1. Overview
HostBooks (“we”, “our”, “us”) operates hostbooks.io. This policy describes how we collect, use, protect, and delete your data when you use our bookkeeping service for short-term rental hosts. We take your privacy seriously and have designed our product so that your financial data stays yours.
2. Data We Collect
We collect only what is necessary to provide the service:
- Account data: Your email address, used to identify your account and send service-critical communications.
- Financial transaction data: Transaction records you upload (dates, descriptions, amounts). These are stored securely in your account and never shared with third parties.
- Property information: Names and optional addresses of your rental properties that you enter into the app.
- Usage data: Basic analytics (page views, errors) to improve the product. No cross-site tracking.
- Payment data: Processed entirely by Stripe. We do not store your card number or banking credentials.
3. How We Use Your Data
- To categorize your transactions and generate your Schedule E report.
- To send your transaction descriptions to OpenAI's API for AI-assisted categorization. OpenAI does not use API data to train models. No identifying information (name, SSN, account numbers) is included in AI requests.
- To process payments via Stripe.
- To provide customer support when you contact us.
We do not sell your data. We do not use your financial data for advertising. We do not share your data with any party except as described above.
4. Data Security & Encryption
Your data is protected with bank-level security:
- Encryption in transit: All data is transmitted over HTTPS/TLS 1.3.
- Encryption at rest: Your data is stored in Supabase (PostgreSQL), which encrypts data at rest using AES-256.
- Row-level security: Database policies ensure you can only access your own data — not other users' records.
- File handling: Uploaded files (CSV, PDF, etc.) are processed in memory and not permanently stored on our servers. Only the extracted transaction data is persisted.
5. Data Retention & Deletion
Your data is yours. You can delete it at any time:
- Delete your data: Use the “Delete All My Data” button in your account settings. This permanently and immediately deletes all your transactions, properties, and uploads.
- Delete your account: Email hello@hostbooks.io to request full account deletion. We will complete this within 30 days.
- Original files: Uploaded files (CSV, PDF) are processed and immediately discarded. They are never stored on our servers.
- Inactive accounts: We may delete accounts inactive for 2+ years after 30 days' notice.
6. Third-Party Services
We use the following services to operate HostBooks:
- Supabase — database and authentication. Your data lives in their US-region infrastructure. Supabase Privacy Policy
- OpenAI — AI categorization. Only transaction descriptions are sent, never personal identifiers. API data is not used for training. OpenAI Privacy Policy
- Stripe — payment processing. We never see your full card number. Stripe Privacy Policy
7. Cookies
We use a single authentication cookie (“hostbooks-auth-token”) to maintain your login session. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.
8. Your Rights
Depending on your jurisdiction, you may have rights including:
- The right to access, correct, or delete your personal data.
- The right to data portability (export your transactions as PDF).
- The right to withdraw consent at any time.
- CCPA rights for California residents: we do not sell personal information.
- GDPR rights for EU residents: contact us to exercise your rights.
To exercise any of these rights, email hello@hostbooks.io.
9. Changes to This Policy
We may update this policy as the product evolves. We will notify you by email and update the date at the top of this page. Continued use of HostBooks after changes constitutes acceptance of the updated policy.