StayPay provides software for hotels to receive direct bookings and manage guest workflows. For hotel guest data, the hotel is generally responsible for deciding why and how guest data is used, and StayPay processes that data to provide the platform. For account, product, security, billing, and support data, StayPay may act as the responsible platform operator.

Hotels must provide their own guest-facing disclosures where required and must use guest data only for lawful hotel purposes.

We may collect the following categories of data:

• hotel account data: name, phone, email, role, OTP login information, staff invitations, and permissions;
• hotel profile data: hotel name, location, property type, rooms, rates, photos, policies, and integrations;
• guest booking data: guest name, phone, email, dates, room selection, payment mode, booking status, and requests;
• payment-related data: payment mode, gateway status, transaction references, charge status, and settlement metadata;
• online check-in data: arrival time, ID type, ID number, address, special requests, and uploaded documents;
• technical data: IP address, browser, device, logs, cookies, usage events, errors, and security signals;
• support data: messages, screenshots, diagnostics, and correspondence.

We use personal data to:

• create and manage hotel accounts, staff access, and permissions;
• operate booking pages, checkout, confirmation, online check-in, and admin dashboards;
• store hotel media and guest documents;
• send OTPs, booking confirmations, operational alerts, and support messages;
• process, reconcile, troubleshoot, or display payment status through third-party providers;
• prevent fraud, abuse, security incidents, unauthorized access, and platform misuse;
• comply with legal obligations, enforce terms, resolve disputes, and protect rights;
• improve product performance, reliability, usability, and support.

Where consent is required, the request should be free, specific, informed, unambiguous, and limited to the purpose for which data is collected. Guests may be asked to provide data for booking, payment, identity verification, legal hotel registration, or check-in purposes.

We also process data where necessary to perform a contract, provide requested services, comply with law, prevent fraud, protect security, and support legitimate platform operations where permitted.

Online check-in documents are stored in private storage and are not displayed publicly. Hotels are responsible for deciding what documents are required, verifying them, restricting staff access, and deleting or retaining them according to applicable law and hotel policy.

Do not upload unnecessary sensitive data. If a document is not required for a lawful hotel purpose, it should not be collected.

We may share data with:

• the hotel and its authorized staff for booking, check-in, support, and operations;
• cloud hosting, database, storage, analytics, logging, messaging, and email providers;
• payment gateways, banks, card networks, UPI/payment providers, fraud tools, and reconciliation services;
• professional advisers, auditors, insurers, or legal representatives;
• government, law enforcement, regulators, or courts where required by law or valid process;
• successors in connection with a merger, acquisition, restructuring, financing, or sale of assets.

We do not sell guest personal data as a standalone product.

Payment processing may be performed by third-party payment providers. StayPay may receive payment status, transaction identifiers, amounts, metadata, and reconciliation information, but card, bank, UPI, or wallet details may be collected directly by the payment provider. Their privacy notices and terms may apply.

We may use cookies, local storage, and similar technologies for login sessions, security, preferences, analytics, debugging, and product functionality. You can control cookies through your browser, but some features may not work if cookies are disabled.

We use reasonable administrative, technical, and organizational safeguards designed to protect data. However, no system is completely secure. Hotels and staff must protect their own devices, sessions, OTPs, and access permissions.

We retain data for as long as needed to provide the platform, support hotels, comply with legal or accounting obligations, resolve disputes, enforce agreements, prevent fraud, and maintain security. Retention periods may differ for account data, bookings, payment records, logs, and guest documents.

Hotels are responsible for defining and following lawful retention periods for guest identity documents and hotel registration data.

Service providers may process or store data in India or other countries. Where required, we use appropriate safeguards and vendor controls for cross-border processing.

Depending on applicable law, individuals may request access, correction, deletion, grievance redressal, withdrawal of consent, or information about processing. Guests should first contact the hotel for booking-specific or check-in-specific data requests. You may also contact StayPay for platform-related requests.

We may need to verify identity and may be unable to fulfil requests where retention is required for legal, tax, fraud, dispute, security, or hotel operational reasons.

StayPay is not intended for use by children directly. Hotels must ensure any child-related guest data is collected only when lawful, necessary, and with appropriate parent or guardian involvement where required.

Hotels using StayPay must:

• collect only data needed for lawful hotel purposes;
• provide required notices to guests;
• manage staff permissions carefully;
• handle guest requests, refunds, disputes, and document retention lawfully;
• avoid uploading unlawful, excessive, or unnecessary personal data;
• notify us promptly of suspected unauthorized access or data misuse.

We may update this Privacy Policy from time to time. Updated versions will be posted on this page with a revised date. Continued use of StayPay after an update means the updated policy applies.

For privacy questions or requests, contact support@staypay.in or the support channel available in your account.