1. Overview
HostBooks (“we”, “our”, “us”) operates hostbooks.io. This policy describes how we collect, use, protect, and delete your data when you use our bookkeeping service for short-term rental hosts. We take your privacy seriously and have designed our product so that your financial data stays yours.
2. Data We Collect
We collect only what is necessary to provide the service:
- Account data: Your email address, used to identify your account and send service-critical communications.
- Financial transaction data: Transaction records you upload (dates, descriptions, amounts). These are stored securely in your account and never shared with third parties.
- Property information: Names and optional addresses of your rental properties that you enter into the app.
- Usage data: Basic analytics (page views, errors) to improve the product. No cross-site tracking.
- Payment data: Processed entirely by Stripe. We do not store your card number or banking credentials.
- Bank connection data: If you connect an account through Plaid, we receive the account identifiers, balances, and transaction information needed to import and organize your bookkeeping data. We do not receive or store your bank login credentials.
3. How We Use Your Data
- To categorize your transactions and generate your Schedule E report.
- To send your transaction descriptions to OpenAI's API for AI-assisted categorization. OpenAI does not use API data to train models. No identifying information (name, SSN, account numbers) is included in AI requests.
- To process payments via Stripe.
- To import authorized bank account data through Plaid when you choose to connect an account, maintain that connection, and let you sync fresh transaction data you request.
- To provide customer support when you contact us.
We do not sell your data. We do not use your financial data for advertising. We do not share your data with any party except as described above.
4. Data Security & Encryption
Your data is protected with bank-level security:
- Encryption in transit: All data is transmitted over HTTPS/TLS 1.3.
- Encryption at rest: Your data is stored in Supabase (PostgreSQL), which encrypts data at rest using AES-256.
- Row-level security: Database policies ensure you can only access your own data — not other users' records.
- File handling: Uploaded files (CSV, PDF, etc.) are processed in memory and not permanently stored on our servers. Only the extracted transaction data is persisted.
5. Data Retention & Deletion
Your data is yours. You can delete it at any time:
- Delete your data: You can request deletion of imported financial data and related records at any time.
- Delete your account: You can also request permanent deletion of your full account and associated data.
- Plaid-connected accounts: If you used Plaid, you may also request that we remove imported Plaid data and revoke our active access as part of your deletion request.
- Original files: Uploaded files (CSV, PDF) are processed and immediately discarded. They are never stored on our servers.
- Inactive accounts: We may delete accounts inactive for 2+ years after 30 days' notice.
6. Third-Party Services
We use the following services to operate HostBooks:
- Supabase — database and authentication. Your data lives in their US-region infrastructure. Supabase Privacy Policy
- OpenAI — AI categorization. Only transaction descriptions are sent, never personal identifiers. API data is not used for training. OpenAI Privacy Policy
- Stripe — payment processing. We never see your full card number. Stripe Privacy Policy
- Plaid — bank account connections and transaction import. We use Plaid Inc. to connect your bank accounts and retrieve the financial data you authorize for bookkeeping. Plaid acts as our service provider for this connection flow, and your use of the bank connection feature is also subject to Plaid's end user privacy policy. Plaid End User Privacy Policy
7. Cookies
We use a single authentication cookie (“hostbooks-auth-token”) to maintain your login session. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.
8. Your Rights
Depending on your jurisdiction, you may have rights including:
- The right to access, correct, or delete your personal data.
- The right to data portability (export your transactions as PDF).
- The right to withdraw consent at any time.
- CCPA rights for California residents: we do not sell personal information.
- GDPR rights for EU residents: contact us to exercise your rights.
To exercise any of these rights, email hello@hostbooks.io.
9. Changes to This Policy
We may update this policy as the product evolves. We will notify you by email and update the date at the top of this page. Continued use of HostBooks after changes constitutes acceptance of the updated policy.