Privacy Policy

Last updated: March 16, 2026

1. Information We Collect

When you create a HostMoat account, we collect your email address and any profile information you choose to provide. When you use our platform, we collect data about your properties, bookings, guests, transactions, and other information you enter into the system.

Account Information

We collect the email address you use to sign up. HostMoat uses passwordless authentication (magic links), so we do not store passwords.

Property and Booking Data

Information you enter about your rental properties, bookings, guests, expenses, invoices, contracts, and other operational data is stored to provide the HostMoat service.

Calendar Sync Data

When you connect iCal feeds from Airbnb, VRBO, Booking.com, or other platforms, we import booking data from those feeds to keep your calendar synchronized.

Payment Information

Payment processing is handled by Stripe. We do not store credit card numbers or bank account details on our servers. Stripe processes and stores payment information in accordance with PCI-DSS standards.

Usage Data

We collect standard server logs including IP addresses, browser type, and pages visited to maintain and improve the service.

2. How We Use Your Information

We use your information to:

  • Provide and maintain the HostMoat platform
  • Sync your calendars across booking platforms
  • Process invoices and payments through Stripe
  • Send transactional emails (magic links, invoice notifications, contract signing requests, booking confirmations, digests)
  • Generate reports and analytics for your properties
  • Provide customer support

3. Data Sharing

We do not sell your personal information. We share data only with:

  • Stripe — for payment processing (invoices, subscriptions, card-on-file)
  • Resend — for transactional email delivery
  • Supabase — our infrastructure provider for database hosting and authentication
  • Seam — if you connect smart devices for noise monitoring

We may also disclose information when required by law or to protect our rights.

4. Guest Data

When you use HostMoat to manage guest information, send invoices, or share contracts, you are the data controller for that guest data. We process it on your behalf. Guest data is accessible only to you and any team members you explicitly invite.

5. Data Security

We use industry-standard security measures including:

  • Encrypted connections (HTTPS/TLS) for all data in transit
  • Row-level security (RLS) in our database ensuring users can only access their own data
  • Secure token-based authentication
  • Regular security updates and monitoring

6. Data Retention

Your data is retained for as long as your account is active. If you delete your account, we will delete your data within 30 days, except where we are required to retain it by law (e.g., financial records).

7. Your Rights

You have the right to:

  • Access your personal data
  • Export your data (CSV exports are available for bookings, expenses, and guest data)
  • Request deletion of your account and data
  • Opt out of non-essential communications

8. Cookies

HostMoat uses essential cookies for authentication and session management. We do not use third-party tracking cookies or advertising cookies.

9. Children's Privacy

HostMoat is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes via email or a notice on the platform.

11. Contact

If you have questions about this privacy policy or your data, contact us at [email protected].