How your operational data is processed.

• You (the property or hotel group) are the data controller for the guest data you process through Prostay.
• Prostay Limited is the data processor. We process the data only on your documented instructions.

• Reservations and folio postings.
• Guest contact data (name, email, phone, country) and ID references where you choose to capture them.
• Payment events and tokenised payment methods (card numbers themselves never reach our servers).
• Messaging history with guests on connected channels.
• Internal notes, tasks and audit log entries.

We rely on a small set of vetted sub-processors to deliver Prostay. They are listed in the table inside the product (Settings → Trust → Sub-processors) and we notify you 30 days before any change.

We host customer data in the EU (Frankfurt) by default. Where data is transferred outside the EU/UK to a sub-processor, we rely on the European Commission Standard Contractual Clauses and apply additional technical and organisational measures.

• Encryption in transit (TLS 1.2+) and at rest (AES-256).
• Tenant isolation at the database level. No shared production credentials.
• Continuous logging and immutable audit trails for sensitive actions.
• Annual third-party penetration tests and ongoing vulnerability scanning.

In the event of a security incident affecting your data, we notify your designated contact within 72 hours of confirmation, with the facts known at the time, an initial impact assessment and a remediation plan.

When a guest asks you to access, correct or delete their data, you can self-serve from inside the product. We provide a guided workflow that finds every record across reservations, messages, folio history and the audit log.

If you need help, write to office@prostay.com and our DPO will assist within 5 business days.