STR Desk

Privacy Policy

Last updated: December 2024

1. Introduction

STR Desk ("we", "our", "us") operates strdesk.com. This policy explains how we collect, use, and protect your information when you use our service.

2. Information We Collect

Account Information

  • Email address (for authentication and communication)
  • Name (if provided)

Integration Data

  • OAuth access tokens from connected services (monday.com, GoHighLevel, Airtable, Notion)
  • API credentials for PMS platforms (Hospitable, Hostaway, Guesty, Hostfully, OwnerRez, Lodgify)
  • Workspace and account identifiers from connected platforms

Synced Data

  • Property information (names, addresses, identifiers)
  • Reservation details (dates, guest names, contact information, booking values)
  • Guest information (names, emails, phone numbers)
  • Review data (ratings, comments)

3. How We Use Your Information

  • To provide and maintain our service
  • To sync data between your PMS and destination platforms
  • To authenticate your connected accounts
  • To send service-related communications
  • To provide customer support

4. Data Storage and Security

  • All data is stored in secure, encrypted databases
  • OAuth tokens and API credentials are encrypted at rest
  • We use HTTPS for all data transmission
  • Access to production systems is restricted and logged
  • Data is isolated per workspace (multi-tenant architecture)

5. Cookies and Tracking

We use cookies only for essential service functionality. We do not use tracking cookies or cookies that track users outside our app.

Essential Cookies

  • OAuth session cookies: Temporary cookies (10 minutes) used during OAuth authentication flows with third-party platforms like monday.com
  • Authentication cookies: Used to maintain your login session securely

Cookie Security

  • All cookies are httpOnly (not accessible via JavaScript, protecting against XSS attacks)
  • Cookies are secure (HTTPS only in production)
  • SameSite protection prevents CSRF attacks
  • We do not use tracking cookies, advertising cookies, or any cookies that track users outside the scope of our application. All cookies are essential for service functionality and do not require explicit consent under privacy regulations.

6. Data Sharing

We do not sell your data. We only share data:

  • With platforms you explicitly connect (monday.com, GoHighLevel, Airtable, Notion)
  • With service providers necessary to operate our service (hosting, database)
  • When required by law

7. Data Retention

We retain your data while your account is active. Upon account deletion, we remove your data within 30 days. Synced data in third-party platforms (monday.com, GoHighLevel, Airtable, Notion) remains in those platforms under their respective policies.

  • We retain your data while your account is active
  • Upon account deletion, we remove your data within 30 days
  • Synced data in third-party platforms (monday.com, GoHighLevel, Airtable, Notion) remains in those platforms under their respective policies

8. Your Rights

You can:

  • Access your data through your dashboard
  • Disconnect integrations at any time
  • Request data export
  • Request account deletion

9. Third-Party Services

Our service integrates with third-party platforms. Their use of your data is governed by their respective privacy policies:

  • monday.com → monday.com/privacy
  • GoHighLevel → gohighlevel.com/privacy
  • Airtable → airtable.com/privacy
  • Notion → notion.so/privacy

10. Changes to This Policy

We may update this policy. We will notify you of significant changes via email or through the service.

11. Contact

Questions about this policy? Contact us at support@strdesk.com

Have questions?

If you have any questions about this privacy policy or need clarification, please don't hesitate to reach out.

Contact Support