Privacy Policy (Updated November 26th 2025)

1. Our Role as Data Controller and Data Processor

DAYPASS Inc. as Controller:
For most personal data you provide when creating an account, browsing listings, receiving communications, and making bookings, DAYPASS Inc. acts as the Data Controller. We decide why and how this information is processed (for example account management, booking confirmations, customer support, and marketing).

Hotels and Partners as Separate Controllers:
When you make a reservation, we share limited data (such as your name, contact details, and booking information) with the hotel or partner venue. Each hotel or partner acts as an independent Data Controller for its own use of your personal data (for example guest registration, on-site services, compliance). Their use of your data is governed by their own privacy policies.

DAYPASS Inc. as Processor:
In certain cases, such as DirectPass or white-label integrations, DAYPASS™ may act as a Data Processor on behalf of hotels or partners. We process data only on their documented instructions and enter into Data Processing Agreements (DPAs) to ensure GDPR compliance.

2. Information We Collect

Non-Personal Information:
Data that does not personally identify you, automatically collected when you use our Services (browser type, device type, IP address, referring/exit pages, etc.).

Personally Identifiable Information (PII):
Non-public information that can identify you, collected when you create an account, place a reservation, or interact with our Services. This may include:

Name, email, phone number, location, billing or business details.
Payment details (processed securely by Stripe; see Section 6).
Images or content you upload.

3. How We Collect Information

Account registration and reservations.
Forms and uploads.
Automatic collection via cookies, web beacons, analytics, and mobile device data.

4. How We Use Your Data

We use your personal data to:

Provide and improve our Services.
Manage bookings and communicate with you.
Send service-related notifications (bookings, cancellations, reminders).
Send promotional communications (with opt-out).
Analyze usage trends to improve performance.
Fulfill legal obligations and enforce our Terms.

5. Sharing Your Information

We do not sell or rent your personal data. We may share it as follows:

With hotels and partners you book with, to deliver their services.
With service providers (e.g. payment processors, hosting providers) under confidentiality.
For legal compliance (subpoena, law enforcement, regulatory requirements).
In case of a merger, acquisition, or business transfer.

6. Payments

Payments are processed exclusively by Stripe. DAYPASS™ does not store or have access to your credit card details. See Stripe’s privacy policy: https://stripe.com/us/privacy.

7. Cookies & Tracking

We use cookies and similar technologies to personalize content, remember preferences, and deliver offers. You can disable cookies in your browser settings, but some functionality may be limited. See our Cookie Policy for details.

8. Your Data Protection Rights

Depending on your region (EEA, UK, California, or others), you may have rights to:

Access, correct, update, or delete your personal data.
Object to processing or request restriction.
Request data portability.
Withdraw consent at any time.
Opt out of marketing communications.
File a complaint with your data protection authority.

To exercise these rights, contact privacy@daypass-app.com.

Representative

We have appointed Prighter Group and its regional partners as our privacy representative for the EU.
To exercise your rights via Prighter: https://app.prighter.com/portal/11555275426

9. Children’s Privacy

Our Services are not designed for children under 16. We do not knowingly collect data from children. If a child has provided data, contact us for deletion.

10. Security

We use industry-standard encryption, authentication, and other security measures (SSL, firewalls). No system is 100 percent secure; please keep your credentials confidential.

11. Data Retention

We retain account and booking data as long as required for service provision, legal, and financial compliance. Reservation records may remain after account deletion due to statutory retention rules.

12. Third-Party Links

Our Services may contain links to third-party websites. Their privacy practices are not governed by this Policy.

13. Updates

This Privacy Policy may be updated periodically. Updates will appear here with a new “Last Updated” date. Material changes may also be communicated by email or notice.

14. Contact Us

If you have questions or wish to exercise your rights:

DAYPASS Inc.
66 West Flagler Street, Suite 900
Miami, FL 33130
United States
Email: privacy@daypass-app.com

15. Partner Privacy Policies

We encourage you to review the privacy policies of partner hotels and brands you book through the DAYPASS™ Platform, such as Accor, Ascott, Centara, Club Med, Hilton, Hyatt, IHG, Marriott, Melia, Palladium, and others.

We also recommend reviewing the privacy policies of the venues available through the DAYPASS™ Platform.