Privacy Policy

1. Introduction

RoomKeyPin (“we”, “us”, “our”) is a hotel automation and reservation-management platform that helps property owners manage bookings, guests, and smart locks securely. This Privacy Policy explains how we collect, use, and safeguard your data when you interact with our systems — including check-in portals, smart locks, and admin dashboards.

2. Information We Collect

• Reservation Data: Guest names, check-in/out dates, room identifiers, booking reference numbers.
• Contact Data: Phone numbers for SMS verification and PIN delivery.
• ID Uploads: Photos of identification documents (e.g., passport or driver’s license) uploaded during online check-in.
• Device & Access Logs: Security logs for door-lock PIN creation and check-in access.
• Operational Metadata: iCal URLs, Gmail labels, or booking IDs used for automation.

We never collect payment card details or biometric data unless you explicitly provide them.

3. How We Use the Information

• To process reservations and automate guest check-in/out.
• To generate secure, time-limited smart-lock PINs via TTLock API.
• To send check-in links and access details via Twilio SMS or Gmail email.
• To securely store ID uploads for verification and property compliance.
• To synchronize booking data from iCal feeds and emails for accurate management.
• To analyze anonymized usage patterns to improve system reliability.

4. ID Uploads & Cloudinary Storage

During check-in, guests may be asked to upload a valid photo ID (e.g., passport, driver’s license) to verify their identity or comply with local accommodation laws. These files are securely stored on Cloudinary — an ISO 27001-certified cloud storage provider.

Each ID upload is:

• ✅ Transmitted securely over HTTPS
• ✅ Stored in an access-controlled private Cloudinary directory
• ✅ Never shared with third parties
• ✅ Automatically deleted upon verified guest request

Guests may request deletion of their uploaded ID at any time by emailing easybulb@gmail.com.

5. Data Sources

• Booking.com & Airbnb: Reservation feeds via iCal or official exports.
• Gmail: Confirmation emails parsed automatically with user-granted OAuth consent.
• TTLock/Sciener: Secure smart-lock platform for PIN generation.
• Twilio: SMS delivery provider for PINs and alerts.
• Cloudinary: Encrypted cloud storage for guest ID uploads and room images.
• Ticketmaster (optional): Public event API for pricing suggestions.

6. Data Security

All sensitive operations occur over HTTPS with SSL/TLS encryption. Databases are password-protected and encrypted. Access is limited to authorized administrators. Backups are encrypted and retained per legal requirements.

• ✅ SSL/TLS encryption on all endpoints
• ✅ AES-encrypted storage for credentials
• ✅ Role-based access control for admin staff
• ✅ Heroku, PostgreSQL, and Cloudinary are compliant with SOC 2 / ISO 27001 standards

7. Data Retention

We retain reservation data for up to 90 days after checkout for support and audit purposes, after which personal identifiers are automatically purged. ID uploads are retained for the duration of the guest’s stay and deleted upon request or after 90 days. Aggregated analytics (non-identifiable) may be retained indefinitely for performance monitoring.

8. Your Rights

• Request access to your personal data.
• Request correction or deletion of inaccurate data.
• Withdraw consent for data processing (where applicable).
• Request export of your data in portable format (GDPR Article 20).

To exercise these rights, email easybulb@gmail.com — we respond within 30 days.

9. Cookies

We use only essential session cookies required for login and security. No advertising or third-party tracking cookies are used.

10. Data Sharing

We never sell or trade guest data. Limited sharing occurs only with integrated systems necessary for operation (e.g., Twilio for SMS, TTLock for PINs, Cloudinary for ID storage). Each provider complies with GDPR and global privacy standards.

11. Changes to This Policy

This policy may be updated periodically. Any material changes will be announced on this page and, when required, communicated to active users via email or SMS.