Who we are

StayingBee is a community-driven platform connecting travelers with hosts who share common interests, values, and a community tie. Designed to create meaningful and safe travel experiences, StayingBee offers an affordable alternative to traditional accommodations by fostering connections within trusted communities.

Data Controller Information: StayingBee operates as the data controller for personal information collected through our platform. We are committed to protecting your privacy and complying with applicable data protection laws including the General Data Protection Regulation (GDPR) and other relevant privacy legislation.

Our website address is https://stayingbee.com/

Legal Basis for Processing: We process personal data based on the following legal grounds:

• Contractual necessity: To provide our platform services, process bookings, and facilitate host-guest communications
• Legitimate interests: To improve our services, ensure platform safety, prevent fraud, maintain community standards, and conduct anonymous analytics for platform optimization
• Consent: For marketing communications, optional features, and certain data sharing activities
• Legal obligations: To comply with tax reporting, dispute resolution, and regulatory requirements

Data Collection and Sources: We collect personal information from various sources including:

• Information you provide directly when creating accounts, making bookings, or communicating through our platform
• Automatically collected data through your use of our website and mobile applications
• Information from third-party services such as payment processors, identity verification providers, and social media platforms (when you choose to connect them)
• Data from other users such as reviews, references, and communications about shared experiences

Types of Personal Data We Collect

Host Data:

• Personal identification: Name, email address, phone number, profile photo, date of birth, government-issued ID for verification
• Property information: Address, photos, amenities, house rules, availability calendar
• Financial details: Payment account information, tax identification numbers (where required), transaction history
• Communication data: Messages with guests, reviews, platform notifications preferences, email engagement metrics (opens, clicks)
• Performance metrics: Response rates, cancellation rates, guest ratings and feedback

Guest Data:

• Personal identification: Name, email address, phone number, profile photo, date of birth, emergency contact information (if you join BeeCommunity, this also includes a government-issued ID collected through BeeVerification—see below)
• Booking information: Travel dates, guest count, special requests, booking history
• Payment data: Payment method details, billing address, transaction records
• Communication data: Messages with hosts, reviews, support interactions, email engagement metrics (opens, clicks)
• Travel preferences: Destination interests, accommodation preferences, accessibility needs

General Platform Data:

• Technical information: IP address, device information, browser type, operating system, app version
• Usage analytics: Page views, feature usage, search queries, booking patterns, email engagement metrics
• Location data: GPS coordinates (when permitted), city/country information for search and recommendations
• Localization and default country detection: We use your IP address and general location data to suggest default country codes (for example, in forms and phone number inputs) to improve user experience and convenience. This process does not determine your precise location and is used solely for localization and platform functionality, not for marketing or profiling.
• Verification data: Identity documents, background check results (where applicable), phone/email verification status

BeeCommunity membership (BeeVerification):

Everyone who joins BeeCommunity completes BeeVerification. As part of that process, we collect a government-issued ID from you (for example passport, national ID, or driver's license) together with a selfie and other details you provide, so we can confirm you are a real person and that your information matches.

Reviews

When users leave reviews on the site we collect the data shown in the review form, and also the user's IP address and browser user agent string to help spam detection. After approval of your comment, your profile picture is visible to the community in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Photo and Media Guidelines: When uploading property photos or profile images, we recommend:

• Removing personal information from images before uploading
• Avoiding photos that include identifiable personal documents or sensitive information
• Understanding that uploaded images may be visible to other platform users
• Ensuring you have rights to use any uploaded images

We automatically compress and optimize uploaded images for platform performance while maintaining reasonable quality.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select "Remember Me", your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Cookie Categories and Purposes:

Essential Cookies:

• Authentication and session management
• Security and fraud prevention
• Platform functionality and user preferences
• Payment processing and booking completion

Third-Party Cookies:

• Payment processor cookies (for transaction security)
• Social media plugins (when you interact with them)

Analytics and Session Tracking

StayingBee uses a privacy-first analytics system designed to comply with GDPR and other privacy regulations. Our analytics tracking operates in two phases: anonymous tracking (before consent) and personalized tracking (after consent). We use PostHog, a privacy-focused analytics platform hosted in Europe, to process both anonymous and consented user analytics data in compliance with European data protection standards.

Anonymous Analytics (Pre-Consent) - Legal Basis: Legitimate Interests:

Before you provide consent, we collect anonymous usage data from everyone who visits our platform based on our legitimate interests in understanding how our services are used, identifying technical issues, and improving platform functionality. This data is collected with anonymous session IDs and does not contain any personal information that can identify individual users.

Legitimate Interests Assessment for Anonymous Analytics:

• Purpose: Platform improvement, technical optimization, bug identification, and user experience enhancement
• Necessity: Essential for maintaining platform stability, identifying performance issues, and understanding user needs
• Impact on Users: Minimal - no personal data collected, no cross-session tracking, no marketing use
• User Control: Users can opt-out through browser settings or contact us to disable anonymous tracking
• Data Protection: Anonymous data is never used for marketing purposes, never shared with third parties for advertising, and never linked to user identities without explicit consent

Anonymous Data Collected from Everyone:

• Session IDs: Temporary anonymous identifiers stored locally until 30 minutes of inactivity to group related page views and interactions
• Page Views: Every page visited on our platform, including URLs and page titles
• Button Clicks: All interactive elements clicked, including navigation buttons, form submissions, and feature interactions
• Navigation Patterns: How users move between pages, including back/forward navigation and internal links
• Error Events: Technical errors, failed requests, and performance issues encountered
• Performance Metrics: Page load times, response times, and technical performance data
• Search Queries: All search terms entered, search filters applied, and search result interactions
• Email Engagement Metrics: Open rates, click-through rates, and engagement metrics for emails sent to you
• Input Data: Form submissions, text inputs, and other user-generated content (without personal identifiers)
• Technical Data: Browser type, screen resolution, timezone, language settings, device information, and operating system
• Feature Usage: Which platform features are accessed, how they're used, and interaction patterns

All anonymous data is sent to our servers without any personal information. Session IDs expire after 30 minutes of inactivity and are automatically cleared from your browser.

Personalized Analytics (Post-Consent):

After you provide consent for feature analytics, we link your anonymous session data to your user account to provide personalized insights and improve your experience. This linking is done securely and only with your explicit consent.

Personalized Data Collected (When Consent Given):

• All Anonymous Data Linked to Identity: Pageviews, button clicks, navigation, errors, performance, searches, and other inputted data become linked to your user account
• User-specific analytics: Your individual usage patterns, preferences, and behavior across sessions
• Personalized insights: Recommendations based on your activity and travel preferences
• Account-linked data: Analytics tied to your user profile for service improvement and personalization
• Search and booking patterns: Your travel preferences, search history, and booking behavior
• Feature engagement: How you interact with specific platform features and tools
• Consent management: You can withdraw personalized analytics consent at any time through your account settings

Session Tracking Details:

Session tracking helps us understand user journeys and improve platform functionality. Session IDs are:

• Non-personal: They do not contain any personal information
• Temporary: Automatically expire after 30 minutes of inactivity
• Minimal: Used only for grouping related interactions
• Necessary: Essential for understanding platform usage and fixing technical issues

Data Retention for Analytics:

• Anonymous data: Retained for up to 2 years for platform improvement and technical analysis
• Personalized data: Retained as long as you use our platform and maintain your account, or until you withdraw consent or delete your account
• Session IDs: Automatically cleared after 30 minutes of inactivity from your browser
• Aggregated statistics: May be retained indefinitely in anonymized form for research and platform improvement

Marketing Analytics (When Marketing Consent Given):

When you provide consent for marketing and advertising, we use your interaction data for targeted advertising and campaign optimization. This includes activating third-party tracking pixels and sharing data with advertising platforms.

Marketing Data Processing:

• All User Interaction Data: Pageviews, clicks, searches, navigation patterns, and other interactions used for audience building and retargeting
• Meta (Facebook), TikTok, and Google Ads (gtag): Page views, searches, and conversion events sent to Meta (Facebook), TikTok, and Google Ads for ad targeting, audience building, and campaign optimization
• Google Analytics and Advertising: Interaction data shared with Google for campaign optimization and audience targeting
• Email Campaign Performance: Open rates, click-through rates, and engagement metrics for email marketing optimization (see Email Communications and Tracking section for details)
• Conversion Tracking: Booking completions and revenue attribution for marketing channel effectiveness
• Lookalike Audience Creation: We use data from users who have provided marketing consent to create lookalike audiences in Meta (Facebook) and other marketing platforms. This helps us reach potential new users who share similar characteristics and interests with our existing community members. Lookalike audiences are created using aggregated, anonymized behavioral patterns and demographic information.

PostHog Analytics Processing:

We use PostHog, a privacy-focused analytics platform with servers located in Europe, to process both anonymous and consented user analytics. PostHog enables us to understand platform usage while maintaining compliance with European data protection regulations.

• European Data Processing: All analytics data is processed on PostHog's European servers, ensuring compliance with GDPR and European data protection standards
• Anonymous Analytics: PostHog processes anonymous usage data for all users based on legitimate interests, without linking data to personal identities
• Consented Analytics: When you provide analytics consent, PostHog processes personalized usage data linked to your account for improved user experience and platform optimization
• Data Security: PostHog implements enterprise-grade security measures and privacy-by-design principles to protect your data
• Data Retention: Analytics data processed by PostHog follows our standard retention policies outlined in this privacy policy

Important: Our analytics system is designed to respect your privacy while providing valuable insights for platform improvement. Anonymous data is never used for marketing purposes, never shared with third parties for advertising, and never linked to user identities without explicit consent. We do not sell your personal data to third parties, but marketing consent allows us to share interaction data with advertising platforms for targeted campaigns. For detailed information about email tracking, please see our Email Communications and Tracking section below.

Email Communications and Tracking

StayingBee sends various types of emails to users including booking confirmations, platform updates, marketing communications, and service notifications. To ensure proper email delivery and understand how our users engage with our communications, we implement email tracking technologies.

Important: By default, all email tracking metrics (opens and clicks) are collected in an anonymized manner across all users. This means we collect aggregate data about email performance without identifying individual users. Only when you have explicitly given consent for personalized tracking will these metrics be linked to your specific user account for enhanced personalization and user experience improvements.

Email Tracking Information:

• Email Open Tracking: We track when emails are opened to monitor delivery success rates, identify delivery issues, and understand user engagement with our communications. This helps us ensure important notifications reach you successfully.
• Link and Button Click Tracking: We monitor clicks on links and buttons within our emails to understand which content is most useful to our users, improve email design, and measure the effectiveness of our communications.
• Email Client and Device Information: We collect basic technical information about the email client and device used to open emails to optimize email formatting and ensure compatibility across different platforms.

Purpose of Email Tracking:

• Delivery Verification: Ensuring critical notifications (booking confirmations, payment receipts, security alerts) are successfully delivered and received
• Product Usage Analytics: Understanding how users interact with our platform through email touchpoints to improve user experience and platform functionality
• Communication Optimization: Improving email content, timing, and frequency based on user engagement patterns
• Technical Troubleshooting: Identifying and resolving email delivery issues, spam filtering problems, and technical barriers to communication

Legal Basis for Email Tracking:

• Legitimate Interests: For transactional emails, delivery verification, and platform functionality improvements
• Consent: For marketing email tracking when you have opted in to receive marketing communications
• Contractual Necessity: For service-related communications essential to your use of the StayingBee platform

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

Data Sharing and Third-Party Services

Host-Guest Information Sharing:

• Hosts receive guest names, contact information, booking details, and special requests necessary for hosting
• Guests receive host names, contact information, property addresses, and check-in instructions
• Both parties can see reviews and ratings from previous interactions
• Communication history is shared between booking parties
• Group Stay Information Sharing: When guests book group stays, other users who share a community can see their name, picture and other public profile information on the booking
• Group Chat Feature: When a group stay is confirmed, all guests will be added to a common group chat for easier communication

Payments and Payouts via Stripe:

We use Stripe to securely process all payments on the StayingBee platform. For host payouts, we use Stripe Connect, which requires hosts to create a Stripe Connect account through our platform. This allows us to manage payouts efficiently and ensures compliance with financial regulations. By setting up a payout account, hosts agree to Stripe's Connected Account Agreement and acknowledge that their personal and financial information will be shared with Stripe solely for payment processing and compliance purposes. StayingBee does not store sensitive payment details on our servers.

Payment data is shared between our global subsidiaries to provide a seamless checkout experience.

Service Providers:

• Cloud hosting and data storage providers
• Email and communication service providers
• Identity verification and background check services
• Customer support and help desk platforms
• Analytics and performance monitoring tools
• PostHog (Analytics): We use PostHog, hosted in Europe, to process both anonymous and consented user analytics. PostHog helps us understand platform usage, improve user experience, and track feature performance while maintaining data privacy and GDPR compliance.

Legal and Safety Disclosures:

• We may disclose information to law enforcement when required by law
• Information may be shared to protect platform safety and prevent fraud
• Data may be disclosed in response to valid legal requests or court orders
• We may share information to protect our rights, property, or safety of our users

International Data Transfers:

• Your data may be processed in countries outside your residence
• We ensure appropriate safeguards are in place for international transfers
• Data transfers comply with applicable privacy laws and regulations

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

Data Retention Periods:

Active Account Data:

• Profile information: Retained while your account is active plus 2 years after deactivation
• Booking and transaction history: Retained for 7 years for financial and legal compliance
• Communication records: Retained for 3 years after last interaction for dispute resolution
• Reviews and ratings: Retained indefinitely to maintain platform integrity (anonymized after account deletion)

Inactive Account Data:

• Accounts inactive for 3 years will receive deletion warnings
• Data will be automatically deleted after 4 years of inactivity unless legal obligations require retention
• You can request immediate deletion at any time (subject to legal requirements)

Financial and Legal Data:

• Tax-related information: Retained for 7 years as required by law
• Dispute and complaint records: Retained for 6 years after resolution
• Safety and security incidents: Retained for 5 years or as required by law

BeeCommunity verification (BeeVerification) images:

• Selfie and ID photos: We delete your verification selfie and the images of your ID document as soon as they are no longer needed to complete and operate your identity verification, and in any case no later than 30 days after you submit your BeeVerification request, unless a longer period is required by law.

Technical and Analytics Data:

• Cookie data: Automatically expires according to cookie settings (1 day to 2 years)
• Server logs and analytics: Retained for 2 years for security and performance analysis
• Anonymized usage statistics: May be retained indefinitely for research and platform improvement

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Your Privacy Rights Under GDPR and Other Privacy Laws:

Right of Access:

• Request a copy of all personal data we hold about you
• Receive information about how your data is processed
• Get details about data sharing and retention periods
• Request frequency: Once per 12 months free of charge

Right to Rectification:

• Correct inaccurate or incomplete personal information
• Update your profile information through account settings
• Request correction of data you cannot directly edit
• We will notify relevant third parties of corrections when required

Right to Erasure ("Right to be Forgotten"):

• Request deletion of your personal data when no longer necessary
• Withdraw consent for data processing (where consent is the legal basis)
• Object to data processing for legitimate interests
• Exception: We may retain data for legal compliance, dispute resolution, or safety purposes

Right to Data Portability:

• Receive your data in a structured, machine-readable format
• Transfer your data to another service provider
• Applies to data processed based on consent or contractual necessity

Right to Object:

• Object to processing for direct marketing purposes (will be stopped immediately)
• Object to processing based on legitimate interests
• Object to automated decision-making and profiling

Right to Restrict Processing:

• Limit how we use your data while investigating disputes
• Restrict processing when you object to legitimate interest processing
• Maintain data accuracy during rectification processes

Exercising Your Rights:

• Submit requests via email to hello@stayingbee.com
• Include your full name, email address, and specific request details
• Provide identification verification for security purposes
• We will respond within 30 days (may be extended to 60 days for complex requests)
• No fee for reasonable requests (excessive requests may incur charges)

Data Security and Protection

Security Measures:

• Encryption of data in transit and at rest
• Regular security audits and vulnerability assessments
• Access controls and authentication requirements for staff
• Secure data centers with physical access protections
• Regular security training for employees with data access

Breach Notification:

• We will notify authorities of serious data breaches within 72 hours
• Affected users will be informed promptly when required by law
• Breach notifications will include nature of incident, data involved, and protective measures taken

Data Minimization:

• We collect only data necessary for specified purposes
• Regular review and deletion of unnecessary data
• Privacy-by-design principles in new feature development

Contact Information for Privacy Matters

Data Protection Officer:

Email: gdpr@stayingbee.com
Primary contact for all data-related inquiries and rights requests

General Privacy Questions:

Email: privacy@stayingbee.com
Phone: +358452516880
Response time: Within 5 business days for general inquiries

Supervisory Authority:

• You have the right to lodge complaints with your local data protection authority
• For EU residents: Contact your national Data Protection Authority
• Finland residents may contact: Tietosuojavaltuutettu (Office of the Data Protection Ombudsman)

Updates to This Privacy Policy

• We may update this policy to reflect changes in our practices or applicable laws
• Material changes will be communicated via email and platform notifications at least 30 days before implementation
• Continued use of StayingBee after policy updates constitutes acceptance of changes
• Previous policy versions are available upon request

If you will like to report any issues, provide us with feedback or suggestions regarding this privacy policy, use the details below to contact us:

privacy@stayingbee.com
+358452516880