Last updated: March 2026
GetStayAid is currently operated by its founder in British Columbia, Canada. A formal legal entity is in the process of being incorporated. This section will be updated once incorporation is complete. Contact: support@getstayaid.com.
Privacy questions and requests can be directed to: Gokalp Karahisar, Founder / Privacy Officer. Email: support@getstayaid.com.
We collect the following categories of information: Account information — name, email address, hotel or business name, and login credentials. Session and authentication data — tokens, session identifiers, and login timestamps. Billing and subscription information — payment method details (processed by Stripe; we do not store full card numbers), plan history, and transaction records. Uploaded files and hotel data — OTA commission statements, PMS export files, reservation records, and related documents submitted through the platform. Reservation and automation data — records processed through ResPilot and related features, including reservation details, guest information from OTA emails or uploaded files, and PMS entry outputs. Dispute and audit data — discrepancy records, dispute history, audit session outputs, and exports. Support communications — messages and correspondence submitted through email or other channels. Usage and log data — IP address, browser type, pages visited, timestamps, and error logs. Security and anti-abuse signals — device fingerprint data collected via FingerprintJS, used solely to detect fraud and unauthorized access.
We use the information we collect to: operate and deliver the platform and its features; process reservations, handle cancellations, and support PMS workflows through ResPilot; detect OTA commission discrepancies and generate audit outputs; support dispute preparation and workflow tracking; manage billing, subscriptions, and trial access; monitor for security threats and unauthorized activity; prevent fraud and platform abuse; respond to support requests; meet applicable legal obligations; and improve the platform based on service usage. Uploaded hotel files are never used for advertising and are not sold to third parties. They are processed solely to deliver the service you have requested.
OTA statements, PMS exports, and related files you upload are processed only as necessary to deliver the service, support your workflows, maintain account functionality, ensure security, and comply with legal obligations. We do not use your uploaded files for any other purpose and do not share them with third parties.
All data is stored on Supabase infrastructure with row-level security (RLS) enforced at the database level. Each hotel account is fully isolated — your data is never accessible to another tenant. All connections are encrypted over TLS. Sensitive values are encrypted at rest using industry-standard methods and credentials are not stored in plaintext. We use reasonable administrative, technical, and organizational safeguards to protect your information. No system is entirely without risk. If a breach occurs and notification is required under applicable law, we will notify affected users accordingly.
We work with third-party providers to operate the platform: Supabase (database and authentication infrastructure), Stripe (payment processing), Resend (transactional email), and Upstash (rate limiting and caching). Additional providers may be used for hosting, security, or other operational needs as the platform grows. Your data may be processed outside Canada, including in the United States and the European Union. We take reasonable steps to ensure appropriate protection for any data transferred internationally.
We use session and authentication cookies required to keep you logged in securely. We use FingerprintJS to generate device-level signals for fraud detection and trial abuse prevention — this data is used for security purposes only and is not shared with third parties. We do not use advertising networks, retargeting pixels, or behavioral tracking for marketing. We do not sell personal information. Disabling cookies through your browser may affect platform functionality.
Retention periods vary depending on operational needs, legal requirements, and applicable accounting or tax obligations. Account data is retained for the life of your account and a reasonable period after closure. Uploaded files and processed data are retained to support your workflows; you may request deletion at any time. Billing records are retained as required by applicable financial and tax regulations. Support communications are retained for a reasonable period to support service delivery. Logs and security records are retained as needed for security monitoring and legal compliance. Retention may be extended where required by law or to resolve a pending dispute.
Depending on your location, you may have the right to access, correct, export, or request deletion of your personal information. To make a request, contact us at support@getstayaid.com. We will respond within a reasonable timeframe and in accordance with applicable law.
Where our processing of your information is based on consent, you may withdraw that consent at any time by contacting us at support@getstayaid.com. Please note that withdrawing consent may affect the availability or functionality of certain parts of the service.
GetStayAid is a business platform. We do not knowingly collect information from individuals under the age of 18. If you believe we have received such information, please contact us at support@getstayaid.com.
We may update this Privacy Policy from time to time. Material changes will be noted by updating the date above and, where appropriate, communicated by email or through the platform. Continued use after changes are posted constitutes acceptance of the revised policy.
For any privacy-related questions or requests, contact Gokalp Karahisar, Privacy Officer, at support@getstayaid.com.
Questions about this policy? support@getstayaid.com