Privacy Policy
Last updated: 25 May 2026
This policy describes how Host Port (operated by the Australian business behind hostport.co, "we", "us") collects, uses, stores, and shares personal information when you use the Host Port web app, mobile app, or website. It applies to hosts, property managers, and team members who create accounts with us.
If you have any questions, contact us at privacy@hostport.co.
1. Information we collect
Account information
- Name, email address, and phone number
- Password (stored hashed; we never see it in plain text)
- Time zone and notification preferences
Property and booking information
- Property details you add: addresses, photos, descriptions, pricing, availability, house rules
- Booking data: guest names, check-in and check-out dates, channel of origin (Airbnb, Booking.com, etc.), totals, notes
- Guest messages exchanged through connected channels or direct booking
Payment information
- If you accept direct bookings, we use Stripe Connect to process payments. Your bank and identity details are submitted directly to Stripe — Host Port never sees or stores card numbers or bank credentials.
- For subscription billing, your payment details are handled by Stripe.
Device and diagnostic information
- Device type, operating system, app version, and a randomly-generated device identifier used for trusted-device verification
- Basic usage events and crash logs to help us diagnose issues
2. How we use your information
- To operate your Host Port account and keep your calendar, listings, and messages in sync
- To import and refresh bookings from the channels you connect
- To send you booking notifications, security alerts, and important account updates
- To verify trusted devices on login and protect against unauthorised access
- To fix bugs and improve the product
- To comply with Australian legal and tax obligations
3. Who we share your information with
We share data only with service providers who help us run Host Port, and only what is necessary for them to do their job. We do not sell your personal information.
- Supabase (hosting, database, authentication) — primary infrastructure provider. Your data is stored in Supabase's Tokyo, Japan region.
- Channex (channel manager) — used to sync availability, pricing, and bookings between Host Port and connected channels.
- Connected channels (Airbnb, Booking.com, Vrbo, and any others you connect) — receive availability, pricing, and booking data necessary to keep your calendar in sync.
- Stripe — processes payments for direct bookings and subscription billing.
- Twilio — sends SMS notifications and verification codes to the phone numbers you add.
- Google Play and Apple App Store — distribute the mobile app and may receive limited information per their respective platform policies.
We may also disclose information if required by law, to enforce our terms, or to protect the rights, property, or safety of Host Port, our users, or others.
4. How long we keep your information
- Account data: kept while your account is active. Deleted within 30 days after you close your account, except where law requires otherwise.
- Booking and financial records: retained for 7 years to meet Australian tax record-keeping requirements. Personally identifying details are anonymised where possible.
- Diagnostic and crash logs: typically 90 days.
- Backups: up to 30 days after deletion from primary storage.
5. Your rights
You can:
- Access the information we hold about you by contacting us
- Correct inaccurate information through your account settings or by contacting us
- Export your data by request
- Delete your account and associated personal data in-app at Menu → Privacy & Safety → Delete my account, on the web at your account settings, or by emailing privacy@hostport.co
- Withdraw consent for non-essential processing at any time
If you are located in the European Economic Area, the United Kingdom, or California, you have additional rights under the GDPR, UK GDPR, and CCPA respectively. Contact us to exercise any of these rights.
6. Security
- All data is encrypted in transit (HTTPS/TLS) and at rest
- Passwords are hashed; we cannot recover them
- Access to production data is restricted and logged
- If a security breach affects your personal information, we will notify you within 72 hours of becoming aware of it
7. Children
Host Port is intended for users aged 18 and over. We do not knowingly collect personal information from anyone under 18. If you believe a child has provided us with personal information, please contact us and we will delete it.
8. International transfers
Your data is primarily stored in Tokyo, Japan via Supabase. Some service providers (e.g. Stripe, Twilio) may process limited data in the United States or other jurisdictions. We rely on standard contractual clauses and equivalent safeguards for these transfers.
9. Changes to this policy
We may update this policy occasionally. The "Last updated" date at the top reflects the most recent change. For material changes, we will notify you in-app or by email at least 30 days before they take effect.
10. Contact
For privacy questions or to exercise any of your rights, email privacy@hostport.co.