Privacy Policy

• Account registration data: full name, email address, phone number, date of birth, nationality, mailing address, and profile photograph
• Identity verification documents: government-issued photo identification (passport, driver's license), proof of address, and related biometric data processed through OCR technology
• Booking and reservation information: preferred dates, property preferences, number of guests, special requests, dietary requirements, and accessibility needs
• Payment information: credit/debit card numbers, billing address, and bank account details processed through our PCI-DSS compliant payment processor (Stripe)
• Guest preference profiles: dietary preferences, room preferences, activity interests, beverage preferences, amenity requirements, VIP status, language preferences, and prior stay notes
• Communication data: emails, messages, phone call records, live chat transcripts, and correspondence with our concierge team
• Property owner information: property details, ownership documentation, banking information for payout disbursements, tax identification numbers, and management agreement details
• Survey and feedback responses: satisfaction surveys, reviews, ratings, and testimonials
• Newsletter subscriptions: email address and communication preferences

• Device information: IP address, browser type and version, operating system, device identifiers, screen resolution, and hardware configuration
• Usage data: pages visited, click patterns, search queries, property views, time spent on pages, navigation paths, referring URLs, and exit pages
• Location data: approximate geographic location derived from IP address, GPS coordinates (with your consent), and timezone settings
• Cookie data: session cookies, persistent cookies, performance cookies, and analytics cookies (detailed in Section 9)
• Log data: server logs including access times, error reports, and system activity records

• Social login providers: when you authenticate via Google Sign-In, we receive your name, email address, and profile photograph as authorized by your social account settings
• Payment processors: transaction confirmations, refund statuses, and fraud risk assessments from Stripe
• Channel partners: booking data from affiliated travel agencies, online travel agencies (OTAs), and referral partners
• Public databases: property ownership records, regulatory compliance data, and corporate registry information
• Background verification services: identity verification results and fraud screening outcomes for high-value reservations

• Processing and managing reservations, bookings, and property inquiries
• Facilitating payment transactions, invoicing, security deposits, and refunds
• Providing personalized concierge services, guest profiling, and tailored recommendations
• Managing property listings, availability calendars, and pricing configurations
• Coordinating housekeeping, maintenance, inspections, and property operations
• Generating and managing rental contracts, digital signatures, and legal documentation

• Sending booking confirmations, check-in instructions, and payment receipts
• Responding to inquiries, support requests, and concierge service communications
• Delivering transactional emails including reservation updates and status changes
• Sending marketing communications and newsletters (with your opt-in consent)
• Conducting post-stay satisfaction surveys and experience feedback collection

• Analyzing usage patterns to improve website functionality, performance, and user experience
• Conducting A/B testing, user research, and feature development
• Generating aggregated, anonymized analytics reports for business intelligence
• Monitoring system performance, uptime, and technical health

• Detecting, preventing, and investigating fraud, unauthorized access, and malicious activity
• Enforcing our Terms and Conditions and other contractual agreements
• Complying with applicable laws, regulations, legal processes, and governmental requests
• Maintaining audit trails and records as required by Dominican Republic law and international regulations

• Payment processors (Stripe) for secure transaction handling
• Cloud infrastructure providers for data storage and hosting
• Email service providers (Resend) for transactional and marketing communications
• SMS service providers (Twilio) for booking notifications and two-factor authentication
• AI/ML service providers (OpenAI) for OCR document processing and intelligent features, with data processing agreements in place
• Media storage providers (Cloudinary) for property image and media management
• Analytics platforms for anonymized usage analytics

When you book a property, we share necessary guest information (name, contact details, number of guests, dates, special requests) with the property owner or their authorized representative to facilitate your stay.

• Law enforcement agencies when required by valid legal process (court orders, subpoenas)
• Tax authorities as required by Dominican Republic fiscal law and international tax treaties
• Regulatory bodies for compliance with tourism, hospitality, and real estate regulations
• Legal counsel for the establishment, exercise, or defense of legal claims

In the event of a merger, acquisition, reorganization, bankruptcy, or asset sale, your personal data may be transferred to the successor entity, subject to the same privacy commitments described herein. We will notify you of any such transfer and any changes to this Privacy Policy.

• AES-256 encryption for sensitive data at rest, including identity documents and OCR-processed text
• TLS 1.3 encryption for all data in transit between your device and our servers
• Secure password hashing using bcrypt with appropriate cost factors
• Two-factor authentication (TOTP) for administrator and property owner accounts
• JWT-based authentication with httpOnly, secure, and SameSite cookie attributes
• Rate limiting and brute-force protection on authentication endpoints
• Regular security audits and penetration testing
• Database access controls with principle of least privilege
• Automated vulnerability scanning and dependency monitoring

• Role-based access control (RBAC) with 7 distinct permission levels
• Employee security awareness training and confidentiality agreements
• Incident response procedures with 72-hour breach notification capability
• Vendor security assessment for all third-party service providers
• Regular review and update of security policies and procedures

• Essential Cookies: Strictly necessary for the Platform to function, including session management, authentication state, language preferences, and security tokens. These cannot be disabled.
• Analytics Cookies: Help us understand how visitors interact with our Platform by collecting anonymous usage data such as page views, navigation patterns, and traffic sources.
• Preference Cookies: Remember your settings and choices such as currency preference, language selection, and display preferences to provide a personalized experience.
• Marketing Cookies: Used to deliver relevant advertisements and track the effectiveness of marketing campaigns across platforms.

You can manage your cookie preferences through our cookie consent banner displayed on your first visit, or at any time through your browser settings. Please note that disabling essential cookies may impair Platform functionality.

You may also opt out of analytics tracking by using browser extensions such as Google Analytics Opt-Out or by enabling "Do Not Track" in your browser settings.

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information held by us and by our service providers
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising your CCPA rights