LEGAL

Privacy Policy

Last updated: April 9, 2026

This Privacy Policy describes how Hosttello (“we”, “our”, or “us”) collects, uses, and protects your information when you use our hostel management platform.

1. Information We Collect

Account information: When you sign up, we collect your name, email, password (hashed), hostel name, location, phone number, and timezone.

Guest data: When you create bookings, we store guest names, phone numbers, emails, check-in/out dates, and booking notes. This data belongs to you and is used solely to help you run your hostel.

Payment information: We use Paddle as our payment processor. We never store your credit card details. Paddle's privacy policy applies to all payment data.

WhatsApp messages: If you enable WhatsApp integration, we store messages sent/received through our platform to enable the inbox and automation features.

Usage data: We collect basic usage metrics (pages visited, features used, errors) to improve the product. No tracking cookies from third parties.

2. How We Use Your Information

• To provide and operate the Hosttello service
• To send transactional emails (password reset, billing receipts, account notifications)
• To respond to your support requests
• To improve the product based on aggregated, anonymized usage data
• To comply with legal obligations

We never sell your data or your guests' data to third parties.

3. Data Storage and Security

Your data is stored in encrypted PostgreSQL databases hosted in the EU (Frankfurt) by default. All connections use TLS 1.3. Passwords are hashed with bcrypt. Automated daily backups are retained for 30 days.

4. Your Rights (GDPR)

If you are in the EU/EEA, you have the following rights:

• Right of access — request a copy of your data
• Right to rectification — correct inaccurate data
• Right to erasure — request deletion of your account and all associated data
• Right to data portability — export your data as CSV or JSON
• Right to object — opt out of non-essential processing

You can exercise these rights from your dashboard Settings page, or by emailing privacy@hosttello.com.

5. Data Retention

We retain your data for as long as your account is active. If you cancel, your data remains in read-only mode for 30 days so you can export it, after which it is permanently deleted.

6. Third-Party Services

Hosttello integrates with the following third-party services, each with their own privacy policies:

• Paddle — payment processing
• Resend — transactional email delivery
• Meta WhatsApp Business API — WhatsApp messaging (optional)
• Neon — database hosting
• Vercel / DigitalOcean — application hosting

7. Cookies

We use only essential cookies required for authentication and session management. See our Cookie Policy for details.

8. Children

Hosttello is not intended for anyone under the age of 18. We do not knowingly collect data from children.

9. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes by email and update the “Last updated” date above.

10. Contact

Questions about this policy? Email privacy@hosttello.com or visit our contact page.