Skip to content

Launch offer £4.99/mo + £1.99 each extra, 6 months. Use code LAUNCH2026

Back home

Privacy notice

Last updated: 12 June 2026

This notice explains how StayBinder handles personal data, in line with the UK GDPR and the Data Protection Act 2018. It is written to be clear rather than legalistic; it is not a substitute for legal advice.

StayBinder serves two groups of people: hosts (holiday-let owners and managers who run an account) and guests (people who scan a property's QR code to view its welcome guide). Some sections apply to one group, some to both.

Who we are (the data controller)

StayBinder is a brand of WhealBit, a sole trader. The data controller for host account data is [PROPRIETOR FULL NAME] (trading as WhealBit), of [REGISTERED / SERVICE ADDRESS]. We are registered with the UK Information Commissioner's Office (ICO) under registration [ICO REGISTRATION NUMBER].

We act in two roles. For your host account and billing data, we are the controller. For the guest data a host collects through their guide (guestbook entries, feedback and reported issues), the host is the controller and we act as their processor, see our Data Processing Agreement.

What we collect, why, and for how long

From hosts

  • Account details (name, email, optional agency name, phone, address, hours and logo), to provide the service and your account. Lawful basis: performance of our contract with you. Kept for the life of the account and 30 days after closure.
  • Billing data (subscription status, trial dates, and the customer/subscription identifiers held by our payment provider), to take payment and meet our accounting duties. Lawful basis: contract, and legal obligation for the records. Kept for 6 full tax years to meet UK accounting requirements.
  • Property content you publish (house manual, Wi-Fi, check-in details, recommendations, images), to render your guides. Lawful basis: contract. Kept until you delete it or close your account.
  • Security and operational logs, to keep the service safe and working. Lawful basis: our legitimate interest in a secure service. Kept on a short rolling window.

From guests

Guests are never asked to create an account, log in, or provide payment details to view a guide. Where a host enables these features, we process the following on the host's behalf:

  • Guestbook entries (an optional name, which may be left blank, plus a message). Held for the host to approve before public display. Lawful basis: the guest's consent in choosing to submit. Kept until the host removes the entry or closes the property.
  • Stay feedback (a rating, sentiment, message and an optional contact detail), shown privately to the host. Lawful basis: the guest's consent. Kept until the host removes it or closes the property.
  • Reported issues (a description of a problem, e.g. a broken appliance), routed to the host's chosen contact so it can be fixed. Lawful basis: consent, and the host's legitimate interest in resolving issues. Kept until resolved or removed by the host.
  • Anonymous usage events (counts of actions like a QR scan, a Wi-Fi copy, a "directions" tap), to give the host simple aggregate statistics. These are not linked to an individual and set no tracking cookies. Lawful basis: our legitimate interest in non-intrusive analytics. Kept in aggregate on a rolling window.

Cookies

The guest guide uses cookie-free, anonymous analytics and no advertising or third-party tracking cookies. The marketing site sets no optional cookies until you opt in. Full detail is in our Cookie Policy.

Payment data

Payments are handled by Stripe. Card details are entered with Stripe and are never stored on our servers; we keep only the billing status and the identifiers Stripe gives us to manage your subscription.

Who we share data with

We do not sell personal data. We share it only with the sub-processors that run the service on our behalf, listed, with their purpose and location, on our sub-processor page. We may also disclose data where the law requires it.

International transfers

Our database, authentication and file storage (Supabase) are hosted in the UK / EEA, so that data stays within the UK and the EEA. Some sub-processors (for example Stripe) may process data outside the UK; where they do, transfers are protected by the UK International Data Transfer Agreement, EU Standard Contractual Clauses, or an adequacy decision.

Your rights

Subject to applicable law, you have the right to access your personal data and to rectification, erasure, restriction, objection, and data portability, and the right to withdraw consent at any time. To exercise any of these, email info@staybinder.co.uk. We aim to respond within one month.

Guests: the host is the controller of your guestbook entry, feedback or reported issue. You can ask that host to remove it, or contact us at the address above and we will assist and pass your request on.

If you are unhappy with how we handle your data, you can complain to the ICO at ico.org.uk. We would, of course, welcome the chance to put things right first.

Changes and contact

We may update this notice; material changes will be communicated to account holders. Questions can be sent to info@staybinder.co.uk.