Privacy Policy

Through the booking form on our website, we collect the following personal data:

• Full name
• Email address
• Phone number
• Stay dates (check-in and check-out)
• Number of guests
• Optional message (special requests, questions)
• IP address (temporarily processed for abuse protection, not permanently stored)

The data is used exclusively to process your booking request: we contact you for confirmation and organise your stay. We do not use it for marketing purposes.

To operate our services, we use the following data processors, with whom we have data processing agreements (DPA) in place:

• Supabase — data storage (database and files), headquartered in the USA, GDPR and SOC 2 compliant
• Brevo (formerly Sendinblue) — sending confirmation, cancellation and pre-arrival emails, headquartered in France, GDPR compliant
• Vercel — website hosting, headquartered in the USA, GDPR compliant

Data is stored in a Supabase-hosted PostgreSQL database, encrypted at rest (AES-256). Access is restricted through authentication and row-level security (RLS) policies. Confirmation emails are sent via Brevo.

Booking data is retained for 2 years after check-out, then permanently deleted. You may request early deletion at any time.

Under GDPR, you have the right to:

• Access: request a copy of your data
• Rectification: correct inaccurate data
• Erasure: request deletion of your data
• Restriction: limit how your data is processed

To exercise these rights, contact us at the email address below.

This website uses only essential cookies for administrator authentication (login session). We do not use tracking or advertising cookies. Traffic analysis is performed via Umami Analytics, which operates without cookies and fully respects visitor privacy.

For any request related to your personal data: