Skip to content
SStaySynq
← Home

Privacy Policy

Last updated:

This Privacy Policy explains how StaySynq, Inc. ('StaySynq', 'we', 'us') collects, uses, discloses, and safeguards personal data when you use our website, applications, and hospitality platform.

1. Scope

This policy applies to personal data we process about prospective customers, customers, end-users of customer properties (guests), website visitors, applicants, and visitors to our offices.

When you use StaySynq as a property operator, your data is governed by this policy. When guests interact with your property, you (the operator) are the data controller and StaySynq is the data processor. See our Data Processing Agreement for processor obligations.

2. What we collect

We collect the following categories of personal data:

  • Identity data: name, email, phone, job title, employer.
  • Account data: login credentials, role, permissions, audit trail.
  • Usage data: pages viewed, actions taken, API calls, IP address.
  • Device data: browser, operating system, screen resolution.
  • Billing data: payment method, billing address, tax ID, invoice history.
  • Communication data: support tickets, chat transcripts, emails.

We do not knowingly collect personal data from children under 16. Guest personal data captured by our customer-operators belongs to those operators.

3. How we use it

We use personal data only for these purposes:

  • Provide and operate the StaySynq platform.
  • Authenticate users and prevent abuse.
  • Bill customers and comply with tax law.
  • Provide customer support.
  • Send service announcements and legal notices.
  • Send marketing communications (with consent or legitimate interest, you can opt out anytime).
  • Comply with legal obligations and respond to lawful requests.

5. Who we share data with

We share personal data only with:

  • Sub-processors — listed in our DPA.
  • Payment processors — Stripe, Razorpay, Adyen, etc., as needed.
  • Authorities — when legally required, after challenging overbroad requests.
  • Acquirers — in the event of merger, acquisition, or sale of assets.

We do not sell personal data. We never have.

6. International transfers

We host customer data in regional data centers (EU, US, APAC) based on your account region. Cross-border transfers rely on Standard Contractual Clauses, the UK IDTA, or other lawful mechanisms.

7. Retention

We keep personal data only as long as necessary for the purposes above. Customer account data is deleted 90 days after subscription termination. Backups are purged within 35 days of source deletion. Anonymized analytics may be retained indefinitely.

8. Your rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Delete data (subject to legal obligations).
  • Restrict or object to processing.
  • Port data to another provider.
  • Withdraw consent at any time.
  • Lodge a complaint with a supervisory authority.

To exercise a right, email privacy@staysynq.com. We respond within 30 days.

9. Security

StaySynq is SOC 2 Type II and ISO 27001 certified. We encrypt data in transit (TLS 1.3) and at rest (AES-256), and follow the security practices described on our Security page.

10. Contact

Data controller: StaySynq, Inc., 1450 Broadway, New York, NY 10018, USA.

EU representative and DPO: dpo@staysynq.com.

Related
Terms of ServiceData Processing AgreementSecurity