Privacy policy
Last updated: 2026-05-05
room2let operates under the EU General Data Protection Regulation (GDPR) and Greek law. This page is a placeholder for the production legal text.
Data we collect
- Account: email, name, hashed password, OAuth identifiers
- Listings: titles, descriptions, photos, geographic coordinates
- Bookings: dates, guest counts, payment status, Stripe references
- Operational: IP address (for fraud prevention), user agent, request logs
Where the data lives
Application servers, the primary database and photo storage are hosted in the EU. Payments are processed by Stripe (Ireland and the United States, under their EU SCC and DPA). Email delivery runs through providers operating within the EU.
Cookies we set
Strictly necessary cookies only (no analytics or advertising cookies). All are HttpOnly, SameSite=Lax, and set with the minimum scope required:
authjs.*— keeps you signed in.locale,currency— your display preferences.r2l_ref,r2l_via— affiliate-attribution cookies set for 24 hours when you arrive via a room2let embed on a third-party site, so the host who referred you can be credited for the booking. Cleared as soon as you make a reservation.r2l_aff— affiliate-program token cookie set for 30 days when you arrive via a partner site running our affiliate program. Same purpose: credits the partner for the booking; cleared on reservation.
Your rights
You can request access, correction, or deletion of your data at any time via your account, or by emailing privacy@room2let.example.
room2let