Privacy Policy

At StaySpec, we take your privacy seriously. This policy explains what data we collect, how we use it, and your rights regarding your information.

1. Information We Collect

Account Information

• Email address (required for account creation)
• Display name (optional, for community identification)
• Profile picture (optional)
• Password (stored as a secure hash, never in plain text)

Review Content

• Hotel reviews you submit, including ratings and written notes
• Stay information (dates, room types) you choose to share
• Photos you upload to accompany reviews

Usage Data

• Pages visited and features used
• Search queries and filter selections
• Device type and browser information
• IP address and approximate location (country/region level)

2. How We Use Your Information

To Provide Our Service

• Display your reviews to other users
• Calculate hotel aggregate scores from community reviews
• Enable features like stay tracking and badge earning
• Send transactional emails (password reset, email verification)

To Improve StaySpec

• Analyze usage patterns to improve user experience
• Identify and fix bugs or performance issues
• Develop new features based on user behavior

What We Don't Do

• We never sell your personal data to third parties
• We don't share your email address with hotels or brands
• We don't use your data for targeted advertising

3. Data Sharing

We only share your data in limited circumstances:

• Public reviews: Your reviews (including display name) are visible to all users
• Service providers: We use trusted vendors for email delivery and analytics
• Legal requirements: If required by law or to protect our users' safety

4. Cookies & Tracking

We use minimal cookies, only what's necessary for the site to function:

• Authentication cookies: Keep you logged in securely (HttpOnly, Secure)
• Theme preference: Remember your light/dark mode choice
• Analytics: Microsoft Application Insights for performance monitoring

We don't use advertising cookies or cross-site tracking.

5. Your Rights

You have control over your data:

• Access: Request a copy of all data we have about you
• Correction: Update your profile information at any time
• Deletion: Request deletion of your account and associated data
• Export: Download your reviews and stay history

To exercise these rights, email us at privacy@stayspec.com

6. Data Security

We implement industry-standard security measures:

• All data transmitted over HTTPS encryption
• Passwords hashed using bcrypt with strong salt rounds
• Database access restricted and encrypted at rest
• Regular security audits and updates

7. Data Retention

We retain your data as follows:

• Account data: Until you request deletion
• Reviews: Retained even after account deletion (anonymized)
• Analytics: Aggregated data retained indefinitely; identifiable data for 90 days
• Deleted accounts: Purged from backups within 30 days

8. International Users

StaySpec is operated from the United States. If you're accessing our service from outside the US, please be aware that your data will be transferred to and processed in the US, where data protection laws may differ from your country.

For EU/UK users: We comply with GDPR requirements. You have additional rights including the right to lodge a complaint with your local data protection authority.

9. Children's Privacy

StaySpec is not intended for users under 18 years of age. We do not knowingly collect data from children. If you believe a child has provided us with personal information, please contact us immediately.

10. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes by email or through a notice on our website. Continued use of StaySpec after changes constitutes acceptance of the updated policy.