Legal

Privacy

Effective May 6, 2026

Plain version: we collect the info you give us when you book a stay or buy a rental, we use it to do those things, and we don't sell it. The list below is the full version.

1. What we collect

When you book a stay through the booking widget on this site, Hospitable (our booking platform) collects your name, email, phone, and stay details. When you reserve a rental add-on (kayaks, etc.), we collect your name, email, dates, and signature for the rental agreement. Stripe processes the payment; we never see your card number.

If you email us, we keep that email. If you visit the site, we use cookies for admin authentication and analytics. The site runs on Vercel, which logs basic request data (IP, user agent) for hosting and abuse prevention.

2. What we use it for

Confirming and managing your booking. Sending the rental confirmation and a reminder email the day your stay starts. Issuing refunds if needed. Replying to your messages. Understanding which pages of the site people use, so we can make it better. Nothing else.

3. Who we share it with

We don't sell or rent your data. We pass it to the service providers needed to run the site:

  • Hospitable: the booking widget. They host the stay reservation itself and send their own emails about it.
  • Stripe: payment processing for rental add-ons.
  • Supabase: the database where rental orders are stored.
  • Vercel: hosts the site and provides traffic analytics.
  • Google Analytics: aggregate site analytics. No personally identifying data is sent.
  • Gmail / Google Workspace: sends booking confirmation and reminder emails.

We use Anthropic's Claude API to write social-media captions for our own Instagram and Facebook posts about the property. No guest data is ever sent to it.

4. How long we keep it

Booking and rental records: as long as we need them for refunds, taxes, and disputes (typically several years). You can ask us to delete them sooner; we will, except where we're legally required to keep them.

5. Security

Everything goes over HTTPS. The database has row-level security and only an authenticated server-side service role can read it. Card data never touches our servers; Stripe handles it.

6. Your rights

You can ask us what we have on you, fix anything that's wrong, or have it deleted. Email below; we'll get back to you in a few days.