Privacy Policy

1. Introduction

SMRTROOM ("we", "our", or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

SMRTROOM is the data controller responsible for your personal data. For any privacy-related inquiries, please contact us at info@smrtroom.com.

3. Data We Collect

3.1 Account Information

• Email address (used for authentication)
• User ID (automatically generated)
• Account creation date

3.2 Usage Data

• Reservation and booking information you enter
• Room management data
• Application preferences and settings

3.3 Technical Data

• Browser type and version
• Device information
• IP address (for security purposes only)
• Cookies and similar tracking technologies

4. Legal Basis for Processing

We process your personal data based on:

• Consent: You have given clear consent for us to process your personal data for a specific purpose.
• Contract: Processing is necessary for the performance of our service agreement with you.
• Legitimate Interests: Processing is necessary for our legitimate interests (e.g., improving our service, preventing fraud).

5. How We Use Your Data

• To provide and maintain our hotel management service
• To authenticate your account and ensure security
• To store and manage your reservation data
• To improve and optimize our service
• To communicate with you about service updates and support
• To comply with legal obligations

6. Data Storage and Security

Your data is stored securely using Firebase (Google Cloud Platform) with end-to-end encryption. We implement industry-standard security measures including:

• SSL/TLS encryption for data in transit
• Encrypted storage for data at rest
• Regular security audits and updates
• Access controls and authentication

7. Your GDPR Rights

Under GDPR, you have the following rights:

• Right to Access: Request copies of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restrict Processing: Request limitation of processing your data
• Right to Data Portability: Request transfer of your data to another service
• Right to Object: Object to processing of your data
• Right to Withdraw Consent: Withdraw consent at any time

To exercise any of these rights, please contact us at info@smrtroom.com. We will respond within 30 days.

8. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy or as required by law. You can request deletion of your account and all associated data at any time.

9. Data Sharing

We do not sell, rent, or share your personal data with third parties except:

• When required by law or legal process
• With service providers (Firebase/Google Cloud) who help us operate our service
• With your explicit consent

10. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure appropriate safeguards are in place through Standard Contractual Clauses (SCCs) and compliance with EU-US Data Privacy Framework.

11. Cookies

We use cookies and similar tracking technologies to improve your experience. For more information, see our Cookie Policy.

12. Children's Privacy

Our service is not intended for children under 16 years of age. We do not knowingly collect personal data from children.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

14. Contact Us

For questions about this Privacy Policy or to exercise your rights, please contact us at:

Email: info@smrtroom.com

15. Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority in your country if you believe we have not complied with GDPR requirements.