Privacy Policy
On this page we explain what personal data we process, why we process it, how long we keep it, to whom we may disclose it, and what rights you have regarding your data.
1. Who this policy applies to
This policy applies to:
- Website visitors
- persons who visit the Gostly landing page or other publicly accessible pages.
- Prospective customers
- persons who fill in a contact form, submit an inquiry, book a demo, or communicate with us before purchasing.
- Service users
- persons who use a Gostly account on behalf of an accommodation provider.
- Guests
- persons who access information, messages, or assistance during their stay through Gostly.
2. Gostly's role in data processing
Gostly may act in different roles when processing personal data, depending on the circumstances of use:
- As a controller for data we process for our own business purposes, for example when processing contact forms, demo inquiries, subscriptions, support, accounting records, system security, and basic web analytics.
- As a processor or contractual partner of the user for data entered into Gostly by an accommodation provider for the purposes of communicating with guests and organising stays.
When Gostly processes data on behalf of an accommodation provider, that provider generally acts as the controller of their guests' data. Gostly processes such data only to the extent necessary for the provision of the service and in accordance with the user's instructions and agreed terms.
3. What data we may process
| Contact data | first name, last name, email address, phone number, company name, country, data from the contact form or email correspondence. |
|---|---|
| Account data | username, email address, hashed password, user roles, organisation data, account settings. |
| Usage data | technical logs, access times, IP address, device identifiers, session data, usage events, security and diagnostic records. |
| Billing data | plan details, subscription status, payment history, tax data, data on issued invoices, and other data required for billing and tax compliance. |
| Guest data | data entered into Gostly by the user, for example the guest's name, contact details, communications, stay information, issue reports, photographs uploaded when reporting an issue (location and other metadata are stripped during processing), and other content related to use of the service. |
4. Purposes of processing and legal bases
| Pre-contractual communication | We respond to inquiries, demo registrations, and contact messages on the basis of our legitimate interest in business communication, or to take steps at the individual's request prior to entering into a contract. |
|---|---|
| Provision of the Gostly service | We process data for account creation, use of features, organisation management, security, support, and performance of the subscription relationship. The legal basis is performance of a contract. |
| Billing and tax compliance | We process data for issuing invoices, maintaining records, and fulfilling tax and accounting obligations. The legal basis is compliance with a legal obligation. |
| Security, abuse prevention, and system stability | We process data to protect the service, detect errors, maintain audit trails, prevent unauthorised access, and resolve technical issues. The legal basis is our legitimate interest in the secure and reliable operation of the service. |
| Analytics and marketing cookies | If we use analytics or marketing cookies, we activate them only on the basis of consent, where required by applicable law. More information is available on the Cookies page. |
| Processing of guest data on behalf of the user | When an accommodation provider uses Gostly to communicate with guests, we generally process the data on their behalf for the provision of the service. The legal basis is the contractual relationship with the user and their instructions as controller. |
| Automatic message translation | Where translation is enabled, we transmit the content of messages between guest and host to a machine-translation service provider (DeepL) to enable communication across different languages. The legal basis is performance of the service or our legitimate interest in multilingual communication. |
5. Where we obtain data from
- directly from you, when you fill in a form, create an account, or contact us,
- from the organisation or user on whose behalf you use Gostly,
- from technical systems and logs during use of the service,
- from connected service providers, where necessary for billing, sign-in, support, or security.
6. To whom we may disclose data
We may disclose data or grant access to the following categories of recipients, where necessary for the provision of the service:
- hosting, infrastructure, and database providers,
- email, communication, and support tool providers,
- machine (automatic) message translation service providers,
- analytics or advertising providers, where an appropriate legal basis exists,
- payment service providers and accounting partners,
- legal, tax, or other advisors, where necessary to protect our rights or fulfil obligations,
- public authorities, where required by law or a lawful process.
To operate the service, we use the following providers: Hetzner, Neoserv, Keycloak, Stripe, Google Analytics, DeepL.
7. Transfers of data outside the EEA
If personal data are transferred outside the European Economic Area, we will carry out such a transfer only where a valid legal basis and appropriate safeguards exist, for example an adequacy decision, standard contractual clauses, or another lawful mechanism.
When using Google Analytics, data may be transferred to the United States. Such transfers are based on the EU-US Data Privacy Framework or on standard contractual clauses. We do not carry out any other systematic transfers of personal data outside the EEA.
8. Retention periods
We retain data for as long as necessary for the purpose for which it was collected, or for as long as required by law.
| Inquiries and demo contacts | up to 12 months after the last contact, unless a contractual relationship is established. |
|---|---|
| User account data | generally for the duration of the account and a reasonable period after closure for security, proof of claims, and technical backups. |
| Accounting data | for as long as required by tax and accounting regulations. |
| Guest data | in accordance with the user's instructions, the agreed plan, internal retention settings, and the user's legal obligations as controller. |
| Logs and security records | for as long as reasonably necessary for security, diagnostics, and system protection. |
9. Your rights
If we are the controller of your data, you may exercise the following rights under applicable law:
- the right of access to personal data,
- the right to rectification of inaccurate data,
- the right to erasure, where the conditions for this are met,
- the right to restriction of processing,
- the right to object to processing based on legitimate interest,
- the right to data portability, where appropriate,
- the right to withdraw consent, where processing is based on consent.
You may send your request to hello@gostly.si. If you consider that we are processing your data unlawfully, you have the right to lodge a complaint with the competent supervisory authority for personal data protection. In Slovenia this is the Information Commissioner (Informacijski pooblaščenec RS, Dunajska cesta 22, 1000 Ljubljana, gp.ip@ip-rs.si, www.ip-rs.si).
10. Special notice for guests
If you use Gostly as a guest and access information, messages, or assistance during your stay through the service, the accommodation provider who granted you access to that content is generally responsible for the majority of the content and the purposes of personal data processing. In such a case, that accommodation provider may be better placed to provide you with further information regarding the processing of your data.
In such cases, Gostly may process data as a technical service provider on behalf of the accommodation provider.
If translation is enabled, the content of messages you send or receive passes through a machine-translation service (DeepL) so that communication is possible across different languages.
11. Cookies
Gostly may use necessary, analytical, and other cookies on its website. Details are described on the Cookies page.
12. Changes to this policy
We may update this policy from time to time to reflect changes in the service, legislation, or our providers. The updated version will be published on this page with the date of the last update indicated.
13. Contact
For questions about privacy or to exercise your rights, write to us at hello@gostly.si.