1. Introduction
Welcome to Flexxistay ("we", "our", "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, book rooms, interact with customer support, or access related services across Mumbai, Navi Mumbai & Thane.
2. Information We Collect
2.1 Directly Provided Data
- Identity: Full name, gender (if provided), government ID details for lawful check‑in.
- Contact: Email, phone number, emergency contact (optional).
- Booking Details: Duration, check‑in/check‑out dates, number of guests, special requests.
- Payment Info: Method (UPI, card, cash). We never store full card numbers—payment gateway handles secure processing.
2.2 Automatically Collected Data
- Device & Usage: IP address, browser type, pages visited, approximate geo location for fraud & localization.
- Cookies & Session Tokens: For authentication, preferences, and analytics (see Section 7).
2.3 Optional & Derived Data
- Reviews & Feedback you leave on a stay.
- Preference profiles (e.g., preferred duration, amenities) constructed to enhance experience.
3. How We Use Your Information
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Process bookings & reservations | Identity, contact, booking details | Contract performance |
| Customer support & dispute resolution | Contact, booking metadata | Legitimate interest |
| Fraud prevention & security | Device, IP, usage patterns | Legitimate interest / legal obligation |
| Personalization & recommendations | Preferences, prior bookings | Consent / legitimate interest |
| Legal compliance (GST, KYC) | Government ID, GSTIN (if provided) | Legal obligation |
| Marketing updates (opt‑in) | Email / phone | Consent |
4. Sharing & Disclosure
We do NOT sell your personal data. Limited sharing occurs only when necessary:
- Payment Gateways: Process secure transactions (masked details only).
- SMS/Email Providers: Send booking confirmations and alerts.
- Legal Authorities: Upon valid request or mandate.
- Security & Anti‑Fraud Services: To maintain platform integrity.
5. Data Security
We implement layered security: encrypted transport (HTTPS), access‑controlled admin panels, audit logs, least‑privilege database roles, and periodic backups with controlled retention.
No method is 100% infallible; in case of a breach, we will notify affected users as required by applicable law.
6. Data Retention
- Booking records: Retained for statutory accounting & audit (typically 5–7 years).
- KYC / ID proofs: Retained only as mandated, then securely purged.
- Analytics logs: Aggregated & anonymized after short-term operational window.
- Support conversations: Retained for quality and dispute resolution for up to 24 months.
7. Cookies & Tracking
We use essential cookies for login sessions and booking flows. Non‑essential analytics cookies may be used to improve performance. You can clear or block cookies via your browser settings; some site features may degrade.
8. Your Rights
- Access: Request a copy of personal data we hold.
- Correction: Update inaccurate information.
- Deletion: Request erasure where legally permissible.
- Restriction & Objection: Limit certain processing activities.
- Opt‑out: Unsubscribe from marketing communications instantly.
To exercise rights, email privacy@flexxistay.com or call our support line.
9. International & Local Compliance
Our operations currently focus in India. We align with emerging Indian data protection principles (DPDP Act) and general global best practices (purpose limitation, minimization, transparency).
10. Policy Updates
We may revise this policy periodically. The "Last Updated" date reflects the latest revision. Continued use after changes signifies acceptance.
11. Contact & Queries
For privacy concerns, rights requests or security notifications, reach us at:
- Email: privacy@flexxistay.com
- Support: +91 7208828727