Privacy Policy

1. Data collected

Vayento processes account data such as name, email, phone, profile details, booking details, payment status, messages, reviews, host lead submissions and audit events. The platform avoids exposing sensitive authentication fields such as password hashes in API responses.

2. Purpose of processing

Data is processed to create and secure accounts, provide booking functionality, support payments, manage properties, send notifications, handle support requests, improve user experience and maintain compliance-ready operational records.

3. Authentication and security

The system uses password hashing, access tokens, refresh tokens, route protection, role-based authorization, audit logs and validation guards. Users are responsible for choosing strong passwords and protecting their devices.

4. Payment information

Payment processing is handled through Stripe. Vayento stores payment references, status, amount, currency and operational metadata, but does not store full card numbers.

5. Communications

Transactional emails, booking confirmations, password reset links and host/admin notifications may be sent through configured email infrastructure. In local development, these messages are captured by Mailpit for testing.

6. Data retention

Booking, payment, audit and support records may be retained for accounting, legal, security and dispute-management reasons. Account deactivation disables access while preserving historical records required for platform integrity.

7. User rights

Users may update profile information, change their password, request email changes and deactivate their account. Additional requests may be handled through support channels.