Privacy Policy

Last updated: April 2026

This policy explains how Superguest SAS, publisher of the Superguest service, collects and processes your personal data, in accordance with the GDPR and the French Data Protection Act.

1. Data controller

The data controller is Superguest SAS. Contact: support@superguest.fr.

2. Data collected

We collect: (a) host account data (email, name, preferences), (b) billing data processed by Stripe, (c) listing data imported from Airbnb (descriptions, photos, calendar, rates), (d) guest data (name, email, booking details) that our host customers collect via their Superguest site, (e) technical data (server logs, IP address, user-agent) necessary for the operation of the Service.

3. Purposes and legal bases

Your data is processed to: provide the Service (contract performance), bill the subscription (legal and contractual obligation), ensure security and prevent fraud (legitimate interest), send transactional emails (contract performance), send product communications if you have consented (consent).

4. Recipients

Your data is shared with our technical sub-processors: Stripe (payments), Postmark (transactional email), Hetzner (hosting), Google (OAuth authentication and web fonts), Airbnb (listing import, via public URL only). No data is sold.

5. Retention period

Account data is kept for the duration of the subscription and then archived for 3 years after cancellation for evidence purposes. Billing data is kept for 10 years as required by the French Commercial Code. Technical logs are kept for 12 months.

6. Transfers outside the EU

Some sub-processors (Stripe, Google) may process data in the United States, under the European Commission's Standard Contractual Clauses (SCC) or the Data Privacy Framework.

7. Your rights

Under articles 15 to 22 of the GDPR, you have the right to access, rectify, erase, restrict, object to, and port your data. To exercise these rights: support@superguest.fr. You may also lodge a complaint with the CNIL (www.cnil.fr).

8. Cookies

Superguest uses cookies strictly necessary for the operation of the Service (session, CSRF) that do not require consent, as well as internal analytics cookies (audience measurement) placed on a legitimate interest basis and anonymized.

9. Changes

We may update this policy. Any substantial change will be notified to you by email at least 30 days before it takes effect.