Privacy Policy

Last updated: April 2026

This policy explains how Superguest SAS, publisher of the Superguest service, collects and processes your personal data, in accordance with the GDPR and the French Data Protection Act.

1. Data controller

The data controller is Superguest SAS. Contact: [email protected].

2. Data collected

We collect: (a) host account data (email, name, preferences), (b) billing data processed by Stripe, (c) listing data imported from Airbnb (descriptions, photos, calendar, rates), (d) guest data (name, email, booking details) that our host customers collect via their Superguest site, (e) technical data (server logs, IP address, user-agent) necessary for the operation of the Service.

3. Purposes and legal bases

Your data is processed to: provide the Service (contract performance), bill the subscription (legal and contractual obligation), ensure security and prevent fraud (legitimate interest), send transactional emails (contract performance), send product communications if you have consented (consent).

4. B2B prospecting

We may collect professional contact details made public by independent hosts or accommodation businesses to present Superguest when the message is relevant to their activity. Each message includes a simple way to opt out of future outreach. People may also object at any time by emailing [email protected].

5. Recipients

Your data is shared with our technical sub-processors: Stripe (payments), Postmark (transactional email), Hetzner (hosting), Google (OAuth authentication and web fonts), Airbnb (listing import, via public URL only). No data is sold.

6. Retention period

Account data is kept for the duration of the subscription and then archived for 3 years after cancellation for evidence purposes. Billing data is kept for 10 years as required by the French Commercial Code. Technical logs are kept for 12 months. B2B prospecting data is deleted or kept only as an opt-out record no later than 3 years after the last meaningful contact.

7. Transfers outside the EU

Some sub-processors (Stripe, Google) may process data in the United States, under the European Commission's Standard Contractual Clauses (SCC) or the Data Privacy Framework.

8. Your rights

Under articles 15 to 22 of the GDPR, you have the right to access, rectify, erase, restrict, object to, and port your data. To exercise these rights: [email protected]. You may also lodge a complaint with the CNIL (www.cnil.fr).

9. Cookies

Superguest uses cookies strictly necessary for the operation of the Service (session, CSRF) that do not require consent, as well as internal analytics cookies (audience measurement) placed on a legitimate interest basis and anonymized.

10. Changes

We may update this policy. Any substantial change will be notified to you by email at least 30 days before it takes effect.