Privacy Policy
Last updated: June 9, 2026
1. Who we are
Pocaroo (“we,” “us,” or “our”) operates a vacation property booking platform at pocaroo.com. This policy explains how we collect, use, store, and protect your personal information when you use our platform.
2. Information we collect
Account information: When you sign up, we collect your email address and display name. If you sign in via Google or Yahoo, we receive your name and email from the identity provider.
Booking information: When you request a booking, we collect check-in/check-out dates, headcount, and any notes you provide. Payment records are logged by property owners.
Usage data: We log platform actions (such as booking approvals and user role changes) in an audit log for security and operational purposes.
Technical data: Our hosting provider (Vercel) may collect IP addresses, browser type, and device information through standard server logs.
3. How we use your information
We use your information to:
Provide and operate the booking platform; process and manage booking requests; communicate with you about your bookings; maintain security through audit logging; improve the platform; and comply with legal obligations.
4. Legal basis for processing (GDPR)
If you are in the European Economic Area, we process your data based on:
Consent: You consent to our privacy policy and terms when you create an account. You can withdraw consent at any time.
Contract performance: Processing needed to fulfill booking requests and provide the service.
Legitimate interest: Security monitoring and audit logging to protect all users.
5. Data sharing
We do not sell your personal information. We share data only with: property owners (your booking details, for the properties you book); authentication providers (Google, Yahoo) for sign-in; our hosting infrastructure (Supabase, Vercel) as necessary to operate the service; and law enforcement when required by law.
6. Data retention
We retain your account data for as long as your account is active. Booking records are retained for 7 years for tax and legal compliance. Audit logs are retained for 3 years. You may request deletion of your account and personal data at any time (see “Your rights” below).
7. Your rights
Depending on your jurisdiction, you have the right to:
Access: Request a copy of the personal data we hold about you.
Correction: Request that we correct inaccurate personal data.
Deletion:Request that we delete your personal data (“right to be forgotten”).
Portability: Receive your data in a structured, machine-readable format (JSON).
Opt out of sale: We do not sell personal data. If this changes, we will honor Global Privacy Control (GPC) signals.
You can exercise these rights from your data & privacy settings page, or by contacting us at the email below.
8. Cookies
We use only essential cookies required for authentication and session management. We do not use advertising or analytics cookies.
9. Security
We use industry-standard security measures including encrypted connections (TLS), Row Level Security (RLS) on our database, and role-based access control. All administrative actions are logged in our audit system.
10. Children’s privacy
Our platform is not intended for users under 18. We do not knowingly collect personal information from children.
11. Changes to this policy
We may update this policy from time to time. If we make material changes, we will notify you by requiring re-acceptance of the updated policy when you next sign in.
12. Contact
For privacy-related questions or to exercise your data rights, contact us at privacy@pocaroo.com.