DodoStay

Privacy Policy

Last updated: May 2, 2026

This Privacy Policy explains how DodoStay collects, uses, and protects your personal information when you use our platform. We are committed to being transparent about our data practices.

1. Information We Collect

We collect information you provide directly: your name, email address, password (stored as a secure hash), and profile details. When you list a property we collect address, photos, and pricing. We also collect usage data such as pages visited, search queries, and how you interact with listings.

2. How We Use Your Information

We use your data to: create and manage your account; display property listings and facilitate bookings; send transactional notifications (booking requests, approvals); improve the platform through aggregate analytics; and comply with legal obligations. We do not sell your data to third parties.

3. Data Storage and Security

Your data is stored securely on Supabase-hosted PostgreSQL databases within the European Union. We use row-level security to ensure users can only access data they are authorised to see. Passwords are never stored in plain text. We apply industry-standard encryption for data in transit (TLS 1.2+) and at rest.

4. Cookies and Tracking

We use session cookies necessary for authentication. We do not use third-party advertising cookies or behavioural tracking. If we add analytics in the future we will update this policy and, where required, seek your consent.

5. Sharing Your Information

We share limited information with other users only as necessary: your first name and profile photo are visible to other users in the context of bookings and conversations. Full contact details are never shared publicly. We may share data with service providers (database hosting, email delivery) under strict data processing agreements.

6. Your Rights (GDPR)

If you are in the European Economic Area, you have the right to: access the personal data we hold about you; request correction of inaccurate data; request deletion of your data ("right to be forgotten"); object to or restrict certain processing; and data portability. To exercise any of these rights, email privacy@staydirect.example.com.

7. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain it for legal compliance (e.g., financial records).

8. Children's Privacy

DodoStay is not directed at children under 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal information, please contact us immediately.

9. International Transfers

If your data is transferred outside the EEA, we ensure adequate safeguards are in place in accordance with GDPR Chapter V (e.g., Standard Contractual Clauses).

10. Changes to This Policy

We may update this policy to reflect changes in our practices or legal requirements. We will notify you of material changes via email or an in-platform notice. The "last updated" date at the top of this page indicates when the policy was last revised.

11. Contact

For privacy-related questions or requests, contact our Data Protection team at privacy@staydirect.example.com.

Back to homeTerms of Service