Privacy

1. Who we are

StayBotic Ltd ("we", "us", "StayBotic") is the data controller for personal data collected through staybotic.com. Registered in [UK / Ghana — to be confirmed before launch]. Contact: privacy@staybotic.com.

2. What we collect

From your conversations: the messages you send the concierge, the destinations you ask about, dates, group size, budget, and any preferences you mention (vibes, dietary needs, accessibility, occasion context).

When you create an account: name and email (handled by Clerk), saved trips, bookings, payment confirmations.

Device + connection: IP address (used for rate limiting and approximate location only — never stored alongside your messages), browser type, timezone.

Geolocation: only if you grant browser permission. Used to suggest stays near you. We never log precise coordinates.

What we don't collect: we don't track you across other sites. We don't run advertising cookies. We don't sell mailing lists.

3. How we use it

• To find stays that match what you actually want (the core service)
• To process bookings and payments via our partners
• To improve recommendations over time (your preferences inform future replies in your own session)
• To prevent abuse (rate limiting, fraud detection)
• To respond to support and safety reports

We do not use your conversations to train external AI models. AI prompts are sent to OpenAI for reply generation only — under their API data policy, this data is not used to train their models.

4. Who we share with

We use a small set of trusted processors to operate the platform:

• Clerk — authentication (name, email)
• Stripe — payment processing (we never see your card number)
• OpenAI — AI reply generation (your message text only, no account data attached)
• Resend — transactional email
• Hotel suppliers (e.g. LiteAPI, direct hosts) — only the minimum needed to confirm a booking (name, dates, room type)
• Railway / our hosting — infrastructure

We don't share data with anyone else. We don't sell data. Ever.

5. How long we keep it

• Conversations: 90 days from your last message in a session, then deleted
• Bookings: 7 years (legal requirement for transaction records)
• Account data: until you delete your account
• Server logs (with PII scrubbed): 30 days
• Safety reports: 2 years after resolution

6. Your rights

You can:

• Access — request a copy of everything we hold on you
• Correct — fix anything that's wrong
• Delete — have your account and conversations erased (subject to legal retention for bookings)
• Port — export your data in a machine-readable format
• Object — to specific uses (e.g. preference learning) without losing access
• Withdraw consent — for anything we asked permission for (e.g. geolocation)

Email privacy@staybotic.com with your request. We respond within 30 days.

7. Cookies

We use only essential cookies (session, auth, CSRF). No advertising cookies, no third-party trackers. Geolocation is opt-in via the browser permission prompt — never via a cookie. See our cookie page for the full list.

8. Security

All connections are HTTPS. Passwords are managed by Clerk and never stored by us. Payment data is tokenised by Stripe — we never see card numbers. Server logs are scrubbed of emails, phone numbers, and other obvious identifiers before storage.

9. International transfers

Some processors (Stripe, OpenAI, Clerk) are based in the US. Transfers rely on Standard Contractual Clauses or equivalent legal frameworks. Your data is encrypted in transit and at rest.

10. Children

StayBotic is not intended for users under 16. We don't knowingly collect data from anyone under 16. If you believe a child has used the service, email privacy@staybotic.com and we'll remove their data.

11. Complaints

If you're unhappy with how we handle your data, you can complain to:

• UK: Information Commissioner's Office (ICO)
• Ghana: Data Protection Commission

12. Changes

If we change this policy, we'll post the new version here and notify users by email if the change is significant. Continued use after a change means you accept the update.