Privacy Policy
Last updated: May 2026
1. Who We Are
Omnistay is a direct booking software platform owned and operated by Novamedia ehf. (Kt. 540606-2260), registered in Iceland. We help accommodation providers manage bookings and their direct booking websites.
2. Data We Collect
We collect information you provide directly (name, email, password, property details) and usage data (pages visited, features used, browser type). We also process guest data on behalf of our customers under their instruction.
3. How We Use Your Data
- To provide and improve the Service
- To send transactional emails (booking confirmations, password resets)
- To provide customer support
- To comply with legal obligations
4. Data Sharing
We do not sell your data. We share data only with trusted sub-processors necessary to operate the Service (Supabase for database hosting, Teya for payment processing, SMTP2GO for transactional emails). All sub-processors are bound by GDPR-compliant data processing agreements.
5. Data Retention
We retain your data for as long as your account is active. After account deletion, data is removed within 30 days. Backups are purged within 90 days.
6. Your Rights (GDPR)
Under GDPR, you have the right to access, correct, delete, or export your personal data. To exercise these rights, contact us at privacy@omnistay.io.
7. Cookies
We use essential cookies only (authentication sessions). We do not use advertising or tracking cookies. No third-party analytics scripts are loaded without consent.
8. Security
We use industry-standard security measures including encryption at rest and in transit, regular security audits, and role-based access controls.
9. Contact
Privacy questions? Email privacy@omnistay.io.