Privacy Policy

1. Introduction and Scope

RoomRefund LLC ("RoomRefund," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, store, and protect information about you when you use the RoomRefund mobile application, website at roomrefund.com, and related services (collectively, "Services"). By using the Services, you acknowledge that you have read and understood this Policy.

2. Information We Collect

2.1 You Provide Directly

Identity Data: Full name, date of birth, government ID (if required).

Contact Data: Email address, phone number, mailing address.

Payment Data: Processed exclusively by Stripe. We never store full card numbers, CVV codes, or bank account details.

Booking Data: Hotel name, location, check-in/check-out dates, confirmation number, booking value.

Communications: Emails, support tickets, and other messages you send us.

2.2 Collected Automatically

Device Info: Device type, OS version, unique device identifiers.

Usage Data: Features accessed, screens viewed, session duration.

Log Data: IP address, browser type, access timestamps.

Approximate Location: Derived from IP address only. No precise GPS without explicit consent.

2.3 Third-Party Authentication

If you sign in via Apple, Google, or Facebook, we receive your name, email, and unique identifier. We do not receive your password for those services.

3. How We Use Your Information

3.1 Service Delivery

Creating and managing your account. Matching Sellers with Buyers. Processing payments through Stripe. Sending transactional notifications.

3.2 Safety & Compliance

Detecting and preventing fraud and unauthorized access. Complying with applicable legal obligations. Enforcing our Terms of Service.

3.3 SMS Communications

By opting into SMS, you consent to recurring automated texts from RoomRefund. Consent is not a condition of purchase. Message and data rates may apply. Text STOP to opt out. We will not sell your phone number.

4. Disclosure of Your Information

We do not sell, rent, or trade your personal information. We share it only with:

Stripe, Inc.: Payment processing and fraud prevention.

Supabase Inc.: Database hosting and authentication.

Expo / Apple / Google: App distribution and push notifications.

Hotels and counterparties: Minimum booking details to complete transfers.

Law enforcement: When required by valid legal demand.

5. Data Retention

Account data: 7 years after account closure.

Transaction data: 7 years after transaction date.

Travel preferences: Deleted within 30 days of account deletion.

Marketing consent: 5 years from consent or opt-out.

6. Data Security

TLS 1.2+ encryption for data in transit. Passwords stored using bcrypt hashing. Row-level security enforced at the database level. PCI DSS-compliant payment processing through Stripe. In the event of a data breach, we will notify you within 30 days as required by Colorado law (HB 18-1128).

7. Your Rights

Access & Deletion

Email support@roomrefund.com with subject "Data Access Request" or "Data Deletion Request." Processed within 30 days.

Opt-Out of Marketing

Email: click unsubscribe. SMS: reply STOP. Push: disable in device settings.

California Residents (CCPA)

Right to know, delete, and opt-out of sale (we do not sell data). Email support@roomrefund.com with subject "CCPA Request."

Colorado Residents (CPA)

Rights include access, correction, deletion, and portability. Contact support@roomrefund.com.

8. Children's Privacy

The Services are not directed to individuals under 18. Contact support@roomrefund.com if you believe we have collected information from a minor.

9. Changes to This Policy

We may update this Policy at any time. Material changes will be communicated by updating the Effective Date and posting a notice on the App or Site. Continued use constitutes acceptance.