Privacy Policy
Last Updated: May 29, 2026
Effective Date: May 29, 2026
This Privacy Policy explains how Jeanna One Inc. (doing business as "StaycationGo," "we," "us," or "our") collects, uses, discloses, and protects your personal data when you use the StaycationGo platform, including our website, applications, and related services (the "Platform").
StaycationGo is a Software-as-a-Service (SaaS) technology provider based in the United States. We build and operate property microsites and booking tools for short-term rental Hosts. The rental relationship is between the Host and the Guest. StaycationGo provides the technology, not the accommodation.
Guests from any location may submit booking inquiries through Host property microsites powered by the Platform. By using the Platform or submitting a booking inquiry, you acknowledge that you have read and understood this Privacy Policy.
1. Who We Are
Jeanna One Inc. is a California corporation. We provide technology services to Hosts and process personal data of both Hosts and Guests in connection with operating the Platform.
Privacy inquiries:
Jeanna One Inc. d/b/a StaycationGo
12 San Miguel, Rolling Hills Estates, California 90274
hello@staycationgo.com
2. What We Collect
We collect personal data in three ways: directly from you, automatically through your use of the Platform, and from third-party sources.
2.1 Data You Provide
Hosts provide the following during onboarding and through use of the Platform: name, date of birth, and profile photograph (Identity Data); email address, phone number, and mailing address (Contact Data); property address, descriptions, photographs, pricing, availability, amenities, and house rules (Property Data); payment method details for subscription processing through Stripe (Financial Data); government-issued identification and photographs or selfies for identity verification, which may include biometric data such as facial geometry (Identity Verification Data, see Section 2.4); tax identification numbers such as SSN or ITIN, tax residency information, and W-9 or W-8BEN forms (Tax Information); messages on the Platform, support inquiries, reviews, and ratings (Communications Data); and language, currency, notification, and other preferences (Preferences Data).
Financial Data is transmitted directly to Stripe. We do not store complete payment card numbers on our servers.
Guests provide information when submitting a booking inquiry through a Host's property microsite: name, email address, phone number, preferred dates, and an optional message. Guests do not create accounts on StaycationGo. Inquiry data is shared with the Host to facilitate the booking.
2.2 Data We Collect Automatically
When you use the Platform or visit a Host's property microsite, we automatically collect:
Technical Data: IP address, browser type, operating system, device identifiers, time zone, and language settings.
Usage Data: Pages viewed, searches, clicks, features used, and visit timestamps.
Location Data: We may collect precise geolocation (within approximately 500 meters) from your device if you grant permission through your device settings. We also infer approximate location from your IP address. Precise geolocation is classified as sensitive data under applicable state laws.
Cookies and Tracking Technologies: We use cookies, tracking pixels, and similar technologies. See Section 10 for details and your choices.
Email Engagement Data: We use tracking pixels in emails to measure open rates and click-through rates. You can prevent this by disabling image loading in your email client or unsubscribing from marketing emails.
2.3 Data from Third-Party Sources
We may receive personal data from the following sources: identity verification providers (verification results, risk scores), Stripe (subscription payment status, failed payment notifications), Google Analytics (aggregated usage data), social login providers (name, email, and photograph if a Host signs in with Google, Apple, or Facebook), public records databases (for fraud prevention), and the IRS (tax status information).
2.4 Biometric Data
Identity verification may involve the collection of biometric identifiers, specifically facial geometry derived from photographs or selfies. The following applies to all biometric data we process:
Purpose. We use biometric data solely for identity verification and fraud prevention.
Retention. Raw biometric data is retained only for the duration necessary to complete the verification process (typically less than 24 hours). After verification, we retain only the verification result (pass/fail) and a non-reversible identifier. The biometric template itself is not retained.
Consent. We obtain express informed consent before collecting biometric data through a clear opt-in mechanism at the point of collection.
Disclosure. Biometric data is shared only with our identity verification provider, solely for the purpose of performing the verification. We do not sell, lease, or trade biometric data.
Destruction. Biometric templates are permanently destroyed within 90 days of verification completion or 90 days of your last interaction with the Platform, whichever comes first.
Texas Residents: This notice is provided pursuant to the Texas Data Privacy and Security Act (TDPSA) and the Texas Capture or Use of Biometric Identifier Act (CUBI).
Illinois Residents: If Illinois BIPA applies, a separate BIPA-specific consent and retention notice is provided at the point of collection.
3. How We Use Your Data
3.1 Platform Operations
Setting up and managing Host accounts, powering Host property microsites, facilitating booking inquiries between Hosts and Guests, processing Host subscription payments through Stripe, verifying Host identities, enabling Host-Guest communication, displaying listings and search results, providing customer support, and enforcing our Terms of Use.
3.2 Safety and Security
Detecting, investigating, and preventing fraud, unauthorized access, and illegal activity. Verifying user identities. Moderating content. Enforcing community standards. Defending against legal claims, chargebacks, and disputes.
3.3 Service Improvement
Analyzing Platform usage patterns to improve features, performance, and design. Conducting internal research and analytics. Testing new features. Personalizing user experience, including search result relevance and listing recommendations. Measuring email engagement to improve communication quality.
3.4 Legal Compliance
Reporting Host income to the IRS as required by law. Responding to valid legal process (subpoenas, court orders, regulatory inquiries). Maintaining records required by applicable tax, financial, and commercial laws. Filing mandatory breach notifications with regulators.
3.5 Marketing and Communications
Sending transactional communications (booking confirmations, receipts, account alerts) and marketing communications about our services where you have not opted out. All marketing emails include an unsubscribe link. We comply with CAN-SPAM.
3.6 Automated Systems
We use automated systems for the following purposes: search ranking (determining listing order based on relevance, pricing, reviews, and location), trust and safety scoring (assessing fraud risk based on behavioral patterns), pricing suggestions (market-based dynamic pricing recommendations for Hosts), and content moderation (flagging potentially inappropriate content for human review).
No automated system produces decisions with significant legal or similarly significant effects without human review.
You may request information about how automated decisions affect you and request human review of any automated determination. Minnesota residents may additionally request an explanation of profiling results.
4. Sensitive Data
The following categories of personal data receive heightened protection: biometric identifiers, precise geolocation, government-issued identification numbers (SSN), financial account credentials, and identity documents.
Our handling of sensitive data follows these principles: we collect it only when necessary for core platform services, we obtain express opt-in consent before collection (unless required by law or necessary for fraud prevention), we do not sell sensitive data, we do not use sensitive data for advertising or marketing, and we apply enhanced security controls to its storage and transmission.
Oregon Residents: We do not sell or share precise geolocation data (defined as within a radius of 1,750 feet).
Maryland Residents: We collect sensitive personal data only when strictly necessary to provide the specific service requested, in compliance with the Maryland Online Data Privacy Act (MODPA).
5. Who We Share Your Data With
We share personal data only when necessary for the purposes described in this policy.
5.1 Between Hosts and Guests
When a Guest submits a booking inquiry, we share the Guest's name, email address, phone number, preferred dates, and message with the Host to facilitate the booking. Once the Host receives this data, the Host is responsible for its handling. We limit sharing to what is necessary for the booking. A Host's use of Guest data beyond the Platform is governed by the Host's own privacy practices, not this policy.
5.2 Service Providers
We share personal data with the following third-party service providers, each operating under written agreements that restrict their use of your data to the services they perform for us:
Stripe (San Francisco, CA) processes Host subscription payments and receives Host payment method details and billing information. Stripe's privacy policy is available at stripe.com/privacy.
Postmark (Philadelphia, PA) handles transactional and marketing email delivery and receives recipient email addresses and email content.
Google Analytics (Mountain View, CA) provides website and Platform usage analytics and receives pseudonymized usage and technical data. IP anonymization is enabled.
Cloudflare (San Francisco, CA) provides bot detection through Turnstile and may provide CDN and security services. Cloudflare receives IP addresses, device information, and behavioral signals.
Hetzner (Helsinki, Finland) provides cloud server hosting. All Platform data is stored on our servers hosted by Hetzner. See Section 6 for details on data location.
Strapi is our content management system, self-hosted on Hetzner infrastructure. No data is shared with Strapi as a third party.
Autohost (identity verification and guest screening) is planned for future integration. When implemented, this policy will be updated to reflect the data shared with Autohost, which will include government-issued ID images, selfie photographs, and biometric data for facial matching.
We do not share personal data with service providers not listed above. This list is updated when providers are added or changed.
5.3 Tax and Government Authorities
We disclose personal data to government authorities as required by law, including the IRS (Host earnings via Form 1099-K), state and local tax authorities, and state Attorneys General in response to lawful investigations.
5.4 Legal and Professional Advisors
We may share personal data with lawyers, auditors, and insurers as necessary for legal advice, audit, insurance, and dispute resolution, and in response to valid legal process.
5.5 Business Transfers
If StaycationGo is involved in a merger, acquisition, reorganization, asset sale, or bankruptcy proceeding, your personal data may be transferred as part of that transaction. We will notify affected users of any such transfer.
5.6 Advertising and Analytics
We do not sell personal data for monetary consideration. We may share device identifiers, browsing activity, and cookie data with advertising and analytics partners for targeted advertising. Under the laws of California and certain other states, this sharing may constitute a "sale" or "sharing" of personal data. You have the right to opt out. See Section 8 for instructions.
6. Where Your Data Is Stored
Our servers are currently located in Helsinki, Finland (European Union), hosted by Hetzner. We are in the process of migrating to servers in the United States. During and after this migration, your data may be stored and processed in the EU, the US, or both.
For users in the United States, no US law prohibits storage of personal data in the EU. EU data protection standards (GDPR) provide strong privacy protections.
For users outside the United States, your data is currently stored in the EU. When migration to US servers is complete, your data will be transferred to and processed in the United States. By using the Platform or submitting a booking inquiry, you consent to this transfer. You may have additional rights under your local privacy law. Contact hello@staycationgo.com and we will respond within 30 days.
A note on roles: StaycationGo provides technology to Hosts. The Host is the party offering accommodation to Guests. Privacy inquiries about the Platform should be directed to StaycationGo. Questions about how a Host handles your data during your stay should be directed to the Host.
7. Security
We implement appropriate technical and organizational measures to protect personal data, including encryption in transit (TLS 1.2+) and at rest (AES-256), role-based access controls, multi-factor authentication for administrative access, regular security assessments, employee confidentiality obligations, and documented incident response procedures.
No method of electronic transmission or storage is completely secure. While we implement industry-standard protections, we cannot guarantee absolute security.
7.1 Breach Notification
In the event of a personal data breach, we notify affected users and applicable state regulators within the timelines required by law (30 to 60 days depending on your state of residence). For users outside the US, we notify promptly and report to the relevant data protection authority where required.
8. Your Privacy Rights
8.1 US Residents
Depending on your state of residence, you may have the following rights:
Right to Know. Request the categories and specific pieces of personal data we have collected, the sources, the purposes of collection, and the categories of third parties with whom we have shared it.
Right to Delete. Request deletion of personal data we have collected, subject to exceptions for legal obligations, fraud prevention, and tax records.
Right to Correct. Request correction of inaccurate personal data.
Right to Opt Out of Sale or Sharing. Direct us to stop sharing your personal data for targeted advertising by clicking "Do Not Sell or Share My Personal Information" in our website footer, enabling the Global Privacy Control (GPC) signal in your browser (we recognize and honor GPC signals), or emailing hello@staycationgo.com.
Right to Limit Sensitive Data Use. Direct us to limit our use of sensitive personal data to what is necessary to provide our services.
Right to Non-Discrimination. We will not discriminate against you for exercising any privacy right.
Right to Appeal. If we deny a privacy rights request, you may appeal by contacting hello@staycationgo.com. If the appeal is denied, we will provide information about how to file a complaint with your state Attorney General.
Right to Question Profiling (Minnesota). Request an explanation of any profiling that produces legal or similarly significant effects concerning you.
Authorized Agents. You may designate an authorized agent to submit privacy rights requests on your behalf with written proof of authorization.
Response Timelines. We acknowledge receipt within 10 business days and respond substantively within 45 days (extendable by an additional 45 days with notice). New Jersey requests are processed within 15 days.
Applicable State Laws. These rights apply to residents of California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia. As additional states enact comprehensive privacy legislation, we extend equivalent rights. A current list of covered states is maintained at staycationgo.com/state-privacy-rights.
8.2 International Users
Users outside the United States may have additional rights under their local privacy law, including access, correction, deletion, data portability, withdrawal of consent, and objection to certain types of processing. To exercise these rights, contact hello@staycationgo.com. We will respond within 30 days.
9. Complaints
US Residents: You may file a complaint with your state Attorney General, the Federal Trade Commission (www.ftc.gov/complaint), or for California residents, the California Privacy Protection Agency (www.cppa.ca.gov).
International Users: You may file a complaint with the data protection authority in your country of residence. We encourage you to contact us first at hello@staycationgo.com so we can attempt to resolve your concern directly.
10. Cookies and Tracking Technologies
10.1 Technologies We Use
Essential cookies are required for Platform functionality (authentication, security, load balancing) and cannot be disabled.
Analytics cookies help us understand how users interact with the Platform. We use Google Analytics with IP anonymization enabled.
Marketing cookies are used to deliver relevant advertisements and measure campaign effectiveness. These may track activity across other websites.
Email tracking pixels measure email open rates and click-through rates.
10.2 Your Choices
You may control cookies through your browser settings or through our cookie consent banner.
Global Privacy Control (GPC). We detect and honor GPC signals. When a GPC signal is received, we treat it as a valid opt-out of the sale or sharing of personal data and disable non-essential tracking cookies for that session.
International users. Non-essential cookies require opt-in consent and are not activated until consent is provided.
Do Not Track. We do not respond to browser Do Not Track signals, as no uniform technical standard has been adopted. We do respond to GPC signals as described above.
11. Children
The Platform is not intended for use by individuals under 18 years of age. We do not knowingly collect personal data from minors. Hosts must be at least 18 years old. If we become aware that we have collected data from a child under 13, we will promptly delete it in compliance with COPPA. If you believe a minor has provided us with personal data, contact hello@staycationgo.com.
California, under 16. We do not sell or share the personal data of users known to be under 16 without affirmative authorization (opt-in consent from the user if aged 13 to 15, or parental consent if under 13).
12. Data Retention
Host account data. Retained for the duration of the account plus 3 years after closure.
Guest booking inquiry data. Retained for 3 years from the date of inquiry, or as long as necessary to support an active booking and any post-stay dispute period.
Booking and transaction records. 7 years from the transaction date (IRS requirements).
Identity verification documents. Raw images are deleted within 90 days of successful verification. Verification status is retained for the duration of the Host account.
Biometric data. Deleted within 90 days of verification completion.
Reviews. Retained indefinitely as part of the Platform's trust and reputation system. You may request deletion of reviews you have authored.
Marketing suppression list. If you unsubscribe from marketing communications, your email address is retained on a suppression list to prevent future contact.
Support conversations. Retained for 3 years. In-platform messages between Hosts and Guests are retained for 1 year after checkout.
Analytics data. Aggregated and anonymized analytics data may be retained indefinitely.
When personal data is no longer needed for the purposes described in this policy, we securely delete or anonymize it.
13. Changes to This Policy
Minor changes (corrections, clarifications, non-substantive updates) are posted with an updated "Last Updated" date and documented in the changelog at [staycationgo.com/journal/privacy-changelog].
Material changes (new categories of data collection, new sharing arrangements, changes to your rights) are communicated through the Platform and by email with at least 30 days' advance notice. Where required by applicable law, we will request renewed consent before material changes take effect.
If you do not agree with changes to this policy, you should discontinue use of the Platform and contact us to request deletion of your data.
14. Contact
Jeanna One Inc. d/b/a StaycationGo
12 San Miguel, Rolling Hills Estates, California 90274
hello@staycationgo.com
For privacy rights requests, email hello@staycationgo.com with the subject line "Privacy Rights Request." We aim to respond within 10 business days.
Version: 1.0, Last Updated: May 29, 2026