Privacy Policy

Last updated: May 23, 2026

1. Introduction

This Privacy Policy describes how [OPERATOR_LEGAL_NAME] (“Suiteplan,” “we,” “us”) collects, uses, and shares information when you use the Suiteplan website, services, and applications (the “Service”). By using the Service, you consent to the practices described here.

2. Information we collect

Account information

Your email address and a hashed copy of your password (password hashing is performed by our authentication provider, Supabase — we never store plain-text passwords). If you sign in with Google, we also receive your Google account’s email address, name, and profile picture from Google.

Information you provide

Information about the credit cards you add to your wallet (card product, account-open date, optional nickname, optional last four digits — we do not store full card numbers); the plans you create (property name, location, intended check-in and check-out dates, occupancy, estimated values, notes, confirmation numbers, booked-on date); and the usage records you log (amount used, date, property name, confirmation number, optional notes about additional value received).

Billing identifiers

If you subscribe to a paid plan, we store identifiers issued by our payment processor, Stripe: your Stripe customer ID, subscription ID, status, billing interval, current-period-end date, and cancellation flag. We never see your credit card number. Stripe processes payments and stores card details on its own systems.

Email preferences and reminder state

For paid subscribers, we store your email notification preferences (whether per-event reminders and the weekly digest are enabled or disabled). We also record idempotency timestamps — the last time we sent an unlock reminder or an expiry-warning reminder for each benefit instance, and the last time we sent the weekly digest to your account — so that reminders are never sent twice for the same event. We additionally store an opaque, randomly-generated unsubscribe token associated with your account, used solely to authenticate one-click unsubscribe requests without requiring you to be signed in.

Automatic information

Your IP address, user agent, browser/device information, and request logs — collected by our hosting provider for security, abuse prevention, and routine operations.

3. How we use your information

We use information to:

  • provide and improve the Service, including generating benefit instances and forecasts from the data you enter;
  • bill paid subscriptions (if applicable);
  • send transactional emails (account verification, password reset, billing receipts, benefit reminders);
  • respond to your support requests;
  • comply with legal obligations;
  • detect, prevent, or investigate fraud or abuse.

4. How we share your information

We share information only with service providers (“processors”) that help us operate the Service, and only as needed for them to perform their function. We do not sell your personal information, and we do not share it for cross-context behavioral advertising.

Our processors:

  • Supabase — hosts our database and handles authentication (privacy policy)
  • Stripe — processes payments and manages subscriptions; you provide your card information directly to Stripe, not to us (privacy policy)
  • Google — if you sign in with Google, Google sees that you have used Suiteplan (privacy policy)
  • RapidAPI / Xotelo — receives hotel-name search queries (not your identity or account) when you use the hotel autocomplete (privacy policy)
  • Resend — transactional email delivery for reminder emails to paid subscribers (account verification, benefit-unlock notifications, expiry warnings, and the weekly digest); your email address is passed to Resend solely to deliver these messages (privacy policy)
  • Vercel — hosts the Service application code (privacy policy)

We may also disclose information if required by law, or to protect the rights, property, or safety of Suiteplan, our users, or others.

5. Cookies, local storage, and similar technologies

The Service uses:

  • Session cookies from Supabase, used to keep you signed in.
  • A localStorage entry written by next-themes to remember your light/dark/system theme preference.
  • Stripe’s cookies, set on Stripe-hosted Checkout and Customer Portal pages when you interact with billing — governed by Stripe’s privacy policy linked above.

We do not use cookies for advertising or third-party tracking.

6. Data retention

We retain your account information and the data you create in the Service for as long as your account is active. When you delete your account (Account page → Delete account), your account and associated data are permanently removed from our active systems. Backup copies may persist for a limited period (typically up to 30 days) before being overwritten in the normal course of backup rotation. Aggregated, de-identified information may be retained indefinitely.

7. Security

We use industry-standard measures to protect your information, including encryption in transit (HTTPS), hashed passwords, and access controls within our hosting and database providers. No method of transmission or storage is perfectly secure, however, and we cannot guarantee absolute security.

8. Your rights

You can:

  • Access and update your account information and the data you have entered from the Account page.
  • Delete your account and all associated data from the Account page (Delete account section).
  • Manage your subscription from the Account page using the Manage subscription button.
  • Unsubscribe from reminder emails at any time — either via the one-click unsubscribe link included in every reminder email, or by adjusting the per-event and weekly-digest toggles on the Account page. Opting out of emails does not affect your in-app reminders or any other part of the Service.
  • Export your data — email us at contact@suiteplan.app and we will provide a copy within a reasonable time.

California residents (CCPA / CPRA)

If you are a California resident, you have the right to know what personal information we have collected about you, the right to correct inaccurate information, the right to delete your information, and the right not to be discriminated against for exercising these rights. As stated above, we do not sell or share your personal information for cross-context behavioral advertising, so the right to opt out of sale or sharing does not apply in practice. To exercise any of these rights, email contact@suiteplan.app.

Users outside the United States

Your information will be processed in the United States, where data protection laws may differ from those in your country. By using the Service, you consent to this transfer.

9. Children

The Service is intended for users 18 years of age or older. We do not knowingly collect personal information from anyone under 18. If you believe we have collected information from a person under 18, please contact us at contact@suiteplan.app and we will delete it.

10. Changes to this Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email and/or by posting a notice in the Service. The updated Policy takes effect on the “Last updated” date at the top of this page.

11. Contact

Questions about this Policy or about your information? Email us at contact@suiteplan.app.