Privacy Policy

Last Updated: February 28, 2026

1. Information We Collect

Account Information:

• Name and email address
• Password (encrypted and never stored in plain text)
• Payment information (processed securely through our payment processor)
• Company/hotel name and business contact information

Property Data:

• Hotel property details (name, location, room count, amenities)
• Pricing data and revenue management settings
• Channel manager and OTA connection credentials
• Operational preferences and configuration settings

Guest Data:

• Guest names and contact information (as provided by you or OTA channels)
• Booking details (check-in/check-out dates, room types, rates)
• Guest communication history and preferences
• Special requests and notes

Usage Data:

• Log data (IP address, browser type, pages visited, timestamps)
• Device information (operating system, device identifiers)
• Performance data (response times, errors, system health)
• Feature usage and interaction patterns

AI-Generated Data:

• Pricing recommendations and decisions
• Guest communications generated by our AI
• Market analysis and competitive intelligence reports
• Operational insights and recommendations

2. How We Use Your Information

We use your information to:

• Provide Our Services: Operate the NightShift platform, manage your hotel operations, automate pricing, sync channels, communicate with guests, and generate insights
• Process Payments: Charge subscription fees, process transactions, and manage billing
• Improve Our Services: Analyze usage patterns, identify bugs, enhance features, and train our AI models
• Customer Support: Respond to your inquiries, troubleshoot issues, and provide technical assistance
• Security: Detect and prevent fraud, unauthorized access, and security threats
• Legal Compliance: Comply with applicable laws, regulations, and legal processes
• Communications: Send service updates, security alerts, billing notices, and (with your consent) marketing communications

3. How We Share Your Information

We do not sell your personal information. We share your data only in these circumstances:

Service Providers:

• Payment processors (Stripe) for billing and payments
• Cloud hosting providers (Render, Neon) for infrastructure
• Email service providers for transactional emails
• Analytics providers for service improvement

All third-party service providers are contractually obligated to protect your data and use it only for the purposes we specify.

Channel Partners:

• OTAs (Booking.com, Expedia, etc.) for inventory synchronization and guest bookings
• Channel managers and PMS systems as needed to provide our services

Legal Requirements:

• When required by law, subpoena, court order, or legal process
• To protect our rights, property, or safety, or that of our users or the public
• In connection with fraud prevention and security investigations

Business Transfers:

• In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity

Aggregated & Anonymized Data:

• We may share aggregated, anonymized data that cannot identify you or your property for industry research, market analysis, and AI model training

4. Data Retention

We retain your information for as long as necessary to:

• Provide our services to you
• Comply with legal obligations (e.g., tax records, financial reporting)
• Resolve disputes and enforce our agreements
• Improve our services and train AI models

Specific retention periods:

• Account data: Retained while your account is active, plus 30 days after cancellation
• Guest data: Retained for 3 years after the guest's last stay (or as required by local laws)
• Financial records: Retained for 7 years to comply with tax and accounting regulations
• Aggregated analytics: Retained indefinitely in anonymized form

You can request deletion of your data at any time (subject to legal retention requirements).

5. Your Privacy Rights

All Users:

• Access: Request a copy of the personal data we hold about you
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your personal data (subject to legal exceptions)
• Portability: Receive your data in a machine-readable format
• Opt-Out: Unsubscribe from marketing communications (service-related emails still apply)

GDPR Rights (EU/EEA Users):

• Right to restrict processing of your data
• Right to object to processing (including for direct marketing)
• Right to withdraw consent at any time
• Right to lodge a complaint with your data protection authority
• Right to know the legal basis for processing your data

CCPA Rights (California Users):

• Right to know what personal information is collected, used, and shared
• Right to delete personal information (subject to exceptions)
• Right to opt-out of sale of personal information (we do not sell your data)
• Right to non-discrimination for exercising your privacy rights

To exercise your rights: Email nightshift-15@polsia.app with your request. We will respond within 30 days (or as required by applicable law).

6. Data Security

We implement industry-standard security measures to protect your data:

• Encryption: Data encrypted in transit (TLS/SSL) and at rest
• Access Controls: Role-based access and least-privilege principles
• Authentication: Secure password hashing (bcrypt) and session management
• Monitoring: Continuous security monitoring and incident detection
• Regular Audits: Security reviews and vulnerability assessments
• Staff Training: Employee security awareness and data handling procedures

However, no system is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

7. International Data Transfers

NightShift is based in the United States. If you access our service from outside the US, your data will be transferred to and processed in the United States.

For EU/EEA users, we rely on:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequate safeguards to protect your data as required by GDPR

8. Cookies & Tracking Technologies

We use cookies and similar technologies to:

• Essential Cookies: Enable core functionality (authentication, sessions, security)
• Analytics Cookies: Understand how you use our service to improve performance
• Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. Blocking essential cookies may affect service functionality.

9. Children's Privacy

NightShift is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately.

10. Third-Party Links

Our service may contain links to third-party websites, OTAs, and services. We are not responsible for the privacy practices of these third parties. Please review their privacy policies before providing any information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on this page
• Updating the "Last Updated" date
• Sending an email notification (for significant changes)

Your continued use of NightShift after changes take effect constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us:

• Email: nightshift-15@polsia.app
• Subject Line: "Privacy Inquiry"
• Response Time: We aim to respond within 48 hours

Data Protection Officer (GDPR Inquiries): For EU/EEA users, you can reach our Data Protection Officer at the email above with the subject line "GDPR Request."