1. Who We Are
Dszape ("we", "us", "our") operates a hotel management SaaS platform at dszape.com. We provide website building, booking engine, front desk operations, billing, and guest management tools to independent hotels worldwide. This policy explains how we collect, use, store, and protect your personal information.
2. Information We Collect
From Hotel Operators (our customers):
- Account information: name, email address, phone number, business name
- Property details: hotel name, address, room types, pricing, photos, amenities
- Payment information: processed securely through Stripe or Razorpay — we never store card numbers
- Usage data: how you interact with the dashboard, features used, session duration
- Team member information: names and email addresses of staff accounts you create
From Hotel Guests (your customers):
- Booking information: name, email, phone, check-in/check-out dates, room preferences
- Identity verification: ID type and number (collected at check-in by the hotel operator)
- Payment information: processed through Stripe or Razorpay on behalf of the hotel
- Communication records: booking confirmations, invoices sent via the platform
Automatically collected:
- Device information, browser type, IP address
- Analytics data via PostHog (configured with identified-only mode, no autocapture)
- Error tracking via Sentry for platform stability
3. How We Use Your Information
- Platform operation: To provide, maintain, and improve the Dszape platform
- Booking processing: To facilitate reservations, payments, and guest communications
- Billing: To process subscription payments, generate invoices, and manage folio records
- Communication: To send booking confirmations, operational notifications, and platform updates
- Security: To detect fraud, prevent unauthorized access, and maintain audit trails
- Analytics: To understand how the platform is used and improve the product (aggregated, not individual)
4. Data Sharing
We do not sell your personal data. We never have. We never will.
We share information only with the following categories of service providers, and only to the extent necessary:
- Payment processing: Stripe and Razorpay (both PCI-DSS compliant)
- Authentication: Clerk (for secure login and account management)
- Database and hosting: Supabase (PostgreSQL with row-level security), Vercel
- Email delivery: Resend (for booking confirmations and notifications)
- Error monitoring: Sentry (for platform stability)
- Analytics: PostHog (identified-only, privacy-first configuration)
We may also disclose information when required by law, court order, or to protect the rights and safety of our users.
5. Data Security
- All data transmitted over HTTPS (TLS 1.3)
- Database encryption at rest via Supabase
- Row-level security (RLS) ensures hotel operators can only access their own property data
- Authentication via Clerk with multi-factor authentication support
- Regular security audits and vulnerability monitoring via Sentry
- Audit trail logging for all sensitive operations (check-in, checkout, billing, payments)
6. Data Retention
We retain your account and property data for as long as your account is active. Booking records and financial data (folios, invoices, payments) are retained for 7 years to comply with tax and accounting regulations. You may request deletion of your account at any time — we will remove all personal data within 30 days, except where retention is required by law.
7. Your Rights
You have the right to:
- Access: Request a copy of all personal data we hold about you
- Correction: Update or correct inaccurate information
- Deletion: Request deletion of your account and associated data
- Export: Download your property data, bookings, and financial records from the dashboard
- Objection: Opt out of non-essential analytics and marketing communications
Hotel guests should contact the hotel operator directly for data requests related to their bookings. Hotel operators can manage guest data through the Dszape dashboard.
8. Cookies
Dszape uses essential cookies for authentication and session management. We use PostHog for analytics in identified-only mode with autocapture disabled. We do not use advertising cookies or tracking pixels. We do not sell cookie data to third parties.
9. International Data Transfers
Our platform infrastructure is hosted on Vercel and Supabase, which may process data in multiple geographic regions. We ensure all data transfers comply with applicable data protection laws, including the Indian Digital Personal Data Protection Act, 2023 (DPDP Act) and the EU General Data Protection Regulation (GDPR) where applicable. Our service providers maintain appropriate data protection agreements and certifications. Payment gateway credentials are stored using Supabase Vault with encryption at rest.
10. Children's Privacy
Dszape is a business platform designed for hotel operators. We do not knowingly collect information from children under 18. If you believe a child has provided us with personal information, please contact us immediately.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through the platform dashboard. Continued use of the platform after changes constitutes acceptance of the updated policy.
12. Contact Us
For any privacy-related questions, data requests, or concerns: