STRProof
Try Free

Privacy Policy

Last updated: 2026-05-17

1. Overview

STRProof ("we", "us", "our") operates the STRProof web application ("Service"). This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our Service.

We are committed to protecting your privacy and complying with applicable data protection laws worldwide, including but not limited to:

  • GDPR (European Union / European Economic Area)
  • UK GDPR (United Kingdom)
  • CCPA / CPRA (California, United States)
  • PIPEDA (Canada)
  • LGPD (Brazil)
  • POPIA (South Africa)
  • Privacy Act 1988 (Australia)
  • PDPA (Singapore, Thailand)
  • PIPL (China)
  • DPDPA (India)
  • And other applicable privacy laws in your jurisdiction

If your jurisdiction has privacy laws that provide you with greater rights than described here, those rights are preserved.

1.1 Scope

This policy applies to:

  • Registered users: Hosts, co-hosts, and cleaners with STRProof accounts
  • Guests: Individuals who interact with the Service through shared links (no account required)
  • Visitors: Individuals who visit our public website

1.2 Controller

The data controller responsible for your personal data is:

STRProof Email: privacy@strproof.com

3. How We Use Your Data

3.1 Purposes

We use your personal data for the following purposes:

| Purpose | Data Used | Legal Basis | |---|---|---| | Providing the Service | Account, property, stay, photo data | Contract performance | | Generating reports | Property, stay, photo, guest data | Contract performance | | Billing and payments | Payment data, subscription status | Contract performance | | Account security | Authentication data, IP address, audit logs | Legitimate interest | | Communication | Email, notification preferences | Contract performance or consent | | Service improvement | Usage data, aggregate analytics | Legitimate interest | | Legal compliance | All relevant data | Legal obligation | | Fraud prevention | IP address, usage patterns, audit logs | Legitimate interest |

3.2 Automated Decision-Making

We do not use your personal data for automated decision-making that produces legal or similarly significant effects.

3.3 Profiling

We do not profile users or create user profiles for advertising or marketing purposes.

5. Data Sharing

5.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal data to third parties.

5.2 Service Providers

We share data with the following categories of service providers:

| Provider | Purpose | Data Shared | |---|---|---| | Stripe | Payment processing | Customer ID, email, subscription data (not card numbers) | | Hosting provider | Server infrastructure | All data stored on our servers | | Firebase | Push notifications | FCM token, notification content | | Email service | Transactional emails | Email address, email content |

5.3 When You Share Data

You, as a host, control who sees your data:

  • Co-hosts: See properties you grant them access to
  • Cleaners: See turnovers you assign to them
  • Guests: See property condition photos you share through approval/checkout links

You are responsible for ensuring you have lawful grounds to share guest information with us and with other users through the Service.

5.4 Legal Requirements

We may disclose your data if required by law, court order, or government regulation. We will notify you of such disclosure unless prohibited by law.

5.5 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity. We will notify you of any such transfer and your choices regarding your data.

7. Your Rights

7.1 Universal Rights (All Users)

Regardless of your location, you have the right to:

| Right | Description | How to Exercise | |---|---|---| | Access | Request a copy of your personal data | /gdpr/data-request | | Rectification | Correct inaccurate personal data | Account settings or privacy@strproof.com | | Erasure | Request deletion of your personal data | /gdpr/data-request | | Portability | Receive your data in machine-readable format (JSON) | /gdpr/data-request | | Object | Object to processing based on legitimate interest | privacy@strproof.com | | Withdraw consent | Withdraw consent for consent-based processing (cookies, marketing) | Account settings or privacy@strproof.com |

7.2 Additional Rights by Region

European Economic Area / United Kingdom (GDPR / UK GDPR):

  • Right to restrict processing
  • Right not to be subject to automated decision-making
  • Right to lodge a complaint with your supervisory authority
  • Right to an effective judicial remedy

California, United States (CCPA / CPRA):

  • Right to know what personal information is collected
  • Right to request deletion
  • Right to opt out of sale (we do not sell data)
  • Right to non-discrimination for exercising rights
  • Right to limit use of sensitive personal information

Canada (PIPEDA):

  • Right to access and correct personal information
  • Right to withdraw consent
  • Right to complain to the Office of the Privacy Commissioner

Brazil (LGPD):

  • Right to anonymize or block unnecessary data
  • Right to information about sharing with public entities
  • Right to revoke consent at any time

South Africa (POPIA):

  • Right to request correction or deletion
  • Right to object to processing
  • Right to complain to the Information Regulator

Australia (Privacy Act 1988):

  • Right to access personal information
  • Right to correct inaccurate information
  • Right to complain to the Office of the Australian Information Commissioner

India (DPDPA):

  • Right to access and correct personal data
  • Right to erasure
  • Right to nominate another individual to exercise rights in the event of death or incapacity

If your jurisdiction is not listed: You still have the universal rights in Section 7.1. Contact privacy@strproof.com for assistance.

7.3 Response Time

We will respond to all data subject requests within 30 days. We may extend this period by up to 60 additional days for complex requests, and we will notify you of the extension.

7.4 Verification

To protect your data, we will verify your identity before processing requests involving personal data access or deletion.

9. International Transfers

Your data may be transferred to and processed in the United States, which may have different data protection laws than your country of residence. We ensure appropriate safeguards:

  • Standard Contractual Clauses approved by the European Commission (for EU/UK transfers)
  • Encryption of all data in transit (TLS 1.2+) and at rest (AES-256)
  • Strict access controls and audit logging
  • Data processing agreements with all sub-processors
  • Regular security assessments

We monitor global data transfer regulations and will implement additional transfer mechanisms as required by evolving laws (e.g., EU-US Data Privacy Framework, UK extension).

11. Contact

Data Protection Inquiries

Email: privacy@strproof.com

Data Subject Requests

Online: /gdpr/data-request Email: privacy@strproof.com

Supervisory Authority

If you are in the EEA, you have the right to lodge a complaint with your local data protection supervisory authority if you believe our processing of your data violates the GDPR.