide a lesser degree of data protection than the laws of your own country. Some countries may not offer the same level of protection for personal data as your jurisdiction. However, we ensure that appropriate safeguards are in place to protect your data, such as Standard Contractual Clauses or other legally recognized mechanisms when it is transferred internationally. For transfers to the United States, we may rely on service providers that participate in recognized data privacy frameworks, such as the EU-U.S. Data Privacy Framework or the UK Extension to the EU-U.S. Data Privacy Framework, where applicable.

By using our Services, you agree to the transfer of your information to such other countries for the purpose of the processing as described in this Policy, including through cloud services. Regardless of location, we are committed to protecting your data using robust security measures and ensuring compliance with applicable data protection laws.

Use of Artificial Intelligence

As mentioned in our data collection practices, we may use AI-based tools and machine learning technologies, including generative AI tools made available by third-party licensors or service providers, to process data, improve our Services, assist with customer support, automate certain workflows, generate content or insights, and train or enhance our models, in each case subject to applicable law, contractual restrictions, and appropriate safeguards. We do not use AI to process sensitive personal data for the purpose of inferring characteristics about you without appropriate safeguards and legal bases.

We take appropriate measures to protect your privacy, including transparency regarding the use of AI, implementing suitable technical and organizational safeguards, applying contractual and licensing controls where AI tools are provided by third parties, and ensuring that any processing of Personal Data by AI is lawful, fair, and limited to what is necessary for the purposes described in this Privacy Policy.

We do not use AI for solely automated decision-making that may directly impact fundamental rights of individuals without meaningful human involvement, and unless such processing is permitted by applicable laws and appropriate safeguards are in place. Where AI-based tools support reviews, recommendations, classifications, or other outputs that may affect individuals, final decisions are made or meaningfully reviewed by authorized personnel exercising human judgment and oversight. If you have any questions about our use of AI, you are welcome to contact us by email provided below.

Information Security

We take the security of your personal data seriously and implement appropriate technical, organizational, and administrative measures to reduce the risks of damage, loss of information and unauthorized access or use of information. These measures do not provide absolute information security. Therefore, it is not guaranteed, and you cannot expect that the Service will be immune to all information security risks or that your data will never be accessed, disclosed, altered, or destroyed in a manner inconsistent with this Privacy Policy.

You are responsible for maintaining the confidentiality of your account credentials and for any activities that occur under your account. Please notify us immediately if you suspect any unauthorized access to or use of your account.

Data Retention

We retain personally identifiable information for as long as we deem necessary for the purposes set forth above. We may delete information from our systems, without notice to you, once we deem it is no longer necessary for the purposes set forth above. In some cases, instead of deleting data, we may anonymize or aggregate it so that it can no longer identify you. Anonymized and aggregated data may be retained indefinitely for research, analytics, and service improvement purposes.

Data Subject rights

You have certain rights under applicable data protection laws, such as access, correction, deletion, and data portability. These rights may vary depending on your location, including specific rights under the CCPA and GDPR as detailed below. For more information or to exercise your rights, please contact us as detailed below under “Contact Us.”

CCPA/CPRA Notice & California Privacy Rights

The Company has implemented measures to ensure compliance with the California Consumer Privacy Act (“CCPA”) of 2018, as amended by the California Privacy Rights Act of 2020 (“CPRA”), including in its engagements with customers when processing personal information on behalf of customers, and as a “Business” when processing data for its own purposes (e.g., website visitors, platform users) as well as ensuring no sale or sharing of personal information when we acting as a “Service Provider” or “Contractor” under applicable California law. Where the Company processes personal information on behalf of customers in a service provider or contractor capacity, it processes such information in accordance with applicable contractual restrictions and does not sell or share such personal information for its own independent purposes. Where the Company processes personal information for its own purposes, including in connection with its website, services, and business operations, California residents may have the rights described below, subject to applicable exceptions and limitations under the CCPA.

Your CCPA rights are described below. You can exercise them by filling in this form:

Right to know	You have the right to request information regarding the categories and specific pieces of personal information we have collected about you, as well as the sources of that information, the business purpose for collecting it, and what types of third parties we share or sell it with. If you make a request more than twice in a 12-month period, you may be required to pay a small fee for this service.
Right to deletion	You have the right to request that we delete any of your personal information, unless an exception applies under the CCPA. Upon receipt of a verifiable consumer request, we will delete any personal information that is not critical to the normal business operation from our records and direct all of our service providers to do the same. We consider data to be critical to our business operation if they are used to: Complete the transaction for which the information was collected or provide requested goods or services to you Detect and resolve issues related to security or functionality Comply with legal obligations Otherwise use the information internally in a lawful manner that is compatible with the context in which you provided it.
Right to correction	You have the right to request that we correct inaccurate personal information that we maintain about you, taking into account the nature of the personal information and the purposes of the processing.
Right to non-discrimination	We will not discriminate against you for exercising any of your rights under the CCPA. If you exercise your consumer rights: We will not deny goods or services to you. We will not charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties. We will not provide a different level or quality of goods or services to you. We will not suggest that you may receive a different price, rate, level, or quality of goods or services for exercising your rights

Right to Opt Out of Sale or Sharing\Do not sell my personal information

We do not sell any information that identifies you, such as your name or contact information, in exchange for monetary consideration in the ordinary sense. However, we may allow certain advertising, analytics, and similar third parties to collect your electronic activity while on our website. These third parties may collect information IP addresses and information about your device and browser (such as the name and model number of your device) through cookies and similar tracking technologies on our website. They use this information to advertise to you after you leave our website. This is called “retargeted advertising.” Under the CCPA’s broad definition of what it means to “sell” personal information, this form of advertising may be considered a “sale” of your information.

If you do not want us to allow such sale or sharing of your personal information for these purposes, you may opt out here:

Do Not Sell or Share My Personal Information: https://optout.aboutads.info/

Authorized Agent

You may designate someone as an authorized agent to make a request under CCPA on your behalf. You can do this by providing written permission to authorize an agent to act on your behalf; the agent will need to verify their identity with us. Agents authorized by power of attorney are exempt from having to provide written permission, but must show documentation that power of attorney has been granted. We will deny a request from an agent that does not submit proof that they have been authorized by you to act on your behalf.

Request verification

Before we can respond to any CCPA requests, we will need to verify that you are who you say you are. Verification is important for preventing fraudulent requests and identity theft.

The verification process depends on which type of request you make. For requests to access specific information or requests to delete information, we may require a higher level of verification. Typically, identity verification will require you to confirm certain information about yourself based on the information we have already collected. For example, we may ask you to reply from the email address we have on file for you that is associated with your name. If we cannot verify your identity, we cannot fulfill requests to exercise any rights accorded to you by CCPA.

In some cases, we may have no reasonable method by which we can verify a consumer’s identity. For example: If a consumer submits a request but we have not collected information about them, we cannot verify the request; If the only data we have collected about a consumer is gathered through website cookies (i.e., the consumer has visited our website and had no other interaction with us), we are unable to associate a requester with the data collected; therefore, we cannot verify the request.

GDPR Notice & Data Subject rights

As a data controller of our customers’ personal data, the Company is committed to protecting and respecting your privacy in compliance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”). We have implemented key measures to ensure compliance with the GDPR, including entering into relevant agreements with our vendors and certain customers, applying security measures, including encryption and access controls, to protect personal data, training staff and incorporating relevant policies and procedures within our compliance program. Additionally, we have established lawful bases for data processing and enabled data subject rights such as access, rectification, and erasure as specified below.

This privacy policy explains when and why we collect personal data, how we use it, the conditions under which we may disclose it to others and how we keep it secure. This Privacy Statement applies to the use of our products and to our sales, marketing and customer contract fulfillment activities. You have the right to withdraw your consent at any time; and to submit a complaint to the relevant supervisory data protection authority.

Our legal basis for collecting personal data

Collecting personal data based on consents:

The collection of personal data based on consent from the data subject will be done by using “Consent Forms” that will store documentation related to the consent given by the individual. Individual consents will always be stored and documented in our systems.

Collecting personal data based on contracts:

We use personal data for fulfilling our obligations related to contracts and agreements with customers, partners and suppliers.

Certain AI-enabled or automated features operate as part of the performance of our contractual obligations to customers, including support, analytics, communication tools, and workflow automation.

Collecting personal data based on legitimate interest:

We may use personal data if it is considered to be of legitimate interest, and if the privacy interests of the data subject do not override this interest. Normally, to establish the legal basis for data collection, an assessment has been made during which a mutual interest between Guesty and the individual person has been identified. This legal basis is primarily related to our sales and marketing purposes. We will always inform individuals about their privacy rights and the purpose for collecting personal data.

Please refer to the Privacy Policy to understand What We Collect along with our retention Policy.

Your GDPR rights are described below, you can exercise them by filling in this form:

The right to request a copy of your personal data that Guesty holds about you.
The right to request that Guesty correct your personal data if inaccurate or out of date.
If you are a customer you may update your user profile by logging onto Guesty Platform and selecting “Account” and then “My Profile”.
The right to request that your personal data be deleted when it is no longer necessary for Guesty to retain such data.
The right to withdraw any consent to personal data processing at any time. For example, your consent to receive e-marketing communications:
If you want to withdraw your consent to e-marketing, please make use of the link to manage your subscriptions included in our communication. Please note that you may still receive system messages and administrative communications from Guesty, such as order confirmation, system messages and notifications about your account activities.
The right to request that Guesty provide you with your personal data and, if possible, to pass on this information directly (in a portable format) to another data controller when the processing is based on consent or contract.
The right to request a restriction on further data processing, in case there is a dispute in relation to the accuracy or processing of your personal data.
The right to object to the processing of personal data, in case data processing has been based on legitimate interest and/or direct marketing.

Changes to this Privacy Policy

We may change this Policy. To the extent our changes are material with a potential to affect you, we will provide you notice of such changes through the Services’ interface. Your continued use of the Service constitutes your consent to the amended Policy. If you do not consent to the amended Policy, we may terminate your account on the Service and block your access to, and use of, the Service, upon the elapse of 30 days after you decline to accept the amended Policy.

In the case of legal requirement or necessity, we may also introduce immediate changes to this Policy. The latest version of the Terms and its effective date will always be accessible on the Service.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us as specified below and we will do our best to respond to your inquiries in a reasonable timeframe.

You may contact us with any questions, requests and complaints at: legal@guesty.com.

You can submit a Privacy Request by sending it to Email: privacy@guesty.comm, and to the Company’s DPO at amit@guesty.com.

To ask questions or comment as regards the processing of Personal Data concerning persons within the European Union, the Company has designated the following representative in the European Union, please contact: Representative: Roberto Bricio, Rua Alfredo Soares, nº 6 – 4F, 1400-006 Lisbon. Contact details: roberto@guesty.com

The Company mandates the representative to be the recipient on behalf of the Company of all issues related to the processing of Personal Data concerning persons within the European Union.