Privacy Policy

1. Controller and Scope

This Privacy Policy explains how Checkinlink (Checkinlink, we, us, our) processes personal data when you use our website, dashboard, hosted property pages, and support channels.

Data controller contact:Contact form

This policy applies to:

• Hosts creating and managing Checkinlink content
• Guests viewing hosted property pages
• Anyone contacting us through our contact form or email

2. Data We Process

• Account data: name, email, login credentials and OAuth profile data from selected providers
• Billing data: customer/subscription identifiers and billing status from Stripe (card data is processed by Stripe, not stored by us)
• Property and guest-facing content entered by hosts, including addresses, check-in instructions, Wi-Fi details, emergency contacts, photos, and custom text
• Support data: contact form content, optional file attachments, and related email metadata
• Technical and usage data: IP address, browser/device data, pages viewed, events, and cookie/local storage identifiers

3. Purposes and Legal Bases

• Service delivery (accounts, hosting, editing, publishing): performance of contract
• Billing and fraud/risk management: performance of contract and legitimate interests
• Support and communications: performance of contract and legitimate interests
• Security, abuse prevention, troubleshooting, and internal logs: legitimate interests
• Compliance with legal obligations (tax, accounting, law enforcement): legal obligation
• Analytics and product improvement: legitimate interests and/or consent where required by applicable law

4. Data Sharing and Processors

• Supabase (hosting, authentication, database, file storage)
• Stripe (payments and subscription billing)
• Resend (support email delivery)
• Mixpanel (product analytics and event tracking)
• Google APIs (maps and nearby places features)
• Competent authorities, advisors, or counterparties when required by law or corporate transaction

We do not sell personal information for money. Some jurisdictions may classify certain analytics/ad measurement flows as sharing for cross-context behavioral advertising; we offer request channels described below.

5. Public Host Content

Host-configured property pages are intended for guest access. Content marked active by hosts may be publicly accessible by URL, including selected check-in details, Wi-Fi details, emergency contacts, and other configured sections.

6. Retention

We retain personal data only as long as needed for the purposes above:

• Account and property data: while account is active
• Deleted account records: typically removed or anonymized within 30 days, except required legal records
• Billing/accounting records: retained for mandatory legal periods
• Support communications: retained as needed for support history and legal defense

7. International Transfers

We and our processors may process data outside your country. Where required, we use legally recognized transfer safeguards (for example, contractual protections) and supplementary measures.

8. Your Rights

Depending on your location, you may have rights to access, correct, delete, restrict, object, and port your data, and to withdraw consent where consent is used.

Submit requests through our contact form. We may need to verify identity before completing requests.

Residents of jurisdictions with specific privacy laws (including EEA/UK and some US states) may have additional rights, including appeal rights and non-discrimination protections for exercising privacy rights.

9. Cookies and Analytics

We use cookies and similar technologies for authentication, session management, security, and analytics. Analytics may include event tracking via Mixpanel.

You can control cookies in browser settings. Where local law requires consent for non-essential cookies/trackers, users may have additional controls when available.

Current service behavior may apply analytics tracking by default in some regions.

10. Security

We use reasonable technical and organizational safeguards to protect personal data. No system can be guaranteed 100% secure.

11. Children

Our services are not directed to children under 13, and we do not knowingly collect personal data from them.

12. Changes to This Policy

We may update this policy. Material changes will be posted with an updated Last updated date.

13. Contact

Privacy requests and questions:

Contact form: /contact

General support: /contact

14. Regional Addendum (US State Privacy Laws)

For covered US states, we process identifiers, internet/activity data, commercial data, and user-submitted content for service operation, support, security, and analytics. To exercise access, deletion, correction, and opt-out rights, use our contact form.