Privacy Policy

1. Introduction

Stay Orbis, LLC ("Stay Orbis," "we," "our," or "us") is a Maryland limited liability company committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our vacation rental property management platform, website located at stayorbis.com, and all related services (collectively, the "Services").

This Privacy Policy complies with the Maryland Personal Information Protection Act (Md. Code, Com. Law § 14-3501 et seq.), the Maryland Consumer Protection Act, and other applicable federal and state privacy laws.

By accessing or using our Services, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with our practices, please do not use our Services.

2. Information We Collect

2.1 Information You Provide Directly

We collect information that you voluntarily provide to us, including:

• Account Information: Name, email address, phone number, password, and business information when you create an account;
• Profile Information: Company name, job title, profile photo, and preferences;
• Property Information: Property addresses, descriptions, photos, amenities, rates, and availability;
• Guest Information: Guest names, contact information, identification documents, and reservation details that you input into the system;
• Payment Information: Billing address, payment card details (processed securely through our payment processor, Stripe), and bank account information for payouts;
• Communications: Messages, support requests, and feedback you send to us;
• Survey Responses: Information provided in response to surveys or questionnaires.

2.2 Information Collected Automatically

When you access our Services, we automatically collect certain information, including:

• Device Information: Device type, operating system, unique device identifiers, browser type and version, and mobile network information;
• Log Data: IP address, access times, pages viewed, referring URL, and actions taken within the Services;
• Location Data: General geographic location based on IP address;
• Usage Data: Features used, time spent on pages, click patterns, and other interaction data;
• Cookies and Similar Technologies: Information collected through cookies, web beacons, and similar tracking technologies (see Section 8).

2.3 Information from Third Parties

We may receive information about you from third-party sources, including:

• Channel Partners: Booking information from platforms like Airbnb, Vrbo, and Booking.com when you connect your accounts;
• Payment Processors: Transaction information from Stripe and other payment service providers;
• Financial Account Data (Plaid): If you connect a bank account through our integration with Plaid Inc. (“Plaid”), we receive account information, transaction data, and balance information from your financial institution via Plaid's services. See Section 7A for full details;
• Analytics Providers: Aggregated website and usage analytics;
• Public Sources: Publicly available information relevant to our Services.

3. SMS/Mobile Data Privacy

Stay Orbis sends text messages to guests on behalf of property managers using our platform. By providing your phone number and checking the SMS consent box during the booking process, you expressly consent to receive automated text messages from Stay Orbis. These messages may include:

• Booking confirmations and reservation updates;
• Check-in and check-out instructions;
• Property access codes and door codes;
• Important updates about your stay;
• Special offers and property updates (only if you opt in separately).

3.1 Opting Out of SMS

You may opt out of receiving text messages at any time by replying STOP to any message. After opting out, you will no longer receive text messages unless you re-subscribe. Reply HELP for assistance or contact us at support@stayorbis.com.

3.2 Message Frequency and Rates

Message frequency varies based on your reservation activity. Typically, you will receive between 1 and 10 messages per booking. Standard message and data rates may apply per your mobile carrier plan.

3.3 No Sharing of Mobile Information

No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. All other use of your mobile data is governed by this Privacy Policy. We may share mobile information with service providers solely for the purpose of delivering transactional messages on our behalf (e.g., our SMS delivery provider, Twilio).

3.4 Supported Carriers

Our SMS service supports all major U.S. mobile carriers. Carriers are not liable for delayed or undelivered messages.

4. How We Use Your Information

We use the information we collect for the following purposes:

4.1 Provide and Improve Services

• Create and manage your account;
• Process reservations and synchronize availability across channels;
• Facilitate communications between you and your guests;
• Process payments and payouts;
• Provide customer support;
• Develop new features and improve existing Services.

4.2 Communications

• Send transactional emails (account confirmations, booking notifications, etc.);
• Send administrative messages about your account or the Services;
• With your consent, send promotional communications about new features, special offers, or other information we think may interest you;
• Respond to your inquiries and support requests.

4.3 Safety and Security

• Detect, investigate, and prevent fraudulent transactions and other illegal activities;
• Monitor and analyze usage patterns to improve security;
• Protect the rights, property, and safety of Stay Orbis, our users, and the public;
• Enforce our Terms of Service and other policies.

4.4 Legal Compliance

• Comply with applicable laws, regulations, and legal processes;
• Respond to lawful requests from public authorities;
• Fulfill tax reporting and other regulatory obligations.

5. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

5.1 Service Providers

We share information with third-party vendors who perform services on our behalf, including:

• Cloud hosting providers (e.g., Vercel, Supabase);
• Payment processors (e.g., Stripe);
• Email service providers (e.g., Resend);
• Analytics providers (e.g., Google Analytics);
• Customer support tools;
• Marketing platforms (with your consent).

These providers are contractually obligated to use your information only to provide services to us and to maintain appropriate security measures.

5.2 Channel Partners

When you connect third-party booking platforms (Airbnb, Vrbo, Booking.com, etc.), we share necessary information to synchronize your listings, availability, and reservations. Your use of these platforms is subject to their respective privacy policies.

5.3 Business Transfers

If Stay Orbis is involved in a merger, acquisition, asset sale, or bankruptcy, your information may be transferred as part of that transaction. We will notify you of any change in ownership or control of your personal information.

5.4 Legal Requirements

We may disclose your information if required by law or in response to:

• Court orders, subpoenas, or other legal processes;
• Requests from law enforcement or government agencies;
• To protect our rights, property, or safety, or that of our users or the public;
• To investigate potential violations of our Terms of Service.

5.5 With Your Consent

We may share your information for other purposes with your explicit consent.

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Specifically:

• Account Data: Retained while your account is active and for up to 3 years after account closure for legal and business purposes;
• Transaction Records: Retained for 7 years to comply with tax and financial regulations;
• Guest Data: Retained in accordance with your data retention settings and applicable hospitality industry requirements;
• Usage Data: Generally retained for 2 years;
• Marketing Data: Retained until you unsubscribe or request deletion.

When data is no longer needed, we will securely delete or anonymize it in accordance with our data destruction procedures.

7. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption: Data encrypted in transit (TLS/SSL) and at rest;
• Access Controls: Role-based access controls and multi-factor authentication;
• Infrastructure Security: Secure cloud hosting with regular security audits;
• Employee Training: Regular privacy and security training for staff;
• Incident Response: Procedures for detecting and responding to security incidents.

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

7A. Financial Data — Plaid Integration

Stay Orbis uses Plaid Inc. (“Plaid”) to connect your bank accounts for the purpose of financial reconciliation, expense tracking, and accounting within our Services. By using the Plaid integration, you acknowledge and agree to the following:

7A.1 Information Collected via Plaid

When you connect a bank account through Plaid, we may collect:

• Account Information: Account name, type, and institution name;
• Transaction Data: Transaction descriptions, amounts, dates, and categories;
• Balance Information: Current and available account balances;
• Account Holder Information: Name associated with the account;
• Routing and Account Numbers: For identity verification and reconciliation purposes.

7A.2 How We Use Financial Data

Financial data collected through Plaid is used exclusively to:

• Reconcile bank transactions with property management records;
• Categorize and track business expenses;
• Generate financial reports and accounting summaries;
• Facilitate integration with accounting software (e.g., QuickBooks).

We do not use your financial data for marketing, advertising, or any purpose unrelated to the property management services you have requested.

7A.3 How Financial Data Is Protected

• Plaid access tokens are encrypted at rest using AES-256-GCM with unique initialization vectors and authentication tags;
• Encryption keys are stored separately from encrypted data in secure environment variables;
• All communication with Plaid's API occurs over TLS 1.2+;
• Access to financial data is restricted to authenticated, authorized users within your organization based on role-based access controls;
• Financial data is never stored in application logs or error reports.

7A.4 Sharing of Financial Data

We do not sell, rent, or share your financial data with third parties for their own purposes. Financial data may be shared only:

• With Plaid, as necessary to maintain your bank connection;
• With accounting integrations you explicitly authorize (e.g., QuickBooks);
• When required by law, regulation, or legal process.

7A.5 Your Rights Regarding Financial Data

You may at any time:

• Disconnect: Remove your bank account connection through your account settings, which revokes our access to new data from that institution;
• Request Deletion: Request deletion of all stored financial data by contacting privacy@stayorbis.com;
• Access: Request a copy of the financial data we have collected about you.

By using Stay Orbis's bank connection feature, you also agree to Plaid's end user privacy policy, available at https://plaid.com/legal/#end-user-privacy-policy.

7A.6 Data Retention for Financial Data

Financial transaction data is retained for as long as your account is active and your bank account is connected. Upon disconnection or account termination, financial records are retained for 7 years as required by applicable tax and accounting regulations, after which they are permanently deleted. Plaid access tokens are deleted immediately upon disconnection.

8. Data Breach Notification

In accordance with the Maryland Personal Information Protection Act (Md. Code, Com. Law § 14-3504), if we discover a breach of the security of our system that results in the unauthorized acquisition of your personal information, we will notify you as required by law. Notification will be made:

• As expeditiously as possible;
• Without unreasonable delay;
• Consistent with the legitimate needs of law enforcement; and
• Consistent with any measures necessary to determine the scope of the breach and restore the integrity of our data system.

9. Cookies and Tracking Technologies

9.1 Types of Cookies We Use

• Essential Cookies: Required for the Services to function properly (authentication, security, load balancing);
• Functional Cookies: Remember your preferences and settings;
• Analytics Cookies: Help us understand how visitors interact with our Services;
• Marketing Cookies: Used to deliver relevant advertisements (only with your consent).

9.2 Your Cookie Choices

You can manage your cookie preferences through your browser settings. Most browsers allow you to:

• See what cookies are stored and delete them individually;
• Block third-party cookies;
• Block cookies from particular sites;
• Block all cookies from being set;
• Delete all cookies when you close your browser.

Please note that blocking certain cookies may affect the functionality of our Services.

9.3 Do Not Track

Some browsers include a "Do Not Track" (DNT) feature. Our Services do not currently respond to DNT signals. However, you can use the cookie management options described above to control tracking.

10. Your Privacy Rights

Depending on your location and applicable law, you may have the following rights regarding your personal information:

10.1 Access and Portability

You have the right to request a copy of the personal information we hold about you in a commonly used, machine-readable format.

10.2 Correction

You have the right to request that we correct any inaccurate or incomplete personal information.

10.3 Deletion

You have the right to request deletion of your personal information, subject to certain exceptions (e.g., legal obligations, ongoing disputes).

10.4 Restriction of Processing

You have the right to request that we restrict the processing of your personal information in certain circumstances.

10.5 Objection

You have the right to object to certain types of processing, including direct marketing.

10.6 Withdraw Consent

Where we rely on your consent to process personal information, you have the right to withdraw that consent at any time.

10.7 How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@stayorbis.com. We will respond to your request within 45 days. We may need to verify your identity before processing your request.

11. Children's Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly. If you believe we may have collected information from a child under 18, please contact us at privacy@stayorbis.com.

12. International Data Transfers

Stay Orbis is based in the United States. If you access our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers are located. By using our Services, you consent to the transfer of your information to the United States.

13. Third-Party Links and Services

Our Services may contain links to third-party websites, applications, or services that are not operated by us. This Privacy Policy does not apply to such third-party services, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you access through our Services.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

• Post the updated Privacy Policy on this page;
• Update the "Effective Date" at the top of this page;
• Notify you via email or through a prominent notice in our Services.

We encourage you to review this Privacy Policy periodically. Your continued use of the Services after any changes indicates your acceptance of the updated Privacy Policy.

15. Contact Us

If you have any questions, concerns, or complaints about this Privacy Policy or our privacy practices, please contact us:

For general support inquiries, please contact support@stayorbis.com.

16. Maryland-Specific Disclosures

For residents of Maryland, the following additional disclosures apply:

• Maryland Consumer Protection Act: You have protections under the Maryland Consumer Protection Act (Md. Code, Com. Law § 13-101 et seq.) against unfair or deceptive trade practices.
• Data Breach Rights: Under the Maryland Personal Information Protection Act, you are entitled to notification if your personal information is compromised in a data breach, as described in Section 8.
• Identity Theft Protection: If you are a victim of identity theft, Maryland law provides additional protections. Visit the Maryland Attorney General's website for more information.