baylife.

Baylife Platform

Privacy Policy

GDPR-compliant · Effective 2026

This Privacy Policy explains how Baylife Ltd. ("Baylife", "we", "us") collects, uses, shares, and protects personal data when you use the Baylife platform (the "Platform"). We act as a data controller for the personal data described below and comply with the EU General Data Protection Regulation (GDPR) and applicable national data protection laws.

1. Who We Are

Baylife Ltd. operates the Baylife Platform, a discovery and lead-referral service that connects long-stay guests with hotel partners offering rooms in their off-season. For questions about this policy or to exercise your rights, contact us at guests@baylife.app.

2. What Data We Collect

2.1 Account data

  • Email address and a hashed password
  • First and last name (when provided)
  • Phone number (when provided)
  • Account role (guest or hotel partner)

2.2 Enquiry data

  • Property you enquired about
  • Stay dates, number of guests, selected package
  • Free-text message to the hotel

2.3 Hotel partner application data

  • Property details, photos, pricing, amenities
  • Owner contact details

2.4 Automatically collected data

  • IP address, browser type, device, referring page (server logs)
  • Authentication session cookies (essential)
  • Basic interaction events needed to operate the service

We do not collect special-category data and we do not run third-party advertising or marketing trackers.

3. Why We Collect It — Legal Basis

  • Contract (GDPR Art. 6(1)(b)) — to operate your account, process enquiries, and provide the service you signed up for.
  • Consent (Art. 6(1)(a)) — to forward your enquiry details to a hotel partner when you tick the consent box on the enquiry form, and for any optional cookies.
  • Legitimate interest (Art. 6(1)(f)) — to keep the platform secure, prevent fraud and abuse, and improve the service.
  • Legal obligation (Art. 6(1)(c)) — to keep records required by tax, accounting or other applicable laws.

4. Who We Share It With

4.1 Hotel Partners

When you submit an enquiry, we forward your name, email, phone, stay dates, party size and message to the chosen hotel partner so they can respond. From that point the hotel becomes an independent data controller of that information and you should refer to their privacy policy for further handling.

4.2 Infrastructure providers (processors)

  • Hosting, database and authentication — provided through Lovable Cloud (Supabase infrastructure).
  • Transactional email delivery (account verification, enquiry notifications).
  • Image storage for property photos.

These providers process data on our behalf under written data-processing agreements and may not use it for their own purposes.

4.3 Authorities

We may disclose personal data when legally required to do so by a competent authority, court order, or to defend our legal rights.

5. International Transfers

Some of our processors may store or process data outside the European Economic Area. Where this occurs, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (SCCs).

6. How Long We Keep It

  • Account data — until you delete your account (see Section 8).
  • Enquiries and bookings — for up to 24 months after the last activity, unless we are required to keep them longer for legal or accounting reasons.
  • Server logs — typically up to 30 days.
  • Email suppression list — retained indefinitely to respect unsubscribe / bounce signals.

7. Cookies

We use only essential cookies needed to keep you signed in and to operate the site (authentication tokens, session state). We do not currently use analytics, advertising, or third-party tracking cookies. If we introduce any in the future, we will request your consent through a cookie banner before loading them.

8. Your Rights Under GDPR

You have the right to:

  • Access the personal data we hold about you;
  • Rectify inaccurate or incomplete data;
  • Erase your data ("right to be forgotten");
  • Restrict or object to certain processing;
  • Receive your data in a portable format;
  • Withdraw consent at any time (without affecting prior processing);
  • Lodge a complaint with your national data protection authority.

9. How to Exercise Your Rights

You can delete your account at any time from the account page — this permanently removes your account, enquiries, reviews and saved properties. For any other request, email guests@baylife.app. We respond within 30 days.

10. Security

We protect your data with encryption in transit (HTTPS), hashed passwords, row-level security on our database, role-based access controls, and limited access by authorised personnel only. No system is perfectly secure, but we apply industry-standard measures and will notify you and the relevant authority of any breach within 72 hours where required by law.

11. Children

The Platform is intended for users aged 18 and over. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version is always available at this page. Material changes will be notified by email to account holders.

13. Contact

Baylife Ltd. — guests@baylife.app

← Back to home