Your privacy is important to us. This Privacy Policy explains how Hostmatic collects, uses, discloses, and safeguards your information when you use our website and services.

1. Information We Collect

1.1 Personal Information

We collect information that you voluntarily provide to us when you register for an account, use our services, or contact us. This may include:

Identity Data: Name, username, and profile information
Contact Data: Email address, phone number, and mailing address
Account Data: Username, password, and account preferences
Business Data: Company name, property details, and business information
Payment Data: Billing address and payment method details (processed securely by our payment providers)
Communication Data: Messages, support requests, and feedback you send us

1.2 Automatically Collected Information

When you access or use our Service, we automatically collect certain information, including:

Log Data: IP address, browser type and version, operating system, referring URLs, pages visited, and timestamps
Device Data: Device type, unique device identifiers, and mobile network information
Usage Data: Features used, actions taken, and interaction patterns within the Service
Location Data: Approximate geographic location based on IP address

1.3 Analytics Data

When you or your visitors use our link tracking and analytics features, we collect:

Click data and link performance metrics
Referral source information
Campaign attribution data
Visitor browser and device information
Geographic location of clicks

2. How We Use Your Information

We use the information we collect for the following purposes:

Service Provision: To provide, maintain, and improve our services
Account Management: To create and manage your user account
Analytics: To provide you with marketing analytics and insights
Communication: To send service updates, support responses, and marketing communications (with your consent)
Security: To detect, prevent, and address fraud, abuse, and security issues
Legal Compliance: To comply with applicable laws and regulations
Product Improvement: To understand how users interact with our Service and improve the user experience
Customer Support: To respond to your inquiries and provide assistance

3. Legal Bases for Data Processing

We process your personal data under the following legal bases, in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws:

Contractual Necessity: Processing required to perform our contract with you, including providing our platform services, managing your account, and delivering features you have requested.
Consent: Where you have given explicit consent for specific processing activities, such as marketing communications, optional analytics, and connecting third-party services to your account.
Legitimate Interests: Processing necessary for our legitimate business interests, such as improving our services, ensuring platform security, preventing fraud, and conducting internal analytics — provided these interests do not override your fundamental rights.
Legal Obligation: Processing necessary to comply with applicable laws, regulations, court orders, or other legal requirements.

Where we rely on consent as the legal basis, you may withdraw your consent at any time by contacting us at [email protected] or adjusting your account settings. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.

4. Third-Party Authentication and Connected Services

4.1 Google Authentication

We use Google OAuth 2.0 as an authentication method to allow you to sign up for and log in to your Hostmatic account. When you choose to authenticate with Google, we receive the following information from your Google account:

Profile Information: Your name, email address, and profile picture
Account Identifier: A unique Google account identifier used to link your Google account to your Hostmatic account

We use this information solely for the purposes of creating and managing your Hostmatic account, verifying your identity, and providing a seamless login experience. We do not access your Google contacts, files, or any other Google services beyond authentication. Your Google credentials (password) are never shared with or stored by Hostmatic — authentication is handled securely by Google's OAuth infrastructure.

4.2 Meta (Facebook & Instagram) Integration

Our platform offers integration with Meta platforms (Facebook and Instagram) to help you monitor and analyze your social media marketing performance. When you connect your Meta account to Hostmatic, we may access the following data through the Meta Graph API:

Post Engagement Data: Metrics such as likes, comments, shares, reach, and impressions for your Facebook and Instagram posts
Ad Performance Data: Campaign metrics including ad spend, impressions, clicks, link clicks, conversions, and return on ad spend (ROAS) from your Meta Ads Manager
Instagram Insights: Follower demographics, profile visits, website clicks, and content performance metrics for your connected Instagram business or creator account
Page and Account Information: Basic information about your connected Facebook Pages and Instagram business accounts, including page name and category

This data is collected and processed based on your explicit consent when you authorize the Meta integration within your Hostmatic account. We use this data exclusively to provide you with analytics, reporting, and insights within the Hostmatic platform. We do not:

Post, publish, or modify any content on your behalf
Access your private messages or personal Facebook profile data
Share your Meta data with any third parties
Use your Meta data for our own advertising purposes

You may disconnect your Meta account from Hostmatic at any time through your account settings. Upon disconnection, we will cease collecting new data from Meta and will delete previously collected Meta data within 30 days, unless retention is required by law.

4.3 Google reCAPTCHA

We use Google reCAPTCHA v3 on certain forms across our website to protect against spam and abuse. reCAPTCHA collects hardware and software information, such as device and application data, and sends it to Google for analysis. The information collected is used to improve reCAPTCHA and for general security purposes. Your use of reCAPTCHA is subject to Google's Privacy Policy and Terms of Service.

5. Cookies and Tracking Technologies

5.1 Types of Cookies We Use

Essential Cookies: Required for basic site functionality and security
Analytics Cookies: Help us understand how visitors interact with our site
Preference Cookies: Remember your settings and preferences
Marketing Cookies: Used to track advertising effectiveness (only with consent)

5.2 Managing Cookies

You can control and manage cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our Service.

5.3 Do Not Track

We respect Do Not Track (DNT) browser signals. When we detect a DNT signal, we limit data collection to essential service functionality.

6. Data Sharing and Disclosure

We may share your information in the following circumstances:

6.1 Service Providers

We share data with third-party service providers who perform services on our behalf, such as:

Cloud hosting and infrastructure providers
Payment processors
Email service providers
Analytics providers
Customer support tools

6.2 Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

6.4 With Your Consent

We may share your information for any other purpose with your explicit consent.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law. Specifically:

Account Data: Retained while your account is active and for 30 days after deletion request
Analytics Data: Retained for up to 26 months
Log Data: Retained for up to 12 months
Communication Records: Retained for up to 3 years for legal compliance

8. Data Security

We implement appropriate technical and organizational security measures to protect your personal information, including:

Encryption of data in transit (TLS/SSL) and at rest
Regular security assessments and penetration testing
Access controls and authentication requirements
Employee training on data protection
Incident response procedures

8.1 Infrastructure Security

Hostmatic is hosted on Google Cloud Platform (Firebase), which maintains SOC 1, SOC 2, and SOC 3 compliance, ISO 27001, ISO 27017, and ISO 27018 certifications. Our infrastructure inherits these industry-leading security controls, including:

SOC 2 Type II and SOC 3 audited data centers with continuous monitoring
Data encrypted at rest using AES-256 and in transit using TLS 1.2+
Automatic DDoS protection and threat detection
Geographically distributed infrastructure with redundancy and failover
Regular third-party security audits and penetration testing by Google

For more details on Google Cloud's security and compliance certifications, visit cloud.google.com/security/compliance.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

9. Your Privacy Rights

9.1 General Rights

Depending on your location, you may have the following rights:

Access: Request a copy of your personal data
Correction: Request correction of inaccurate data
Deletion: Request deletion of your personal data
Portability: Request transfer of your data to another service
Objection: Object to certain processing activities
Restriction: Request restriction of processing
Withdraw Consent: Withdraw previously given consent

9.2 GDPR Rights (European Economic Area)

If you are located in the EEA, you have specific rights under the General Data Protection Regulation (GDPR), including:

The right to access your personal data
The right to rectification of inaccurate data
The right to erasure ("right to be forgotten")
The right to restrict processing
The right to data portability
The right to object to processing
Rights related to automated decision-making and profiling

We will respond to GDPR requests within one month. You also have the right to lodge a complaint with your local data protection authority.

9.3 CCPA Rights (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with:

The right to know what personal information we collect and how it is used
The right to delete your personal information
The right to opt-out of the sale of personal information (we do not sell personal information)
The right to non-discrimination for exercising your privacy rights

We will respond to CCPA requests within 45 days. You may submit requests up to twice per 12-month period.

9.4 Exercising Your Rights

To exercise any of these rights, please contact us at [email protected]. We may need to verify your identity before processing your request.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. When we transfer data internationally, we implement appropriate safeguards including:

Standard Contractual Clauses approved by relevant authorities
Adequacy decisions where applicable
Binding Corporate Rules where appropriate

11. Children's Privacy

Our Service is not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16 without parental consent, we will take steps to delete that information promptly.

If you believe we have collected information from a child under 16, please contact us immediately at [email protected].

12. Third-Party Links and Services

Our Service may contain links to third-party websites and services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

13. AI and Automated Processing

We may use artificial intelligence and machine learning technologies to:

Improve our analytics and reporting features
Detect fraud and security threats
Personalize your experience
Provide automated insights and recommendations

We do not use automated decision-making that produces legal or similarly significant effects without human oversight.

14. Marketing Communications

With your consent, we may send you marketing communications about our products and services. You can opt-out at any time by:

Clicking the "unsubscribe" link in any marketing email
Updating your email preferences in your account settings
Contacting us directly

Even if you opt-out of marketing communications, we may still send you transactional messages related to your account and our services.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by:

Posting the new Privacy Policy on this page
Updating the "Last updated" date
Sending an email notification for significant changes

We encourage you to review this Privacy Policy periodically for any changes. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: [email protected]
General Support: [email protected]

For GDPR-related inquiries, you may also contact our Data Protection Officer at [email protected].

Privacy Policy