Privacy Policy

Effective date: 21 March 2026

This Privacy Policy explains how Quite Nice Stuff ("Company", "we", "us", or "our"), a company registered in the United Kingdom, collects, uses, stores, and protects personal data in connection with HotelierDesk ("Service"). By using the Service you acknowledge that you have read and understood this Privacy Policy.

1. Who This Policy Applies To

This Privacy Policy applies to two categories of individuals:

Customers — hotel owners, operators, and authorised staff who sign up for and use HotelierDesk to manage their property.
Guests — individuals whose personal data is collected through the booking functionality provided by the Service on behalf of our Customers.

With respect to Guest data, we act as a data processor on behalf of our Customers, who are the data controllers. Customers are responsible for ensuring they have a lawful basis to collect and process their Guests' personal data and for providing their own privacy notice to Guests where required.

2. What Data We Collect

2.1 Customer Data

When you create an Account and use the Service, we may collect:

Name and business name
Email address
Password (stored in hashed form)
Billing and payment information (processed by Stripe or PayPal — we do not store full card details)
Property details and content you upload to the Service (text, images, pricing, room information)
Usage data such as login activity and feature usage

2.2 Guest Data

Through the booking functionality, the Service may collect Guest data on behalf of our Customers, including:

Name and contact details (email address, phone number)
Booking details (dates, room type, number of guests, add-ons)
Payment information (processed by Stripe or PayPal — we do not store full card details)
Any additional information the Guest provides during the booking process

2.3 Automatically Collected Data

When you access the Service, we may automatically collect technical data such as IP address, browser type, operating system, and pages visited. This data is collected through essential cookies and server logs.

3. How We Use Data

3.1 Customer Data

We use Customer data to:

Provide, maintain, and improve the Service
Process payments and manage Subscriptions
Send transactional communications (account confirmations, billing receipts, service notifications)
Send marketing communications about product updates, new features, and newsletters (you may opt out at any time — see Section 7)
Provide customer support
Comply with legal obligations

3.2 Guest Data

We process Guest data solely on behalf of our Customers for the purpose of operating the booking functionality of the Service. We do not use Guest data for our own marketing purposes.

4. Lawful Basis for Processing

Under UK GDPR, we rely on the following lawful bases for processing personal data:

Contract — processing necessary to perform our contract with you (providing the Service, managing your Subscription).
Legitimate interests — processing necessary for our legitimate business interests, such as improving the Service, preventing fraud, and ensuring security, where these interests are not overridden by your rights.
Consent — where you have given consent for us to send marketing communications. You may withdraw consent at any time.
Legal obligation — processing necessary to comply with applicable laws.

5. Cookies

The Service uses essential cookies only. These cookies are strictly necessary for the operation of the Service, including session management and authentication. We do not use marketing, analytics, or tracking cookies.

Customers may choose to install third-party WordPress plugins on their hosted site. Any cookies set by third-party plugins are outside our control and are the responsibility of the Customer.

6. Data Sharing and Third Parties

We do not sell personal data to third parties. We may share personal data with the following categories of third-party service providers, solely to the extent necessary to operate the Service:

Payment processors — Stripe and PayPal, for processing subscription and booking payments.
Currency exchange — Frankfurter API, for retrieving exchange rate data (no personal data is transmitted).
Hosting infrastructure — UK-based server providers who host the Service on our behalf.

These third parties process data in accordance with their own privacy policies and terms of service. We encourage you to review them.

7. Marketing Communications

We may send Customers marketing emails about product updates, new features, and newsletters. You can opt out of marketing communications at any time by clicking the unsubscribe link in any marketing email or by contacting us. Opting out of marketing does not affect transactional communications related to your Account or Subscription.

8. Data Storage and Security

All data is stored on UK-based servers. We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. However, no method of electronic storage or transmission is completely secure, and we cannot guarantee absolute security.

9. Data Retention

We retain Customer data and associated Guest data for as long as the Customer's Account is active. Upon termination of an Account — whether initiated by the Customer or by us — all data associated with that Account, including Guest data, is permanently deleted.

We may retain certain data for a limited period after Account termination where required by law (for example, financial records for tax purposes).

10. International Transfers

Your data is stored in the United Kingdom. Where any data is transferred outside the UK, we will ensure appropriate safeguards are in place in accordance with UK data protection law.

11. Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

Access — the right to request a copy of the personal data we hold about you.
Rectification — the right to request correction of inaccurate or incomplete data.
Erasure — the right to request deletion of your personal data in certain circumstances.
Restriction — the right to request that we restrict processing of your data in certain circumstances.
Portability — the right to receive your personal data in a structured, commonly used, machine-readable format.
Objection — the right to object to processing based on legitimate interests or for direct marketing purposes.
Withdraw consent — where processing is based on consent, the right to withdraw that consent at any time.

To exercise any of these rights, please contact us using the details on our website. We will respond to your request within one month, as required by law.

Guests whose data is processed by the Service should direct their requests to the relevant hotel (our Customer) in the first instance, as the Customer is the data controller for Guest data.

12. Third-Party Plugins

As part of the Service, Customers receive a hosted WordPress installation and may choose to install additional third-party plugins. We are not responsible for the data collection, cookies, or privacy practices of any third-party plugins installed by the Customer. Customers are solely responsible for ensuring that any third-party plugins they install comply with applicable data protection laws.

13. Children's Privacy

The Service is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child, we will take steps to delete it promptly.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by posting the revised policy on our website and updating the "Effective date" above. Your continued use of the Service after the updated policy takes effect constitutes your acceptance of the changes.

15. Complaints

If you are not satisfied with our handling of your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection. You can find more information at ico.org.uk.