Privacy Policy

1. Introduction

Goodstay, Inc. ("Goodstay", "we", "us", or "our") respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our pet boarding management platform (the "Service").

2. Information We Collect

2.1 Information You Provide

When you register for and use the Service, we may collect:

• Account information: Name, email address, password, phone number
• Facility information: Business name, address, phone number, email, timezone
• Customer data: Pet owner names, contact details, addresses, and notes that you enter into the system
• Pet data: Pet names, species, breeds, dates of birth, weight, medical conditions, behavioral notes, vaccination records, and photos
• Reservation and billing data: Booking dates, space assignments, invoice details, payment records
• Uploaded files: Pet photos, vaccination proof documents, report card images

2.2 Information Collected Automatically

When you access the Service, we may automatically collect:

• Usage data: Pages visited, features used, actions taken, timestamps
• Device information: Browser type, operating system, screen resolution
• Log data: IP address, access times, referring URLs
• Cookies: Session cookies necessary for authentication and Service functionality

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service
• Process transactions and send related information (invoices, confirmations)
• Send transactional emails (password resets, reservation notifications, report cards, vaccination reminders)
• Respond to your requests, comments, and questions
• Monitor and analyze usage trends to improve the Service
• Detect, prevent, and address technical issues and security incidents
• Comply with legal obligations

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following limited circumstances:

• Service providers: We use third-party providers for hosting (DigitalOcean), email delivery (Forward Email), payment processing (Stripe), and error monitoring. These providers only access data necessary to perform their services and are contractually obligated to protect it.
• Within your facility: Staff members you invite to your facility account can access facility data (reservations, pet profiles, etc.) based on their assigned role.
• Pet owner portal: Pet owners accessing the customer portal can view their own pets, reservations, invoices, and report cards associated with your facility.
• Legal requirements: We may disclose information if required by law, regulation, legal process, or government request.

5. Data Security

We implement industry-standard security measures to protect your data, including:

• Encryption of data in transit using TLS/SSL
• Encryption of passwords using bcrypt hashing
• Access controls and role-based permissions
• Regular security updates and monitoring
• Secure cloud infrastructure with managed database services

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. If you cancel your subscription:

• You may request a data export within 30 days of cancellation
• We will delete your facility data within 90 days of account closure
• We may retain anonymized, aggregated data for analytics purposes
• We will retain data as required by law (e.g., billing records for tax purposes)

7. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of any inaccurate or incomplete information
• Deletion: Request deletion of your personal information, subject to legal retention requirements
• Data portability: Request an export of your data in a machine-readable format
• Objection: Object to certain processing of your personal information

To exercise any of these rights, please contact us at the address below. We will respond within 30 days.

8. Cookies

We use essential cookies required for the Service to function (authentication sessions, CSRF protection). We do not use advertising or third-party tracking cookies. You can configure your browser to refuse cookies, but this may prevent you from using the Service.

9. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information.

10. International Data Transfers

The Service is hosted in the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States. By using the Service, you consent to the transfer of your information to the United States.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new Privacy Policy on the Service with a revised "Last updated" date. We encourage you to review this Privacy Policy periodically.