Legal
Privacy Policy
Last updated: 6 May 2026
This Privacy Policy explains how StayPay collects, uses, stores, shares, and protects personal data when hotels, staff, and guests use our booking, payment, integration, and online check-in tools.
1. Scope and Roles
StayPay provides software for hotels to receive direct bookings and manage guest workflows. For hotel guest data, the hotel is generally responsible for deciding why and how guest data is used, and StayPay processes that data to provide the platform. For account, product, security, billing, and support data, StayPay may act as the responsible platform operator.
Hotels must provide their own guest-facing disclosures where required and must use guest data only for lawful hotel purposes.
2. Personal Data We Collect
We may collect hotel account data, hotel profile data, guest booking data, payment-related data, online check-in data, technical data, and support correspondence.
- hotel account data: name, phone, email, role, OTP login information, staff invitations, and permissions;
- hotel profile data: hotel name, location, property type, rooms, rates, photos, policies, and integrations;
- guest booking data: guest name, phone, email, dates, room selection, payment mode, booking status, and requests;
- payment-related data: payment mode, gateway status, transaction references, charge status, and settlement metadata;
- online check-in data: arrival time, ID type, ID number, address, special requests, and uploaded documents;
- technical data: IP address, browser, device, logs, cookies, usage events, errors, and security signals;
- support data: messages, screenshots, diagnostics, and correspondence.
3. How We Use Data
We use personal data to operate StayPay, secure accounts, process bookings, support hotels and guests, troubleshoot payments, improve reliability, prevent fraud, and comply with legal obligations.
- create and manage hotel accounts, staff access, and permissions;
- operate booking pages, checkout, confirmation, online check-in, and admin dashboards;
- store hotel media and guest documents;
- send OTPs, booking confirmations, operational alerts, and support messages;
- process, reconcile, troubleshoot, or display payment status through third-party providers;
- prevent fraud, abuse, security incidents, unauthorized access, and platform misuse;
- comply with legal obligations, enforce terms, resolve disputes, and protect rights.
4. Legal Basis, Notice, and Consent
Where consent is required, the request should be free, specific, informed, unambiguous, and limited to the purpose for which data is collected.
We also process data where necessary to perform a contract, provide requested services, comply with law, prevent fraud, protect security, and support legitimate platform operations where permitted.
5. Guest Documents and Sensitive Data
Online check-in documents are stored in private storage and are not displayed publicly. Hotels are responsible for deciding what documents are required, verifying them, restricting staff access, and deleting or retaining them according to applicable law and hotel policy.
Do not upload unnecessary sensitive data. If a document is not required for a lawful hotel purpose, it should not be collected.
6. Sharing and Processors
We may share data with hotels, authorized staff, infrastructure providers, payment providers, professional advisers, regulators, courts, or successors where needed to operate StayPay or comply with law. We do not sell guest personal data as a standalone product.
7. Payments
Payment processing may be performed by third-party payment providers. StayPay may receive payment status, transaction identifiers, amounts, metadata, and reconciliation information, while card, bank, UPI, or wallet details may be collected directly by the payment provider.
8. Cookies and Similar Technologies
We may use cookies, local storage, and similar technologies for login sessions, security, preferences, analytics, debugging, and product functionality. Some features may not work if cookies are disabled.
9. Security
We use reasonable administrative, technical, and organizational safeguards designed to protect data. However, no system is completely secure. Hotels and staff must protect their own devices, sessions, OTPs, and access permissions.
10. Retention
We retain data for as long as needed to provide the platform, support hotels, comply with legal or accounting obligations, resolve disputes, enforce agreements, prevent fraud, and maintain security. Hotels are responsible for lawful retention periods for guest identity documents and hotel registration data.
11. International Transfers
Service providers may process or store data in India or other countries. Where required, we use appropriate safeguards and vendor controls for cross-border processing.
12. Your Rights and Requests
Depending on applicable law, individuals may request access, correction, deletion, grievance redressal, withdrawal of consent, or information about processing. Guests should first contact the hotel for booking-specific or check-in-specific data requests.
13. Children
StayPay is not intended for use by children directly. Hotels must ensure any child-related guest data is collected only when lawful, necessary, and with appropriate parent or guardian involvement where required.
14. Hotel Responsibilities
Hotels using StayPay must collect only lawful and necessary data, provide required notices, manage staff permissions carefully, handle guest requests lawfully, avoid uploading excessive data, and notify us promptly of suspected unauthorized access or data misuse.
15. Changes to This Policy
We may update this Privacy Policy from time to time. Updated versions will be posted on this page with a revised date. Continued use of StayPay after an update means the updated policy applies.
16. Contact
For privacy questions or requests, contact support@staypay.in or the support channel available in your account.