GDPR

Privacy policy

Last updated: May 4, 2026

Data controller

The data controller will be the legal entity operating Roomrise. Complete legal information will be published before billing opens.

Privacy contact: privacy@roomrise.app.

Data processed

Roomrise may process professional identity data, account data, team roles, hotel data, operating data, billing data, support messages and technical logs.

Roomrise does not need guest names to generate recommendations. Hotels should avoid importing guest-identifying data in CSV files.

Purposes

customer account creation and management;
delivery of rate recommendations;
import, analysis and export of hotel data;
customer support;
security, abuse prevention and logging;
billing and accounting obligations;
service improvement with minimized or aggregated data.

Automated recommendations

Roomrise produces algorithmic rate recommendations. These recommendations are not automatically applied to sales channels without validation or an integration configured by the customer.

The customer remains responsible for the final pricing decision.

Planned processors

Provider

Role

Data

EU host to be confirmed

Hosting

application, database, logs

Stripe

Payment

billing, payment status

Resend

Transactional email

email, transactional content

Sentry or equivalent

Error monitoring

technical logs, application errors

Retention periods

Account and hotel data is retained for the duration of the contract, then deleted or anonymized within a target period of 30 days after a deletion request, unless a legal obligation requires otherwise.

Billing data may be retained for up to 10 years. Security logs are retained for a target period of 6 to 12 months.

Rights

Data subjects may exercise their rights of access, rectification, erasure, objection, restriction and portability where applicable.

In the application, account export and organization deletion are available from the Account page. A complaint may also be submitted to the CNIL.