Privacy Policy

Last updated: May 9, 2026

StayOps is a B2B operations platform for short-term rental operators. We don't sell ads. We don't broker data. We build software that helps operators run their business better.

This policy explains what we collect, why, and what we do with it. If something here doesn't make sense, email hello@stayops.pro and we'll answer in plain English.

1. What we collect

Information you give us directly

  • Name, email address, and company name
  • Property count and PMS type (from the ops audit form)
  • Any messages you send us via email or forms

Information collected when you use the platform

  • Account credentials managed through Clerk (authentication provider)
  • PMS API credentials you provide for integration — encrypted at rest
  • Property, reservation, and guest data pulled from your PMS via API
  • Actions you take inside the platform (page views, feature usage)

Information collected automatically

  • Standard analytics via Google Analytics 4 (pages visited, referral source, device type, country)
  • Authentication session cookies managed by Clerk

That's it. No tracking pixels. No fingerprinting. No third-party ad cookies.

2. How we use your data

  • Audit form submissions: To understand your operation, qualify your engagement, and prepare your audit call.
  • PMS credentials: To connect to your PMS and pull the data needed to power your StayOps instance. Credentials are encrypted and never shared.
  • Guest and reservation data: To power platform features you've configured — guidebooks, turnover workflows, guest communications, and reporting. This data belongs to you. We process it on your behalf.
  • Analytics: To understand how people use the marketing site and the platform so we can improve both. We don't tie analytics to individual identities.
  • Email: To communicate about your engagement, your account, or platform updates. No marketing spam. No list selling.

3. Third-party services

We use a small number of trusted third-party services to operate the platform. Each receives only the minimum data required for its function:

  • Hosting provider — serves the website and application
  • Authentication provider — manages your login credentials and sessions
  • Database provider — stores application data with encryption at rest
  • Analytics — anonymized usage data on the marketing site, blockable with any ad blocker

We don't sell, rent, or trade your data with anyone. Period.

4. Data retention

Audit form data: Kept for the duration of the sales conversation. Deleted within 12 months of last contact if you don't become a customer.

Platform data: Kept for the duration of your account. Deleted within 30 days of account closure. We'll export it for you first if you ask.

PMS credentials: Deleted immediately upon account cancellation or credential rotation.

Analytics data: Retained per Google Analytics' default retention period (14 months).

5. A note on guest data

StayOps processes guest data (names, emails, phone numbers, reservation details) on behalf of operators. This data comes from your PMS via API — we don't collect it independently.

You, the operator, are the data controller. We are the data processor. We use guest data only to deliver the features you've configured and never for our own marketing or analytics.

If a guest contacts us about their data, we'll direct them to you and help you fulfill the request.

6. Your rights

Regardless of where you're located, you can:

  • Request a copy of all data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Request an export of your platform data in a standard format

California operators (CCPA): You have the right to know what personal information we collect, request its deletion, and opt out of any sale of personal information. We don't sell personal information, so there's nothing to opt out of — but the right is yours regardless.

For any data request, email hello@stayops.pro with the subject line “Data Request.” We'll respond within 10 business days.

7. Security

PMS credentials are encrypted at rest. All data in transit uses TLS. Authentication is handled by Clerk with industry-standard session management. The database is hosted on Neon with encryption at rest enabled.

We're a small team, which means fewer attack surfaces, not more. There's no sprawling org chart of people with access to your data.

8. Changes to this policy

If we make meaningful changes, we'll update the date at the top and notify active customers by email. We won't bury changes in fine print.

Questions?

Email hello@stayops.pro. A human will respond.