Privacy Policy

EasyShortlet Privacy Policy

Effective date: 06-09-2025
Who we are: EasyShortlet (“we”, “us”, “our”) helps guests discover and book short-let apartments across Nigeria and gives hosts the tools to manage listings, bookings, messages, and payouts.

This policy explains what we collect, why we collect it, how we use and share it, and the choices you have. We’ve kept the language friendly, but this is still a legal document. If anything here isn’t clear, reach us at hello@easyshortlet.com.

Not legal advice: This template is provided for information only. Laws can vary. Please have your counsel review and tailor it to your business, especially for NDPR/GDPR compliance.

1) Quick summary (the “too long; didn’t read” bit)

  • We collect the info you give us (like name, email, phone, ID for KYC), things that help run the app (like device and usage data), and details needed to complete bookings and payouts.

  • We use your data to operate EasyShortlet: create accounts, enable search & bookings, power chat, prevent fraud, improve features, and meet legal obligations.

  • We share data only when needed—e.g., with hosts/guests to complete a booking, with service providers (payments, cloud, analytics), or when the law requires it.

  • You control your data: you can access, correct, download, or delete it (subject to certain limits). You can also manage cookies, marketing, and push notifications.

  • We follow applicable privacy laws, including Nigeria’s NDPR, and (where relevant) the GDPR for EEA/UK users.

  • We protect your data with technical and organizational measures, but no system is 100% secure.

  • Have questions or concerns? Email [hello@easyshortlet.com].

2) What information we collect

A. Information you provide

  • Account details: name, email, phone number, password (hashed)

  • Identity verification (KYC) for hosts/payouts or where required: Government ID, selfie, date of birth, address; results from verification checks (pass/fail, risk signals).

  • Payment and payout info: We don’t store full card details. Our payment processors handle card data. For hosts, we collect payout details (e.g., bank info) through our payout partner.

  • Listings & bookings: Property details, amenities, pricing, house rules, booking dates, guest count, cancellation settings.

  • Communications: In-app messages, emails, support chats, reviews/ratings.

  • Preference/consent settings: Marketing opt-ins, cookie choices, push notification preferences.

B. Information collected automatically

  • Device & app data: device model, OS, unique device IDs, app version, language, crash logs.

  • Usage data: screens viewed, taps/clicks, session duration, referral source.

  • Location data (if you allow it): to show nearby listings or improve relevance. You can disable this in your device settings.

  • Cookies & similar tech (on the web): to keep you signed in, remember preferences, measure performance, and personalize content.

C. Information from third parties

  • Payment providers & KYC vendors: verification results, fraud risk scores.

  • Analytics & ads partners: aggregated usage insights (we don’t sell your personal data).

  • Maps & messaging providers: geolocation lookups and real-time chat delivery.

3) How we use your information (and our legal bases)

We process your data for:

  • Operating the platform (create/manage accounts, search listings, bookings, messaging): performance of a contract (with you).

  • Payments & payouts: performance of a contract; legal obligation (e.g., tax/AML).

  • Identity verification & safety checks (hosts/when required): legal obligation; legitimate interests (trust and safety).

  • Customer support & service messages: performance of a contract; legitimate interests (ensuring reliability).

  • Personalization & product improvement: legitimate interests; sometimes consent (e.g., analytics cookies).

  • Marketing (email/push/SMS): consent where required; otherwise legitimate interests. You can opt-out anytime.

  • Fraud prevention & security: legitimate interests; legal obligation.

  • Legal compliance & enforcement: legal obligation; legitimate interests.

4) How we share information

We do not sell your personal information.

We share it only with:

  • Other users as needed to fulfill a booking

    • Guests ↔ Hosts: names, profile info, booking details, messages, and any info you share in chat.

  • Service providers (acting on our instructions)

    • Payments & payouts (to process transactions and detect fraud).

    • Cloud hosting & databases (to run the app).

    • Analytics & crash reporting (to improve performance).

    • Real-time messaging (to deliver in-app chat/push notifications).

    • KYC/Identity vendors (for host verification or as required by law).

  • Authorities or legal requests where required by applicable law or to defend our rights.

  • Business transfers (e.g., merger or acquisition) with appropriate safeguards.

Each service provider is bound by confidentiality and data protection terms.

5) Cookies & similar technologies

  • Strictly necessary (authentication, security): can’t be turned off in our systems.

  • Performance/analytics (how the app is used): helps us improve speed and usability.

  • Functionality (remembering preferences): makes your experience smoother.

  • Marketing (where used on web): to measure campaigns and avoid showing irrelevant ads.

Your choices: Use our cookie banner (web), your browser settings, or device settings. Some features may not work without certain cookies.

6) Messaging & calls (in-app chat)

  • What we store: the content you send, timestamps, basic delivery/read info.

  • Why: to deliver messages, show history, detect abuse, and keep everyone safe.

  • Who can see: the participants in the conversation (guest/host) and authorized staff only when needed (e.g., to investigate abuse or resolve disputes).

  • Third parties: we use a real-time messaging provider to route messages/push notifications; they process data on our behalf.

Please don’t share sensitive info (e.g., full card numbers, bank PINs) in chat.

7) How we protect your data

  • Encryption in transit (TLS) and at rest (for key data).

  • Access controls, role-based permissions, logging, and staff training.

  • Vendor due diligence and data processing agreements.

  • Regular security reviews and vulnerability management.

No method is 100% secure. If we detect a breach likely to affect you, we’ll notify you and relevant authorities as required by law.

8) Data retention

We keep personal data only as long as needed for the purposes above:

  • Account data: for your account’s life and a reasonable period afterward for record-keeping, dispute resolution, and legal compliance.

  • Bookings & payouts: per tax/financial record rules (often 5–7 years or as required by law).

  • Messages: retained while your account is active and for a limited period afterward (e.g., 24 months) unless you delete your account or law requires longer.

  • KYC records: per legal obligations (e.g., AML/CTF retention periods).

When data is no longer needed, we delete it or anonymize it.

9) Your rights & choices

Depending on where you live (e.g., under NDPR in Nigeria or GDPR in the EEA/UK), you may have rights to:

  • Access your data and get a copy.

  • Correct inaccurate or incomplete data.

  • Delete data (subject to legal/contractual limits).

  • Object to or restrict certain processing.

  • Data portability (receive data in a usable format).

  • Withdraw consent at any time (doesn’t affect past processing).

  • Lodge a complaint with a regulator.

How to exercise your rights:
Email [privacy@easyshortlet.com] from your registered email, or use in-app settings where available. We’ll respond within the time required by law.

Regulators:

  • Nigeria: Nigeria Data Protection Commission (NDPC).

  • EEA/UK users (if applicable): your local DPA/ICO.

10) International data transfers

We may process data on servers or with providers located outside your country. When we transfer personal data internationally, we use lawful safeguards, such as:

  • Standard Contractual Clauses (SCCs) for GDPR regions; and/or

  • Other recognized transfer mechanisms and vendor contractual protections.

11) Children’s privacy

EasyShortlet isn’t intended for minors under 16 (or the age required by your local law). We don’t knowingly collect personal data from children. If you think a child provided personal data, contact us and we’ll take appropriate action.

12) Marketing, notifications & preferences

  • Email/SMS marketing: opt out via the unsubscribe link or in-app settings.

  • Push notifications: control in your device OS settings or in-app.

  • Transactional messages (booking updates, receipts, critical service alerts) are required for service and can’t usually be turned off.

13) Third-party links & embedded services

Our app and site may link to third-party websites or tools (e.g., map previews, video tours). Their privacy practices are their own—please review their policies before sharing data with them.

14) If you’re a Host

  • You’ll receive guest data necessary to manage bookings (e.g., guest name, profile, booking details, message history).

  • You must comply with applicable privacy laws and use guest data only for booking/hosting purposes (no spamming or unrelated reuse).

  • You’re responsible for complying with your local tax and regulatory obligations for payouts and record-keeping.

15) Changes to this policy

We’ll update this policy as our services or laws change. We’ll post the new date at the top and, if changes are significant, we’ll notify you in-app or by email. Your continued use of EasyShortlet means you accept the updated policy.

16) Contact us

EasyShortlet
Email: hello@easyshortlet.com
Support: hello@easyshortlet.com

If you’re in the EEA/UK and GDPR applies, you may also contact our Data Protection Officer (DPO) at [dpo@easyshortlet.com] and/or our EU/UK representative (if appointed): details here.

17) Nigeria-specific notes (NDPR)

  • We process personal data in line with the Nigeria Data Protection Regulation (NDPR).

  • Lawful bases: consent, contract, legal obligation, legitimate interests.

  • Data Subject rights under NDPR include access, rectification, deletion, portability, and the right to object.

  • Complaints may be lodged with the Nigeria Data Protection Commission (NDPC); we encourage you to contact us first so we can help.

Final word

We built EasyShortlet to make travel and hosting simpler—not to spy on you. We collect only what we need, protect what we collect, and give you control wherever possible. If something doesn’t feel right, tell us and we’ll fix it.