Privacy Policy

Last Updated: 2026-05-29

Table of Contents

1. Information We Collect

We collect information to provide, maintain, and optimize our channel manager and property management software. This includes information related to both Hosts (our account owners) and Guests (those staying at properties managed via our platform).

A. Host Account Information:

  • Registration data: Name, email address, password, company name, and phone number.
  • Billing data: Billing address and payment card information (processed securely through Stripe).
  • Integration credentials: API tokens, calendar link URLs (ICAL), login credentials or authentication tokens for third-party vacation rental channels (e.g. Airbnb, VRBO, Booking.com) necessary to perform synchronization.

B. Guest Reservation & Check-in Information:

  • Booking details: Name, email, phone number, check-in and check-out dates, room rate, payout amounts, and reservation source.
  • Check-in records: For properties requiring guest verification (such as Minpaku compliance in Japan), guests may submit photos, addresses, passport numbers, nationalities, occupations, and images of government-issued identification cards or passports.

2. How We Use Information

We utilize the collected data to deliver core vacation rental management capabilities, including:

  • Calendar & Booking Synchronization: To prevent double bookings and orchestrate inventory availability across various vacation rental channels.
  • Operations Management: Providing hosts with daily unit state maps, cleaning workflows, and automated communications templates.
  • Financial Analytics: Reconciling payouts, managing taxes, and producing tax summaries for compliance.
  • Transactional Messaging: Sending notifications, confirmation messages, and guest check-in portal details.
  • System Maintenance: Monitoring performance logs, API load metrics, and diagnosing broken or failing ICAL links.

3. Third-Party Integrations

Our platform interacts with external booking channels and partners to keep your data in sync. When you authorize these integrations, data is shared between platforms:

  • Booking Channels: Reservation and availability data are transmitted to and from channels like Airbnb, Booking.com, and VRBO via ICAL or API networks.
  • Payment Processors: We use Stripe to process billing and subscriptions. Stripe's privacy practices govern your payment data. We do not store raw credit card details on our servers.
  • Email & Messaging Providers: Transactional emails, reservation details, and guest portal access credentials may be dispatched using secure third-party delivery nodes.

4. Data Retention & Deletion

We retain your data for as long as your host account remains active or as required to fulfill the business objectives outlined in this policy. When you delete your account, we will erase or anonymize your property data and reservations within 30 days, except as required for auditing, legal, or regulatory compliance.

Guest ID Scan Retention Policy

Photos and scans of guest passports and government-issued ID cards submitted through the Guest Space portals are stored inside an isolated, encrypted filesystem. These sensitive image files are strictly preserved for regulatory auditing (e.g. up to 3 years as mandated by local laws) and are automatically scrubbed once the statutory retention period expires.

5. Security & Encryption

We are committed to securing your data and have implemented appropriate technical and organizational measures to prevent unauthorized access, loss, or alteration. These include:

  • Enforcing SSL/TLS encryption for all data in transit.
  • Encrypting database credentials, API integration tokens, and guest identity documents at rest.
  • Regularly auditing permissions and isolating guest-facing spaces from management consoles.
  • Implementing network monitoring and server firewalls to protect physical and cloud-hosted infrastructure.

6. Regulatory Compliance (e.g. Japan Minpaku)

GapCM includes built-in tools tailored for local vacation rental compliance, notably the Private Lodging Business Act (Japan's Minpaku 180-day rule). In jurisdictions where guest registers must be maintained by law, the platform securely stores guest registry data (name, nationality, passport number, occupation) to generate compliance logs for municipal inspection.

Hosts are solely responsible for ensuring that their data collection and guest registration workflows comply with their specific local jurisdictions and regulatory authorities.

7. Your Privacy Rights

Depending on your location (such as the EEA/GDPR or California/CCPA zones), you may have the following rights regarding your personal data:

  • The right to access, update, or correct the personal data we store about you.
  • The right to request the erasure or restriction of processing of your data.
  • The right to export your account data in a structured, machine-readable format.

Note for Guests: GapCM acts as a Data Processor on behalf of the Host (the Data Controller). If you are a guest seeking to exercise your privacy rights, please contact the host or property management company with whom you booked directly.

8. Cookies and Tracking

We use essential cookies to maintain user sessions, remember system preferences, and secure the authentication process. You can configure your browser to reject cookies; however, doing so will prevent you from logging in and utilizing the application dashboard.

We do not sell host or guest data to third-party advertising networks, nor do we run target-marketing trackers inside the dashboard interface.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our data handling practices or legal requirements. When updates occur, we will adjust the "Last Updated" date at the top of the policy. We encourage you to review this page periodically to stay informed about how we protect your information.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our security protocols, please contact us at: