Legal
Privacy Policy
How StayLedger collects, uses, and protects personal data for the marketing site and PMS.
- Effective date:
- 2026-07-14
- Last updated:
- 2026-07-14
- Version:
- 1.0.0
The Vietnamese and English versions have equal validity. If anything is unclear, please contact us for clarification.
At a glance
- Data collected: demo/contact details, account data, property data, guest data entered by hotels, usage and technical logs.
- Why we use it: provide and secure the PMS, respond to inquiries, operate the service, and measure site engagement only with analytics consent.
- Who controls guest data: the hotel/customer that collects and enters guest records into StayLedger.
- How to submit a request: email [email protected] with enough detail to identify the account or property.
- Contact channel: [email protected] (privacy/technical); [email protected] (general support).
Scope
This Privacy Policy applies to stayledger.io (the marketing website), demo/contact forms, and the StayLedger Property Management System (PMS) operated under the StayLedger brand.
It does not replace a signed data processing agreement or subscription contract where those documents apply to a paying customer.
Data controller / service provider
StayLedger is a B2B SaaS property management service operated by FLOWNEXA COMPANY LIMITED.
For privacy requests related to accounts or property data, contact [email protected]. For general support, contact [email protected].
Categories of data we collect
- Account data: user name, email, role, account/property membership.
- Contact data: name, email, phone, and message content from demo or contact forms.
- Property/business data: property name, room count, operational preferences submitted for sales or account setup.
- Booking/guest data: information entered by customer staff into the PMS (guest profiles, stays, folios) — controlled by the hotel customer.
- Usage data: feature usage events needed to operate and improve the product.
- Device/browser/IP and technical logs: security, diagnostics, and reliability.
- Support communications: emails or support requests you send to support.
- Billing data: invoice and payment status collected through offline contracting (this website does not collect card payments).
Purposes of processing
- Respond to demo and sales inquiries.
- Provide, secure, and maintain the PMS.
- Authenticate users and enforce multi-property access control.
- Send operational notices related to the service.
- Comply with applicable law and respond to lawful requests.
- Measure website engagement only when analytics consent is granted.
Legal basis and consent
Depending on context and applicable law, processing may rely on contract performance, legitimate interests in operating a secure B2B service, legal obligations, or consent (for example non-essential analytics cookies).
Guest data entered by hotels
Hotels and other accommodation operators remain responsible for the personal data of their guests that they enter into StayLedger.
In typical PMS deployments, the hotel customer is the business owner/controller of guest data, and StayLedger acts as a service provider/processor according to the customer’s instructions and contract.
Roles between StayLedger and customers
- Customer (hotel/property): decides what guest and operational data to collect and how it is used for their business.
- StayLedger: provides the software platform, hosts data per contract, and processes data to deliver the service.
Storage and location
Data is stored in secured cloud infrastructure. Specific regions and residency commitments are defined in the customer subscription or DPA when applicable.
Retention
We retain account and operational data for the life of the subscription and as required by law. After termination, retention and deletion follow the customer agreement and documented operations practice.
Backup copies may persist for a limited period consistent with disaster-recovery procedures. Numeric day counts, when specified, follow your contract.
Security measures
- Encryption in transit (TLS) for public endpoints.
- Role-based access control and property/account scoping in the PMS.
- Audit logging for sensitive administrative actions where enabled.
- Backups and restoration procedures.
- Incident handling through established incident-response processes.
Your rights
Subject to applicable law, individuals may request access, correction, or deletion of personal data, or raise an objection where legally available.
Hotel guests should typically contact the hotel that collected their data. If StayLedger receives a guest request, we may redirect it to the relevant customer.
How to make a request
- Email [email protected] with enough detail to identify the account or property.
- We may need to verify your identity or authority before acting.
- We will respond according to applicable law and, for customers, any contractual process.
Children’s data
StayLedger is a B2B service and is not directed to children. We do not knowingly collect children’s data via the marketing site.
Cross-border transfers
If data is processed or stored outside Vietnam, we apply contractual and technical safeguards appropriate to the engagement. Exact transfer mechanisms depend on infrastructure choices documented for the customer.
Changes to this policy
We may update this policy from time to time. The effective date and version above will change when we publish updates.