Privacy Policy

Last updated: February 24, 2026

1. Introduction

Lynxer ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at lynxer.io (the "Service").

By using the Service, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your email address, name, and company name. This information is required to provision your tenant account and provide the Service.

2.2 Property Management System Data

When you connect your PMS (e.g., Guesty), we access and store property data including:

  • Property details (titles, descriptions, addresses, photos, amenities)
  • Rates and pricing information
  • Availability and calendar data
  • Booking URLs and property configurations

We also store encrypted API credentials (client ID and client secret) to maintain the connection with your PMS on your behalf.

2.3 Usage Data

We automatically collect information about how you interact with the Service, including pages visited, features used, sync operations performed, and timestamps. This data helps us improve the Service and troubleshoot issues.

2.4 Technical Data

We collect standard technical data such as IP address, browser type, device information, and referring URLs through server logs and analytics tools.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Synchronize your property data with Google Hotel Center and other distribution channels
  • Process your subscription and billing
  • Communicate with you about your account, updates, and support requests
  • Monitor and analyze usage patterns to improve the Service
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations

4. Third-Party Services

We share your data with the following third-party services as necessary to provide the Service:

4.1 Google Hotel Center

We transmit your property data (listings, rates, availability) to Google Hotel Center through their API to distribute your properties on Google Hotels, Google Search, and Google Maps. This data is subject to Google's privacy policy.

4.2 Property Management Systems

We connect to your PMS (e.g., Guesty) using API credentials you provide to retrieve and synchronize property data. We access only the data necessary to provide the Service.

4.3 Infrastructure Providers

We use Supabase for database hosting and authentication, and Vercel for application hosting. These providers may process your data in accordance with their respective privacy policies.

4.4 Payment Processors

We use third-party payment processors to handle subscription billing. We do not store your full payment card details on our servers.

5. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption of API credentials and sensitive data at rest
  • TLS/SSL encryption for all data in transit
  • Row-level security policies ensuring tenant data isolation
  • Regular access reviews and principle of least privilege
  • Secure authentication with email verification

While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your account and property data for as long as your account is active. Upon account termination, we retain your data for 30 days to allow for reactivation, after which it may be permanently deleted. Certain data may be retained longer as required by law or for legitimate business purposes (e.g., billing records, audit logs).

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to or restrict certain processing of your data
  • Request data portability
  • Withdraw consent at any time

To exercise any of these rights, please contact us at support@lynxer.io. We will respond to your request within 30 days.

8. Cookies and Tracking

The Service uses essential cookies for authentication and session management. We may also use analytics cookies to understand how the Service is used. We do not use advertising cookies or sell your data to advertisers.

You can control cookie preferences through your browser settings. Disabling essential cookies may affect the functionality of the Service.

9. GDPR Compliance

For users in the European Economic Area (EEA), we process your data based on the following legal bases: contract performance (providing the Service), legitimate interests (improving and securing the Service), and consent (where applicable). You have the right to lodge a complaint with your local data protection authority.

10. CCPA Compliance

For California residents: we do not sell your personal information. You have the right to know what personal information we collect, request deletion, and opt out of any future sale of personal information. To exercise these rights, contact us at support@lynxer.io.

11. Children's Privacy

The Service is not directed to individuals under 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us and we will promptly delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

13. Contact

If you have questions about this Privacy Policy or our data practices, please contact us at support@lynxer.io.