StahusStahus

Legal

Privacy policy

Effective June 2026. Plain-English summary above each section; full terms in our Terms of Service.

1. Information we collect

  • Account data: name, email, phone, password hash, profile photo, and language preference.
  • Identity data: government-issued ID, selfie, date of birth, and verification status (processed by our AI verification system, then encrypted at rest).
  • Booking & payment data: dates, listings, prices, payout details, last 4 digits of cards. Full card numbers are tokenised by our payment processor and never stored on Stahus servers.
  • Communications: messages between guests and hosts, support tickets, and review content.
  • Device & usage data: IP address, browser, device type, pages viewed, and approximate location derived from IP.

2. How we use your information

  • To operate the marketplace — match guests to listings, process bookings, payouts, and refunds.
  • To verify identity, prevent fraud, and meet AML/KYC obligations.
  • To provide customer support and resolve disputes.
  • To send transactional emails (bookings, receipts, security alerts) and — only with consent — marketing emails.
  • To improve the product through aggregate, de-identified analytics.

3. Sharing

  • Between guest and host: first name, photo, and verification status are shared once a booking is confirmed. Full contact details are exchanged only when the booking is confirmed and paid.
  • Service providers: payment processors, AI verification, hosting, email, and analytics — all under written data processing agreements.
  • Law enforcement: only with a valid legal request, and only the minimum data required.
  • We do not sell your personal data.

4. Storage & security

  • Data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
  • Identity documents are stored in a private bucket with access restricted to the document owner and our service role.
  • Backups are encrypted and retained for 30 days.
  • We follow PCI-DSS for cardholder data through our processor.

5. Your rights

  • Access, correct, export, or delete your data — submit a request from Account → Privacy or email privacy@stahus.com.
  • We respond to subject access requests within 30 days.
  • Withdraw marketing consent at any time from your email preferences.
  • Lodge a complaint with your local data protection authority.

6. Retention

  • Account data: kept while your account is active and for 2 years after closure for legal and tax reasons.
  • Booking and financial records: 7 years (tax compliance).
  • Identity verification records: 5 years after account closure (AML compliance).
  • Messages: 18 months after the related stay.

7. Cookies

  • We use essential cookies for sign-in and security, and optional analytics cookies you can disable in your browser or via our cookie banner.

8. Children

  • Stahus is not for anyone under 18. We do not knowingly collect data from minors.

9. International transfers

  • Stahus operates across the Caribbean and may transfer data to processors in the US, EU, or UK under standard contractual clauses.

10. Changes & contact

  • We'll notify you of material changes by email at least 30 days before they take effect.
  • Questions? Email privacy@stahus.com or write to Stahus, St. John's, Antigua and Barbuda.