Staylia
Sign inStart

Privacy Policy

Last updated: May 22, 2026

1. What Staylia Stores

  • Account profile data such as name, email, Clerk id, role, and onboarding status.
  • Host-created listing data such as title, address city/state, rent, amenities, rules, contact fields, and status.
  • Tenant access data such as invited email, access status, display name, and listing relationship.
  • Uploaded file metadata and Blob URLs for photos and documents.
  • Operational metadata such as timestamps, device registrations, and optional notification preferences.

2. How Data Is Used

Data is used to authenticate users, show hosts their listings, authorize tenant portal access, store files, render public listing previews, and support the rental operations workflow. Staylia should not sell personal information.

3. Service Providers

  • Clerk for authentication and account sessions.
  • MongoDB for application records.
  • Vercel and Vercel Blob for hosting, serverless runtime, analytics, photos, and documents.
  • Resend for transactional email delivery.
  • Stripe for future billing and subscription management.

4. Tenant Visibility

Tenants see only listings connected to active or invited access records for their user profile or email. Hosts decide which documents are host-only, tenant-visible, or public. Hosts should avoid placing private access details in public preview fields.

5. Retention and Deletion

Records are retained while an account, listing, or tenant relationship is active. V1 supports archiving listings, files, binder entries, and access records. Hard deletion and Blob cleanup are deferred until the production data-retention policy is finalized.

6. Security

Staylia relies on Clerk authentication, server-side authorization checks, MongoDB indexes and ownership filters, and Vercel-hosted infrastructure. No online service can guarantee perfect security, so hosts should avoid storing unnecessary sensitive information.

7. Updates

This policy is an early V1 policy scaffold and should be reviewed before production launch. Future updates should reflect billing, email delivery, storage retention, and account deletion behavior.