Privacy policy

Last updated: 2026-05-05

room2let operates under the EU General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (nFADP). This page is a placeholder for the production legal text.

Data we collect

• Account: email, name, hashed password, OAuth identifiers
• Listings: titles, descriptions, photos, geographic coordinates
• Bookings: dates, guest counts, payment status, Stripe references
• Operational: IP address (for fraud prevention), user agent, request logs

Where the data lives

Application servers and the primary database are hosted in Switzerland. Photos are stored with a Swiss S3-compatible provider. Payments are processed by Stripe (Ireland and the United States, under their EU SCC and DPA). Email delivery runs through providers operating within the EU.

Your rights

You can request access, correction, or deletion of your data at any time via your account, or by emailing privacy@room2let.example.