Privacy Policy
Last updated: March 21, 2026
Important: Replace every bracketed placeholder before public launch. This policy is product-specific, but it is not a substitute for legal review.
1. Controller
StayConcierge is operated by Novera GmbH, Kartonstrasse 7, CH-9425 Thal, Switzerland. Questions about privacy can be sent to info@novera.ch.
2. Scope
This Privacy Policy applies to the StayConcierge marketing site, blog, host login, admin dashboard, guest guide pages, billing flows, and support requests.
3. Data We Process
We process account data such as email address, authentication metadata, and subscription status when hosts create or manage an account.
We process property data that hosts choose to upload, including property name, welcome text, WiFi details, house rules, local recommendations, WhatsApp contact details, theme settings, and guest-facing content.
We process operational data such as page requests, device/browser details, error telemetry, product usage events, and referral context to monitor service health and improve onboarding.
We process billing metadata through Stripe, including Stripe customer IDs, subscription IDs, price keys, status, and renewal or cancellation timestamps. Full card details are handled by Stripe, not stored by StayConcierge.
We process lead and support data when someone submits a premium rollout request, QR stand request, waitlist form, or support inquiry.
4. Why We Process Data
We use account and property data to provide the service, authenticate hosts, publish guest guides, generate QR links, and let hosts update content.
We use billing data to create checkout sessions, manage subscriptions, apply plan limits, respond to cancellations, and provide invoices or billing support.
We use operational telemetry and analytics to understand which pages convert, where onboarding fails, and how the product performs in production.
We use support and lead data to answer questions, coordinate premium onboarding, and process product or launch requests.
5. Legal Bases
Where Swiss, EU, or UK privacy rules apply, our legal bases typically are contract performance, legitimate interests in operating and securing the service, compliance with legal obligations, and consent for optional analytics or similar technologies.
6. Cookies, Local Storage, and Consent
StayConcierge uses essential browser storage for authentication, session continuity, UI preferences, and product behavior that is required to provide the service.
Google Analytics is loaded only after consent. When analytics consent is denied, optional analytics scripts are not loaded.
7. Guest Guide Visibility
Guest guides are intentionally accessible through the guest link or QR code shared by a host. Hosts are responsible for the accuracy and appropriateness of any guest-facing content they publish, including WiFi credentials, house rules, recommendations, and contact details.
8. Processors and Infrastructure
We currently rely on infrastructure and service providers including Supabase for database, authentication, and edge functions; Stripe for billing; Google Analytics for optional usage measurement after consent; Google Fonts and jsDelivr/CDN providers for frontend asset delivery; and email/mail clients for direct support links.
If processors or subprocessors materially change, this page should be updated before the change goes live.
9. International Transfers
Your data may be processed in countries outside Switzerland, the EU, or the UK. Where applicable, we rely on contractual safeguards, adequacy decisions, or equivalent transfer mechanisms provided by our processors.
10. Retention
We keep account, property, and billing metadata for as long as the account is active and for a reasonable period afterwards to comply with legal obligations, resolve disputes, and restore accidental deletions or billing history.
Lead requests, waitlist entries, and analytics events are retained only as long as they serve a legitimate business or compliance purpose.
11. Security
We use access controls, role-based database rules, HTTPS transport, and hosted infrastructure security controls. No system is completely risk-free, and hosts should avoid storing information in guest content that is unnecessary or unusually sensitive.
12. Your Rights
Depending on your jurisdiction, you may have rights to access, correct, delete, restrict, object to, or export your personal data, and to withdraw consent where processing depends on consent.
Requests can be sent to info@novera.ch. We may ask for proof of identity before fulfilling a request.
13. Complaints
If you believe our processing violates applicable law, you may contact us first so we can try to resolve the issue. You may also complain to the competent data protection authority in your jurisdiction.
14. Changes
We may update this Privacy Policy when the product, processors, or legal obligations change. The current version is always posted on this page with its effective date.