Last updated: June 2026
Nightdesk operates the revenue intelligence platform at nightdesk.cc ("Service"). This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and your rights regarding that data.
We built Nightdesk for independent hotel and hostel operators who trust us with their business data. This policy is written to be honest and clear.
When you create an account, we collect your full name, email address, and password. Passwords are hashed by Supabase -- we never see or store your plaintext password.
During onboarding you provide your property name, type (hotel, hostel, glamping, etc.), timezone, and currency. This is used to configure your reports.
The core of the Service involves uploading historical revenue and booking data via CSV or XLSX. This typically includes occupancy records, ADR, RevPAR, booking dates, and aggregate revenue figures. This data belongs to you and is used only to generate your forecasts and reports.
We collect information about how you interact with the Service -- features used, import history, timestamps of key actions. This helps us identify problems and prioritize improvements.
Sentry captures diagnostic information when errors occur -- browser type, OS, the page where the error happened, and stack traces. Revenue data and passwords are not captured in error reports.
What we do NOT collect
| Data | Purpose | GDPR Basis |
|---|---|---|
| Name, email, password | Account creation and management | Contractual necessity |
| Property details | Configure the Service for your property | Contractual necessity |
| Revenue data (CSV uploads) | Generate forecasts, briefs, rate recommendations | Contractual necessity |
| Usage data | Diagnose bugs, improve the Service | Legitimate interest |
| Error / diagnostic data | Identify and fix application errors | Legitimate interest |
| Email address | Send transactional emails and daily morning briefs | Contractual necessity |
| Server logs | Security and abuse prevention | Legitimate interest |
We do not use your data for advertising, profiling, or any purpose beyond providing and improving the Service. Nightdesk does not currently use uploaded operator data to train machine learning or AI models. If this changes, we will provide advance notice and an opt-out opportunity before any such use begins.
We share your information only with the providers below, all of which process data on our behalf under contractual obligations. We do not sell your personal information. We do not share data with advertisers or data brokers.
Payment processing. When you enter payment details they go directly to Stripe -- we never receive or store your card number. Stripe is PCI-DSS certified.
Delivers your daily morning briefs and transactional emails (account confirmations, billing receipts). Your email is shared with Resend solely for delivery.
Database and authentication. Stores your account data, property details, and uploaded revenue data. Hosted on AWS us-west-2 (Oregon). Data encrypted at rest and in transit.
Application error tracking. Receives diagnostic reports when errors occur. Revenue data and passwords are not included in error payloads.
Hosting and serverless functions. Processes standard server request logs including IP addresses for security and performance.
We may also disclose your information if required by law, court order, or valid government request. In the event of a merger or acquisition, your data may transfer as part of that transaction with advance notice to you.
| Data Type | Retention | Reason |
|---|---|---|
| Account data, property details, revenue data | Active account + 90 days after cancellation | Service provision, then deletion |
| Billing records | 7 years | Legal and tax obligations |
| Error logs (Sentry) | 90 days | Debugging and security |
| Server logs (Vercel) | 30 days | Security and abuse prevention |
| Support emails | 2 years from last contact | Customer service continuity |
You may request earlier deletion by contacting support@nightdesk.cc.
We implement the following measures to protect your data:
No system is perfectly secure. If you believe your account has been compromised, contact us immediately at support@nightdesk.cc.
If you are located in the European Economic Area or United Kingdom, you have the following rights:
To exercise these rights, email support@nightdesk.cc. We will respond within 30 days.
If you are a California resident, you have the following rights:
Categories of personal information collected in the past 12 months: identifiers (name, email), commercial information (subscription and billing history), internet/network activity (usage logs, error reports), and professional information (property name and type). We do not sell any of these categories.
To exercise your rights, contact support@nightdesk.cc.
Nightdesk uses only essential cookies required for authentication and session management.
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential / Auth (Supabase) | Login session and authentication state | Session / up to 7 days |
| Essential / CSRF | Cross-site request forgery protection | Session |
We do not use advertising cookies, cross-site tracking cookies, Google Analytics, Meta Pixel, or any third-party analytics scripts.
The Service is intended for adult business operators and is not directed at individuals under 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, contact support@nightdesk.cc and we will delete it.
Your data is primarily stored in the United States (AWS us-west-2, Oregon). If you access the Service from outside the US, your information will be transferred to and processed in the US. For EEA and UK users, we rely on Data Processing Agreements incorporating Standard Contractual Clauses (SCCs) approved by the European Commission with our service providers.
We may update this Privacy Policy from time to time. For material changes, we will notify you by email at least 14 days before changes take effect. Continued use of the Service after changes constitutes acceptance of the updated policy.