Welcome to Guesty, a software-based and staff-powered property and vacation rental management service, which shall include Guesty Pro, Guesty Lite, and Guesty for Hosts (the “Service”).
The Service is owned and operated by Guesty, Inc., a Delaware corporation and its subsidiary (collectively, the “Company”, “we”, “us” and “our”).
We, at Guesty, respect your privacy. This Privacy Policy (the “Policy”) outlines our privacy practices with respect to the Service, including the ways your personal information and data is collected, stored, used and shared.
Providing us with your personal information is a choice you make. We appreciate that and thank you for making this choice. You are not legally obligated to provide us with this information, but we do need it to allow you to use the Service.
This Policy is combined into all Guesty Pro’s Terms of Services, Guesty Lite’s Terms of Service, and Guesty for Hosts’ Terms of Use (together, the “Terms”), and is a part of them. Please refer to our Terms of Service for more information about how our Services work. This Privacy Policy does not apply to data that is not personal data, including anonymous, de-identified, or aggregated data, even when such data has been derived from personal data.
What Data Do We Collect And Why
| Purpose | Details |
| General Services | · Customers and website visitors data – we may use it when you submit an inquiry, make a customer service request or register an account, you provide contact information such as your name, address, mobile phone number and email address. Because our customers are rental businesses, our knowledge of your business is generally considered professional information. We may use this data to process transactions with you, authenticate you when you log in, and operate and maintain our Services. We may also use it to communicate with you about the Services, respond to your support requests, provide customer support to resolve technical issues you encounter, including through the use of automated tools, chatbots or other AI-based agents.
· Customers and Guests’ data – we are a service provider to our customers and access user data relating to the employees of our customers and guest data on behalf of our customers. The data we collect about these guests consists of: Name, email, and phone number in order to provide our Service; Commercial information such as reservation start and end date in order to provide our Service; Guest personal information is shared with us for a business purpose only. This data will not be used beyond what is necessary to provide our Service as specified in our Terms of Service, and will not be sold, retained or disclosed beyond what is necessary to provide our Service. |
| Payments Services (through GuestyPay)
|
To provide our payment services effectively, we collect and process certain personal and financial information. This includes:
All financial information is handled in accordance with applicable data protection laws, including GDPR and CCPA and is used solely for the purposes of facilitating payments, preventing fraud, and complying with legal obligations. |
| Marketing | We may use data provided by you to send you email newsletter with updates on product features; to provide retargeted advertising and to conduct sales outreach to prospective customers. |
| Cookies and Tracking Technologies | We use these technologies on our website, mobile applications, and emails to enhance functionality, monitor performance, and support secure processing. See below our Cookie Policy. |
| Internal research, customer service and service improvement (including by AI tools) | We may use data provided by you to analyze user activity data, to provide you with customer service and to determine where we need to improve user and customer experience.
We may also use AI-based tools and technologies to process data for the above mentioned purposes , including for additional internal purposes such as improving our services and training machine learning models. These tools are designed to handle data securely and confidentially, ensuring that any information processed remains protected and is not shared in a manner that identifies individuals. While AI technologies may enhance our ability to deliver better services, we are committed to maintaining the privacy and integrity of our customers’ and guests’ data.
We may use the information we collect, as outlined above, to compile anonymized or aggregated information. We may share, sell or otherwise communicate and make available such anonymized or aggregated information to any other third party, at our sole discretion. However, we will not knowingly or intentionally share information that can be reasonably used to reveal your identity without your consent. |
| Security | We may use your data to verify accounts and activity, monitor suspicious or fraudulent activity and identify violations of Service policies. |
| Compliance with applicable laws
|
We may use your data to enforce the terms and this Policy and to prevent misuse of the Service; to comply with any applicable law and assisting law enforcement agencies and competent authorities, if we believe it is necessary or justified and to take any action in any case of a dispute involving you, with respect or in relation to the Service. |
Data Sharing
We use service providers and other third-party services to help perform essential business functions on our behalf.
See our main Sub-Processors list here
We do not share any information unnecessarily.
| What We Share | Who We Share It With |
| Name
Phone number |
Business Communication and Collaboration Tool
Customer Support Service Data Analytics Provider Finance and Accounting Tool Hosting Service Provider Sales and Marketing Tool |
| Sales and Marketing Tool | Payment Processor |
| Internet or Electronic Network Activity | Ad Network
Customer Support Service Data Analytics Provider Hosting Service Provider Sales and Marketing Tool |
Children’s privacy
This service is for people 16 years of age or older. We do not knowingly or intentionally collect information about children who are under 16 years of age.
Cookie Policy
This website uses cookies to recognize you when you visit our website.
Cookies are small text files that are stored on your computer. They are designed to hold a small amount of data specific to a website or server that can be accessed either by the website or your computer. We use cookies to capture information described in the What Data We Collect & Why section, such as IP address and electronic activity data.
We use this information to remember your site preferences. Additionally, we aggregate this data to analyze site traffic and the effectiveness of our marketing efforts.
You can delete advertising cookies in your browser by using this form: https://optout.aboutads.info/.
Transfer of Data Outside Your Territory
We may store and process information in various locations throughout the globe, including through cloud services. The laws in those other countries may provide a lesser degree of data protection than the laws of your own country. However, we ensure that appropriate safeguards are in place to protect your data, such as Standard Contractual Clauses or other legally recognized mechanisms.
By using our Services, you agree to the transfer of your information to such other countries for the purpose of the processing as described in this Policy, including through cloud services. Regardless of location, we are committed to protecting your data using robust security measures and ensuring compliance with applicable data protection laws.
Information Security
We implement measures to reduce the risks of damage, loss of information and unauthorized access or use of information. These measures do not provide absolute information security. Therefore, it is not guaranteed, and you cannot expect that the Service will be immune to information security risks.
Data Retention
We retain personally identifiable information for as long as we deem necessary for the purposes set forth above. We may delete information from our systems, without notice to you, once we deem it is no longer necessary for the purposes set forth above.
Data Subject rights
You have certain rights under applicable data protection laws, such as access, correction, deletion, and data portability. These rights may vary depending on your location, including specific rights under the CCPA and GDPR as detailed below. For more information or to exercise your rights, please contact us as detailed below under “Contact Us.”
CCPA Notice & Data Subject rights
The Company has implemented measures to ensure compliance with the California Consumer Privacy Act (“CCPA”) of 2018, as amended by the California Privacy Rights Act of 2020 (“CPRA”), including in its engagements with customers when processing personal information on behalf of customers, and as a “Business” when processing data for its own purposes (e.g., website visitors, platform users) as well as ensuring no sale or sharing of personal information when acting as a Service Provider, and offering California consumers the ability to opt out of such practices when acting as a Business. The Company has extended GDPR compliance efforts to meet CCPA requirements, and is updating this Privacy Policy and its internal procedures to reflect CCPA requirements and industry standards and enabling consumer rights under the CCPA, as specified below.
- Your CCPA rights are described below, you can exercise them by filling in this form:
| Right to know
|
You have the right to request information regarding the categories and specific pieces of personal information we have collected about you, as well as the sources of that information, the business purpose for collecting it, and what types of third parties we share or sell it with. If you make a request more than twice in a 12-month period, you may be required to pay a small fee for this service.
|
| Right to deletion
|
You have the right to request that we delete any of your personal information. We will delete any personal information that is not critical to the normal business operation from our records and direct all of our service providers to do the same.
We consider data to be critical to our business operation if they are used to: – Provide goods or services to you – Detect and resolve issues related to security or functionality – Comply with legal obligations
|
| Right to non-discrimination
|
If you exercise your consumer rights:
– We will not deny goods or services to you – We will not charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties – We will not provide a different level or quality of goods or services to you |
Do not sell my personal information
We do not sell any information that identifies you, such as your name or contact information. However, we do allow Ad Networks such as Facebook and Google to collect your electronic activity while on our website. Ad Networks may also collect IP addresses and information about your device and browser (such as the name and model number of your device) through cookies and similar tracking technologies on our website. They use this information to advertise to you after you leave our website. This is called “retargeted advertising.” Under the CCPA’s broad definition of what it means to “sell” personal information, this form of advertising may be considered a “sale” of your information.
If you do not want us to provide this information to our advertisers, you may opt-out here:
Do not sell my personal informationhttps://optout.aboutads.info/
Authorized agent
You may designate someone as an authorized agent to make a request under CCPA on your behalf. You can do this by providing written permission to authorize an agent to act on your behalf; the agent will need to verify their identity with us. Agents authorized by power of attorney are exempt from having to provide written permission, but must show documentation that power of attorney has been granted. We will deny a request from an agent that does not submit proof that they have been authorized by you to act on your behalf.
Request verification
Before we can respond to any CCPA requests, we will need to verify that you are who you say you are. Verification is important for preventing fraudulent requests and identity theft.
The verification process depends on which type of request you make. For requests to access specific information or requests to delete information, we may require a higher level of verification. Typically, identity verification will require you to confirm certain information about yourself based on the information we have already collected. For example, we may ask you to reply from the email address we have on file for you that is associated with your name. If we cannot verify your identity, we cannot fulfill requests to exercise any rights accorded to you by CCPA.
In some cases, we may have no reasonable method by which we can verify a consumer’s identity. For example: If a consumer submits a request but we have not collected information about them, we cannot verify the request; If the only data we have collected about a consumer is gathered through website cookies (i.e., the consumer has visited our website and had no other interaction with us), we are unable to associate a requester with the data collected; therefore, we cannot verify the request.
GDPR Notice & Data Subject rights
As a data controller of our customers’ personal data, the Company is committed to protecting and respecting your privacy in compliance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”). We have implemented key measures to ensure compliance with the GDPR, including entering into relevant agreements with our vendors and certain customers, applying security measures, including encryption and access controls, to protect personal data, training staff and incorporating relevant policies and procedures within our compliance program. Additionally, we have established lawful bases for data processing and enabled data subject rights such as access, rectification, and erasure as specified below.
This privacy policy explains when and why we collect personal data, how we use it, the conditions under which we may disclose it to others and how we keep it secure. This Privacy Statement applies to the use of our products and to our sales, marketing and customer contract fulfillment activities. You have the right to withdraw your consent at any time; and to submit a complaint to the relevant supervisory data protection authority.
Our legal basis for collecting personal data
Collecting personal data based on consents:
The collection of personal data based on consent from the data subject will be done by using “Consent Forms” that will store documentation related to the consent given by the individual. Individual consents will always be stored and documented in our systems.
Collecting personal data based on contracts:
We use personal data for fulfilling our obligations related to contracts and agreements with customers, partners and suppliers.
Collecting personal data based on legitimate interest:
We may use personal data if it is considered to be of legitimate interest, and if the privacy interests of the data subject do not override this interest. Normally, to establish the legal basis for data collection, an assessment has been made during which a mutual interest between Guesty and the individual person has been identified. This legal basis is primarily related to our sales and marketing purposes. We will always inform individuals about their privacy rights and the purpose for collecting personal data.
Please refer to the Privacy Policy to understand What We Collect along with our retention Policy.
· Your GDPR rights are described below, you can exercise them by filling in this form:
- The right to request a copy of your personal data that Guesty holds about you.
- The right to request that Guesty correct your personal data if inaccurate or out of date.
- If you are a customer you may update your user profile by logging onto Guesty Platform and selecting “Account” and then “My Profile”.
- The right to request that your personal data be deleted when it is no longer necessary for Guesty to retain such data.
- The right to withdraw any consent to personal data processing at any time. For example, your consent to receive e-marketing communications:
- If you want to withdraw your consent to e-marketing, please make use of the link to manage your subscriptions included in our communication. Please note that you may still receive system messages and administrative communications from Guesty, such as order confirmation, system messages and notifications about your account activities.
- The right to request that Guesty provide you with your personal data and, if possible, to pass on this information directly (in a portable format) to another data controller when the processing is based on consent or contract.
- The right to request a restriction on further data processing, in case there is a dispute in relation to the accuracy or processing of your personal data.
- The right to object to the processing of personal data, in case data processing has been based on legitimate interest and/or direct marketing.
Changes to this Privacy Policy
We may change this Policy. To the extent our changes are material with a potential to affect you, we will provide you notice of such changes through the Services’ interface. Your continued use of the Service constitutes your consent to the amended Policy. If you do not consent to the amended Policy, we may terminate your account on the Service and block your access to, and use of, the Service, upon the elapse of 30 days after you decline to accept the amended Policy.
In the case of legal requirement or necessity, we may also introduce immediate changes to this Policy. The latest version of the Terms and its effective date will always be accessible on the Service.
Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us as specified below and we will do our best to respond to your inquiries in a reasonable timeframe.
You may contact us with any questions, requests and complaints, at: [email protected].
You can submit a Privacy Request by sending it to Email: [email protected], and to the Company’s DPO at [email protected].
To ask questions or comment as regards the processing of Personal Data concerning persons within the European Union, the Company has designated the following representative in the European Union, please contact: Representative: Roberto Bricio, Rua Alfredo Soares, nº 6 – 4F, 1400-006 Lisbon. Contact details: [email protected]
The Company mandates the representative to be the recipient on behalf of the Company of all issues related to the processing of Personal Data concerning persons within the European Union.
Last updated on April 1, 2025