Privacy Policy

Last updated: April 11, 2026

This Privacy Policy describes how Simple PMS (“we”, “us”, “our”), based in Albania, collects, uses, and protects your personal data when you use our platform at app.simple-pms.com (“Service”). We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and applicable Albanian data protection laws.

1. Data Controller

Simple PMS acts as the data controller for data collected about you as a user of our platform (account data, usage data). When you use Simple PMS to manage guest information, you are the data controller for that guest data and we act as the data processor on your behalf.

Contact: info@simple-pms.com

2. Data We Collect

2.1 Account Data

When you sign up, we collect your name, email address, and authentication details through Clerk. If you subscribe to the Pro plan, Stripe collects your payment information directly — we do not store credit card numbers.

2.2 Property & Booking Data

Data you enter about your properties, units, bookings, expenses, and operational information. This data is owned by you.

2.3 Guest Data (you as controller)

When you use Simple PMS to register guests, you may upload guest names, nationalities, ID document photos, dates of birth, and contact information. You are the data controller for this data. We process it only on your behalf to provide the Service.

2.4 AI-Processed Data

When you use AI features (booking extraction, ID scanning, WhatsApp chatbot), content is sent to Google Gemini for processing. This includes booking screenshots, ID document images, and guest messages. Processed data is stored in our database; we do not use it for AI model training.

2.5 Usage & Technical Data

We collect standard technical data including IP addresses, browser type, device information, and pages visited. This helps us maintain and improve the Service.

3. How We Use Your Data

• Provide and maintain the Service
• Process bookings, generate check-in instructions, and manage properties
• Power AI features (booking extraction, ID scanning, chatbot)
• Send notifications (check-in reminders, low battery alerts, task deadlines)
• Process payments through Stripe
• Communicate with you about your account and service updates
• Comply with legal obligations (e.g., guest registration requirements)

4. Legal Basis for Processing (GDPR)

• Contract performance: Processing necessary to provide the Service you signed up for
• Legitimate interests: Service improvement, security, and fraud prevention
• Legal obligations: Compliance with tax, accounting, and data protection laws
• Consent: For optional features like push notifications and marketing communications

5. Data Storage & Security

Your data is stored on MongoDB Atlas (cloud database) and Cloudflare R2 (file storage). The application is hosted on Vercel. Data may be processed in EU and US regions depending on service provider infrastructure.

We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS), access controls, and regular security reviews.

6. Data Sharing

We share your data only with:

• Clerk: Authentication and organization management
• Stripe: Payment processing (Pro plan subscribers)
• Google (Gemini): AI processing for booking extraction, ID scanning, and chatbot features
• Meta (WhatsApp Business API): Guest messaging, if you enable the WhatsApp chatbot
• Seam: Smart lock management, if you connect door locks
• Cloudflare: File storage (property photos, ID images)
• Resend: Email notifications

We do not sell your personal data. We do not share your data with advertisers.

7. ID Document Handling

Guest ID document images uploaded for guest book registration are stored in encrypted cloud storage. Simple PMS provides configurable auto-deletion periods for ID images to help you comply with GDPR data minimization requirements. You can configure how long ID images are retained in your organization settings.

8. Data Retention

• Account data: Retained while your account is active and for 30 days after deletion
• Booking & property data: Retained while your account is active; exportable and deletable at any time
• Guest ID images: Subject to configurable auto-deletion periods (default varies by organization settings)
• WhatsApp conversation logs: Retained for the duration of the associated booking
• Payment records: Retained as required by tax and accounting regulations

9. Your Rights (GDPR)

As an EU resident, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate personal data
• Erasure:Request deletion of your personal data (“right to be forgotten”)
• Data portability: Receive your data in a structured, machine-readable format
• Restriction: Request restriction of processing
• Objection: Object to processing based on legitimate interests
• Withdraw consent: Withdraw consent at any time for consent-based processing

To exercise these rights, contact us at info@simple-pms.com. We will respond within 30 days.

10. Cookies

Simple PMS uses essential cookies for authentication and session management. We do not use tracking cookies or third-party advertising cookies.

11. Children's Privacy

Simple PMS is not intended for use by individuals under 18 years of age. We do not knowingly collect personal data from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification at least 14 days before they take effect.

13. Contact & Complaints

For privacy-related questions or to exercise your rights, contact us at:

Simple PMS
Email: info@simple-pms.com

If you are unsatisfied with our response, you have the right to lodge a complaint with a supervisory authority. In Albania, this is the Commissioner for the Right to Information and Protection of Personal Data (IDP).