Privacy Policy (Template)
Status: DRAFT — not legally binding. Replace placeholders, add your legal entity and jurisdiction, and obtain sign-off from qualified counsel before publishing or onboarding production clients.
This project processes hospitality and operational business data, including user account data and guest-related booking details.
Data Collected
- Account and authentication data (email, role, login/security events)
- Tenant and branch business data
- Booking and payment operational records
- Audit and system telemetry
Purpose of Processing
- Service delivery and tenancy isolation
- Security, fraud prevention, and access control
- Billing, reporting, and compliance workflows
Data Retention
- Operational records are retained according to business and legal requirements.
- GDPR export artifacts are temporary and are purged by scheduled jobs.
Security Controls
- Role-based access controls and tenant-scoped authorization
- MFA/step-up controls for sensitive actions
- Token and webhook validation mechanisms
Data Subject Rights
Where GDPR/UK GDPR applies, users may request:
- Access to personal data
- Rectification
- Erasure (where legally permissible)
- Portability/export
Contact
Replace this section with your legal entity details, contact email, and DPO contact (if applicable).
This template must be reviewed by legal counsel before production use.