Privacy Policy

How RoomRow collects, uses, and protects your personal information.

Last updated: March 27, 2026

1. Information We Collect

When you register on RoomRow, we collect the following information:

  • Account Information: Full name, email address, phone number, and password (stored as a secure hash).
  • Property Information: Property name, address, contact details, GST number, and property photos.
  • Guest Data: Names, contact details, ID proofs (for Form-B/C-Form compliance), and booking history, as entered by property staff.
  • Usage Data: Browser type, IP address, pages visited, and interaction patterns for analytics and improvement.
  • Payment Data: We do not store credit card numbers. Payments are processed through PCI-DSS compliant payment gateways.

2. How We Use Your Information

  • To provide and maintain the RoomRow platform and services
  • To process bookings, check-ins, billing, and generate invoices
  • To send transactional emails (booking confirmations, receipt notifications)
  • To improve our platform through aggregated, anonymized analytics
  • To comply with Indian legal requirements (GST, FHRAI reporting)
  • To communicate important service updates and security notices

3. Data Isolation & Multi-Tenancy

RoomRow operates on a multi-tenant architecture with row-level security (RLS). This means each property's data is strictly isolated at the database level. No property can access, view, or modify another property's data, even in the event of an application-level bug.

4. Data Sharing

We do not sell your data. We share information only in these cases:

  • Service providers: Email delivery (Resend), hosting (cloud providers), and payment processing, all bound by data processing agreements.
  • Legal compliance: When required by Indian law, court orders, or regulatory authorities.
  • With your consent: If you opt into OTA integrations, booking data is shared with the chosen platform.

5. Data Security

  • All data is encrypted in transit using TLS 1.3
  • Data at rest is protected with AES-256 encryption
  • Passwords are hashed using bcrypt with salt rounds
  • Access to production systems is restricted and audited
  • Regular security assessments and dependency audits

6. Your Rights

You have the right to:

  • Access and download your data
  • Request correction of inaccurate information
  • Request deletion of your account and associated data
  • Withdraw consent for marketing communications
  • Lodge a complaint with the relevant data protection authority

7. Data Retention

We retain your data for as long as your account is active. Upon account deletion, personal data is permanently removed within 30 days. Financial records (invoices, GST filings) are retained for 8 years as required by Indian tax law.

8. Contact Us

For privacy-related queries, contact us at [email protected].