PomelloPomello

Privacy Policy

Effective date: April 26, 2026

1. Overview

Pomello (“we,” “our,” or “us”) operates a property management platform that helps hosts manage rental reservations and communicate with guests. This Privacy Policy explains what information we collect, how we use it, with whom we share it, and the choices you have regarding your information. By using Pomello, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

We collect information in the following ways:

Information you provide directly

  • Account information: Name and email address of property managers who register with Pomello.
  • Issue reports and refund requests: Details you submit through the guest portal including descriptions of problems, supporting information, and contact preferences.
  • Communications: Any messages or correspondence you send to us via email or through in-platform forms.

Information collected automatically

  • Reservation data: Guest names, check-in/check-out dates, booking amounts, and booking source synced from connected property management APIs (e.g. Hostfully).
  • Guest portal activity: When guests access their stay portal, we log IP address, approximate geolocation (country/city derived from request headers), browser user agent, pages visited, actions taken, and timestamps.
  • Usage data: Standard server logs including request paths, HTTP methods, response status codes, and response times for debugging and operational purposes.
  • Device and browser information: Browser type, operating system, referring URLs, and similar technical identifiers.

Information from third parties

  • Payment information: Pool heater and add-on payments are processed by Stripe. We receive confirmation of payment status and amount but do not store card numbers, CVVs, or full payment details.
  • Booking platform data: Reservation and property data synced from Hostfully and other connected platforms per your configuration.

3. How We Use Information

We use the information we collect to:

  • Provide, operate, and maintain the Pomello platform for property managers and guests.
  • Sync reservation data from connected APIs and display it in the calendar dashboard.
  • Process payments for guest add-ons (pool heating, etc.) via Stripe.
  • Send email notifications to property managers (e.g. new reservations, guest issues, refund requests).
  • Maintain an audit trail of guest portal activity for compliance and dispute resolution.
  • Respond to inquiries, support requests, and communications.
  • Diagnose errors, monitor performance, and improve platform reliability.
  • Detect and prevent fraudulent activity, abuse, or security incidents.
  • Comply with applicable laws and legal obligations.

4. Legal Basis for Processing

Where applicable law requires a legal basis for processing personal data (e.g. GDPR), we rely on:

  • Contract performance: Processing necessary to deliver the services you or your property manager have engaged us to provide.
  • Legitimate interests: Security logging, fraud prevention, and platform improvement where these interests are not overridden by your rights.
  • Legal obligation: Retention of payment records and activity logs as required by applicable law.
  • Consent: Where we ask for consent (e.g. optional notifications), you may withdraw it at any time.

5. Information Sharing

We do not sell your personal information. We share data only with the following categories of recipients as necessary to operate the platform:

  • Supabase — database storage (PostgreSQL, hosted in the US)
  • Stripe — payment processing
  • Hostfully — reservation data sync
  • Vercel — application hosting and edge functions
  • Resend — transactional email delivery

We may also disclose information if required by law, regulation, legal process, or governmental request, or if we believe disclosure is necessary to protect the rights, property, or safety of Pomello, our users, or others.

6. Cookies and Tracking

Pomello uses a minimal set of cookies and similar technologies:

  • Session cookie (hc_session): A signed JWT stored as an HTTP-only cookie used to authenticate property managers. It expires when you log out or after an inactivity period.
  • No third-party advertising or analytics cookies are set by Pomello. We do not use Google Analytics, Meta Pixel, or similar tracking scripts.

7. Data Retention

Reservation and guest activity data is retained for as long as the property manager account is active and for a reasonable period thereafter in case of disputes. Guests may request deletion of their activity logs by contacting us at the address below. Payment records are retained as required by applicable financial regulations (typically 7 years). Server logs are rotated on a rolling basis.

8. Security

We implement industry-standard safeguards including encrypted connections (HTTPS/TLS), row-level security policies on our database, scoped API credentials with least-privilege access, and HTTP-only session cookies. We conduct periodic reviews of our security practices. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security. In the event of a data breach that affects your rights, we will notify affected parties as required by applicable law.

9. Children's Privacy

Pomello is not directed to children under the age of 13, and we do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us and we will delete it promptly.

10. Your Rights and Choices

Depending on your location, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Delete your personal data (subject to legal retention obligations).
  • Restrict or object to certain types of processing.
  • Data portability — receive a copy of your data in a structured, machine-readable format.
  • Withdraw consent where processing is based on consent.

To exercise any of these rights, contact us at the address in Section 11. We will respond within 30 days. We may need to verify your identity before processing requests.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date at the top of this page. Continued use of the Service after changes are posted constitutes your acceptance of the updated policy. We encourage you to review this page periodically.

12. Contact

For privacy-related questions, requests, or complaints, contact us at: davey.weissberg@gmail.com

Terms of Service·Back to app