Privacy Policy

Last updated: 2026-05-05 · Version 2.0

The short version

Staysette is a hotel-affiliate platform for Instagram creators. We collect a narrow set of data — your account info, the bookings followers make through your page, and what you click on while using the product. We do not sell your data and we do not run advertising cookies. You can ask us to delete your data at any time via /data-deletion.

The longer sections below match the order in which different regulators ask us to disclose things. If you only want one section, the most useful are what we collect, who else processes your data, and your rights.

Who we are and how to reach us

“Staysette” refers to the operator of staysette.com. For privacy questions, deletion requests, or to exercise any rights below, email privacy@staysette.com. We respond within 15 days. Where the law allows, we may extend by up to another 30 to 45 days for complex requests, and we will tell you why.

EU/UK/EEA residents may also lodge a complaint with their local supervisory authority. Quebec residents may complain to the Commission d'accès à l'information. Brazilian residents may complain to the ANPD. California residents may complain to the California Privacy Protection Agency.

What we collect, why, and the legal basis

Each row says what we collect, where it comes from, what we use it for, why it is lawful for us to process it (under EU/UK/Quebec/Brazil law), and how long we keep it.

Data	Source	Purpose	Lawful basis	Retention
Account: email, name, Instagram user ID and username	From you (Clerk sign-up); from Instagram (after you connect)	Run your account; verify you own your handle	Contract	While your account exists, then up to 30 days
Payout: your Stripe Connect account ID, encrypted payout email/phone	From you (entered into Stripe-hosted onboarding)	Pay you commissions	Contract; legal obligation (tax records)	7 years (US tax)
Booking: guest email, first/last name, booking dates, room, hotel, total, IP, browser, language, country	From the guest at checkout	Send confirmations; reconcile commission; defend chargebacks	Contract; legitimate interest (fraud); legal obligation (tax)	PII anonymized after 90 days; financial record kept 7 years
Saver: email, optional E.164 phone, target rate, hotel context	From you (Save / SMS opt-in)	Send rate alerts and rate-drop notifications you asked for	Consent	90 days from your last save
Application: email, Instagram handle, follower bucket, niche, optional last hotel	From you (the apply form)	Decide whether to invite you to the early-access cohort	Consent (you submitted it)	90 days after a decision; longer only with your consent
Public Instagram signals: profile metadata, recent post captions, post locations, accounts you tagged	Public Instagram (via Apify)	Show your “instant preview” on the homepage; suggest hotels you may have already mentioned	Legitimate interest (assessment recorded; opt-out available)	30 days unless you sign up; transient otherwise
Behavioral: which hotels you click, which links you save, IP for rate-limiting, cookies for attribution	Your visits to staysette.com	Operate the product, prevent abuse, attribute commissions to the right creator	Legitimate interest (with consent in EU/UK/Quebec/Brazil for non-essential cookies)	Up to 30 days for cookies; 90 days for analytics events
Communications: emails and SMS you receive, your replies	Sent via Resend / Twilio	Send confirmations, rate alerts, application updates; honor STOP/unsubscribe	Contract / consent	Send-log: 12 months. Suppression list: indefinite.

We do not collect special-category data (health, biometrics, race, religion, political opinions, sexual orientation, precise geolocation), we do not infer it, and we do not sell sensitive personal information.

Reading public Instagram signals (the “instant preview”)

When you type your Instagram handle on our homepage, we read public information from that handle's public profile page using a third-party service called Apify: your display name, avatar, follower count, the captions of your recent posts, post locations, and the handles you tagged. This is data anyone can see by visiting instagram.com/<handle> without logging in. We send those captions to Anthropic Claude to help us suggest hotels you may have mentioned.

We rely on our legitimate interest in showing you the preview (we recorded the balancing test on file). You can opt out at any time by emailing privacy@staysette.com.

Tagged people: if a creator tags you in a post we read, your handle may briefly appear in our system while we build the preview. We delete tagged-by handles within 30 days unless you sign up yourself. To remove your handle sooner, email privacy@staysette.com.

Connecting Instagram (verifying your handle)

Separately from the preview, creators who sign up can connect their Instagram account to verify ownership of the handle they claimed. This uses Instagram Business Login with a single permission: instagram_business_basic. Instagram sends us your account ID and username so we can confirm they match.

We discard the access token after that one read. We never store it. We do not read or store your media, followers, following list, DMs, Stories, comments, tags, insights, or any other Instagram content. We do not post to your account or message anyone on your behalf.

You can disconnect Staysette from Instagram's “Apps and Websites” settings at any time. To delete your Staysette account, see /data-deletion.

AI-assisted content

We use Anthropic Claude to draft suggested hotel summaries, reel-hook captions, and email copy. AI-generated copy that we publish is labeled with a short note. We do not use AI to make decisions that materially affect you (for example, whether a booking is approved or how much you earn — those are deterministic rules with humans in the loop).

We do not send card numbers, CVVs, or other payment-card data to Anthropic. We do not knowingly send special-category data. Anthropic processes data on our behalf under a Data Processing Agreement and does not train its public models on your data.

Starting 2 August 2026, EU users will see clearer AI labels on AI-generated content per Article 50 of the EU AI Act.

Cookies, analytics, and session replay

We use a small number of cookies and similar technologies, divided into two groups:

Strictly necessary: Clerk authentication, CSRF protection, attribution cookies that connect a creator's link to a booking. These run on every page and do not require consent.
Analytics and session replay (PostHog): records pages you visit, buttons you click, and a screen recording of your session for product analytics. Inputs are masked. We never record card-payment screens.

In the EU, UK, EEA, Switzerland, Quebec, and Brazil, we ask before turning on analytics or session replay. In California and other US states with universal opt-out laws, we honor your browser's Global Privacy Control signal automatically. We never use advertising cookies and we do not run cross-site tracking.

Who else processes your data

We share data only with the processors listed below, only for the purpose listed, and only under a written Data Processing Agreement that flows our deletion instructions through to them.

Processor	Country	Purpose	Privacy notice
LiteAPI / Nuitée Travel	Ireland	Booking processor and merchant of record	link
Stripe	United States	Creator payouts (Stripe Connect)	link
Clerk	United States	Authentication and account management	link
Resend	United States	Transactional and update emails	link
Twilio	United States	SMS rate alerts (only if you opt in)	link
Upstash (Redis)	United States and EU regions	Primary database	link
Vercel	United States	Hosting, server logs, photo storage (Vercel Blob)	link
Mux	United States	Video hosting (creator reels)	link
PostHog	United States	Product analytics and session replay	link
Anthropic	United States	AI-assisted copy generation	link
Apify	Czech Republic	Reading public Instagram profiles for the “instant preview”	link
ManyChat (only if a creator connects it)	United States	Instagram DM automation chosen by the creator	link

We will update this table when processors change. Material changes are emailed to account holders before they take effect.

International data transfers

Most of our processors are in the United States. For EU/UK/EEA/Swiss residents, we rely on the European Commission's Standard Contractual Clauses and, where the processor is certified, the EU-US Data Privacy Framework. UK transfers use the ICO's International Data Transfer Addendum. Brazilian transfers use the ANPD's Standard Contractual Clauses (mandatory since August 2025).

How long we keep things

The retention column in the table above is the operative answer. A few additional notes:

Active accounts: we keep your account data while your account is active. After you delete your account or after long inactivity, we erase or anonymize within 30 days, except where the law requires us to keep specific records (see “legal holds” below).
Booking and payout records: we keep booking and payout records for 7 years for US tax compliance (IRS recordkeeping; Stripe 1099-K reporting). After 90 days, we anonymize the personally-identifiable fields on those records — keeping the financial trail without keeping the name/email.
Server logs: Vercel runtime logs default to 24 hours of standard logs and up to 31 days of error logs.

Your rights

You have the right to access, correct, port, restrict, object to, or delete your personal data, and to withdraw any consent you gave us. EU/UK/EEA/Swiss residents also have a right to lodge a complaint with their supervisory authority. Quebec residents have a right to data portability and to know whether automated decisions were made. Brazilian residents have additional rights under the LGPD including the right to anonymize.

The simplest way to exercise these rights is to use /data-deletion or email privacy@staysette.com. We do not charge for first requests. We respond within 15 days, extendable for complex requests as the law allows.

If you give us a deletion request, here is what actually happens:

We delete your account, your saver records, your applications, your “email-me-later” captures, your hotel-recommendation requests, and your post-stay reviews from our database.
We instruct PostHog to delete your analytics person profile, suppress your email at Resend, and (for creators) revoke the Stripe Connect link.
For booking and payout records, we anonymize the name/email fields but keep the financial trail required by tax law for 7 years. After that, those records are also deleted.
We confirm what was deleted and what was kept (and why) in writing.

California: Do Not Sell or Share My Personal Information

We do not sell personal information for money, and we do not share it for cross-context behavioral advertising. There is therefore nothing to opt out of. If you send a Global Privacy Control signal from your browser, we honor it automatically.

California residents have additional rights under the CCPA/CPRA, including the right to know what personal information we have about you, the right to correct, the right to delete, the right to limit use of sensitive personal information, and the right not to be retaliated against. We do not collect sensitive personal information and we do not retaliate.

To exercise any California right, email privacy@staysette.com. You may also designate an authorized agent.

Children

Staysette is for adults. It is not directed to children under 13, and we do not knowingly collect personal information from children under 13. EU/UK users must be 16 or older to use our services. We do not target advertising to anyone under 18.

If you believe a child has provided us personal information, email privacy@staysette.com and we will delete it within 15 days.

Earnings claims

Affiliate commissions depend on real bookings that complete checkout, result in an actual stay, and are not cancelled within the hotel's cancellation window. Past creator earnings are not predictions of yours. Many creators earn $0. Pending earnings shown in your dashboard are estimates, not guarantees, and are subject to clawback if a booking is later cancelled or refunded.

Security

We encrypt sensitive payout fields at rest with AES-256-GCM, sign session and attribution cookies with HMAC-SHA256, run HTTPS everywhere, and limit staff access by role. We use signed, short-lived tokens for any auth-free link. No system is perfectly secure. We will notify affected users and the relevant authority within the timeframes required by their jurisdiction (GDPR: 72 hours to authority; LGPD: 3 working days; US states: per applicable breach-notification statute).

Holds on deletion

Even after a deletion request, the law sometimes requires us to keep specific records. We keep:

Booking and payout receipts for 7 years (IRS / Stripe 1099-K).
Records used to substantiate any earnings claim we made for at least 3 years after we last made the claim (FTC).
Records needed to defend a legal claim, until the claim is resolved or the limitations period elapses.

When a hold expires, we delete the record on the next purge cycle. Anything that is not on the list above is erased within 15 days of your request.

Changes to this policy

We may update this policy as we add features or as the law changes. The version and last-updated date at the top reflect the current text. For material changes, we will email account holders at least 14 days before the new policy takes effect.

Contact

Questions about this policy or any of your rights: email privacy@staysette.com.

For convenience, this policy is also available at /data-deletion where you can submit a deletion request directly.

← Back to home