Privacy Policy — GracyRein Florida

1. Data Controller

The data controller responsible for your personal data is:

GracyRein Florida, Inc.
2740 Ponce de Leon Blvd, Suite 210
Coral Gables, FL 33134, United States
Email: privacy@gracyreinflorida.com
Phone: +1 (786) 429-3187

2. Data We Collect

We collect the following categories of personal data:

Category	Examples
Account Data	Full name, email address, phone number, company name, job title, billing address
Usage Data	Feature interactions, notification preferences, login timestamps, pages viewed
Technical Data	IP address, browser type, operating system, device identifiers, session duration
Property Data	Property addresses, listing details, guest names, reservation dates, access codes
Billing Data	Subscription plan, payment method (processed by Stripe — we do not store card numbers), invoices

3. How We Use Data

We use personal data exclusively for the following purposes:

Service Delivery: Operating the Platform, processing reservations, dispatching crews, generating reports
Transactional Notifications: Sending booking confirmations, check-in instructions, maintenance updates, billing receipts, and account security alerts
Billing & Invoicing: Processing subscription payments, generating invoices
Security: Fraud detection, preventing unauthorized access, monitoring for threats
Legal Compliance: Meeting regulatory obligations, responding to lawful requests
Platform Improvement: Analyzing aggregated, anonymized usage patterns to improve features and reliability

4. Legal Bases for Processing (GDPR)

For individuals in the European Economic Area, we rely on the following legal bases:

Contract Performance: Processing necessary to fulfill our subscription agreement and deliver the Platform's core functionality
Legitimate Interest: Platform security, fraud prevention, service improvement (balanced against your rights)
Legal Obligation: Tax reporting, regulatory compliance, responding to valid legal processes
Consent: Where required (e.g., optional operational updates), consent is freely given, specific, informed, and may be withdrawn at any time

5. No Data Selling

We do not sell, rent, lease, or trade your personal data to any third party for their own marketing, advertising, or commercial purposes. This commitment applies to all categories of data we collect, without exception.

6. Sub-Processors

We engage the following sub-processors to deliver the Platform:

Sub-Processor	Purpose	Location
Amazon Web Services (AWS)	Cloud hosting, data storage, compute infrastructure	US-East-1 (N. Virginia)
Mailgun (Sinch)	Transactional email delivery	United States / EU
Stripe	Payment processing, subscription billing	United States

Each sub-processor is bound by data processing agreements that require them to process data solely on our instructions and in accordance with applicable privacy laws.

7. International Data Transfers

If we transfer personal data outside the European Economic Area, we ensure adequate protection through:

Standard Contractual Clauses (SCCs) approved by the European Commission
EU-US Data Privacy Framework certification (where applicable to sub-processors)
Appropriate supplementary measures including encryption and access controls

8. Data Retention

Data Category	Retention Period
Account data	Duration of subscription + 30 days for export
Property & reservation data	Duration of subscription + 30 days
Email delivery logs	90 days
Access & audit logs	12 months
Billing records	7 years (tax compliance)
Consent records	3 years minimum
Support correspondence	2 years after resolution

After the retention period expires, data is securely deleted or irreversibly anonymized.

9. Your Rights — GDPR

If you are in the European Economic Area, you have the right to:

Access — Request a copy of the personal data we hold about you
Rectification — Correct inaccurate or incomplete data
Erasure — Request deletion of your data ("right to be forgotten")
Restriction — Restrict processing in certain circumstances
Portability — Receive your data in a structured, machine-readable format
Object — Object to processing based on legitimate interest
Withdraw Consent — Where processing is based on consent, withdraw it at any time

We will respond to all valid requests within 30 calendar days. Submit requests to privacy@gracyreinflorida.com.

10. Your Rights — CCPA

California residents have the following rights under the California Consumer Privacy Act:

Right to Know — Request disclosure of what personal information we collect and how it is used
Right to Delete — Request deletion of your personal information
Right to Opt-Out of Sale — We do not sell personal information, but you may exercise this right at any time
Right to Non-Discrimination — We will not discriminate against you for exercising CCPA rights

To exercise these rights, contact privacy@gracyreinflorida.com or call +1 (786) 429-3187.

11. Cookies

GracyRein uses only strictly necessary cookies:

Session Cookie: Maintains your authenticated session while using the Platform
CSRF Token: Protects against cross-site request forgery attacks

We do not use advertising cookies, analytics trackers, social media pixels, or any third-party tracking technologies. No cookie consent beyond session acknowledgment is required because we only use essential cookies.

12. Data Security

We implement industry-standard technical and organizational measures to protect your data:

Encryption: TLS 1.3 for data in transit; AES-256 for data at rest
Access Control: Role-based access control (RBAC) with principle of least privilege
Authentication: Multi-factor authentication (MFA) enforced for all team members
Monitoring: 24/7 intrusion detection and security event logging
Vulnerability Management: Regular dependency scanning and penetration testing

13. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated at least 30 days before taking effect via email notification and a prominent notice on our website. Continued use of the Platform after the effective date constitutes acceptance of the updated Policy.

14. Contact — Privacy Officer

For any privacy-related questions, concerns, or requests:

Privacy Officer
GracyRein Florida, Inc.
2740 Ponce de Leon Blvd, Suite 210
Coral Gables, FL 33134
Email: privacy@gracyreinflorida.com
Phone: +1 (786) 429-3187