We are committed to protecting your privacy and ensuring the security of your personal information. This policy explains how we collect, use, and safeguard your data.
Personal information for bookings, usage data for improvements, and communication records for support.
Industry-standard encryption, access controls, regular security audits, and strict data handling policies.
Access, correct, or delete your data anytime. Opt-out of communications and control your privacy settings.
Limited sharing with hostel partners and trusted service providers only when necessary for service delivery.
When you create an account, make a booking, or contact us, we collect personal information including your name, email address, phone number, gender, and role (tenant, staff, hostel admin, or app admin). All sensitive personal data is encrypted using industry-standard AES-256 encryption before storage.
We collect and store encrypted password hashes, JWT tokens (expiring every 24 hours), and session information to secure your account and provide seamless access to our services.
We collect your location data (with permission) to help you find nearby hostels, calculate distances, and provide location-based services. This includes GPS coordinates, city, state, and area information.
We automatically collect device information, IP address, browser type, pages visited, and usage patterns to improve our platform performance and user experience.
We store communications between you and HostelFlow, including support tickets, complaint records, and customer service interactions for quality assurance and dispute resolution.
We collect FCM (Firebase Cloud Messaging) tokens to send you important updates about bookings, payments, and hostel-related notifications.
We use your information to provide, maintain, and improve our hostel booking services, process payments, and facilitate communications between you and hostel providers.
Your data helps us personalize your experience, recommend suitable accommodations, and send you relevant updates about hostels in your preferred locations.
We use your information to respond to your inquiries, resolve issues, and provide customer support services.
We may use your information to comply with applicable laws, regulations, legal processes, or governmental requests.
We share necessary booking information with hostel providers to facilitate your accommodation. This includes your name, contact details, and booking preferences.
We work with trusted third-party service providers for payment processing, analytics, and customer support. These partners are bound by strict confidentiality agreements.
We may disclose your information when required by law, court order, or to protect the rights, property, or safety of HostelFlow, our users, or others.
In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the business transaction.
All sensitive personal data (names, emails, phone numbers) is encrypted using AES-256 encryption before database storage. We use deterministic encryption for searchable fields and standard encryption for other sensitive data.
We use JWT tokens with 24-hour expiration, secure password hashing with bcrypt, and automatic token refresh mechanisms. All authentication data is encrypted and stored securely.
Access to personal information is strictly controlled through role-based permissions (tenant, staff, hostel admin, app admin). Each role has limited access to only the data necessary for their function.
All data transmission is protected using HTTPS/SSL encryption. API endpoints require proper authentication and authorization headers for access.
User data is isolated by role and hostel assignment. Staff can only access data for their assigned hostels, and tenants can only access their own information.
We conduct regular security assessments, vulnerability testing, and code reviews to identify and address potential security issues in our systems.
You have the right to access, review, and receive a copy of the personal information we hold about you.
You can update or correct your personal information through your account settings or by contacting our customer support.
You may request deletion of your personal information, subject to certain legal and operational requirements.
You can opt-out of marketing communications at any time by using the unsubscribe link in our emails or updating your preferences.
We use cookies and similar tracking technologies to enhance your experience on our platform. These help us remember your preferences, analyze usage patterns, and provide personalized content.
Required for basic website functionality, security, and user authentication.
Help us understand how users interact with our platform to improve services.
Remember your settings and preferences for a personalized experience.
Used to deliver relevant advertisements and track marketing campaign effectiveness.
You can manage your cookie preferences through your browser settings. For more details, see our Cookie Policy.
We retain your personal information only for as long as necessary to fulfill the purposes outlined in this policy, comply with legal obligations, resolve disputes, and enforce our agreements.