← Back to Register

Draft — For Professional Legal Review

This document has not been reviewed by legal counsel and should not be relied upon as final.

Privacy Policy

Effective Date: March 28, 2026

Lodgic ("we," "us," or "our") operates the lodgic.io platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service. By using Lodgic, you consent to the practices described in this policy.

1. Information We Collect

Account Data

When you create an account, we collect your name, email address, and password (stored in hashed form). If you create an organization account, we also collect the organization name.

Financial Data

To provide our bookkeeping and tax reporting services, we collect and store financial transaction data, receipt images, tax identification numbers (TIN, EIN, SSN), property addresses, bank account references, contractor payment information (for 1099 generation), and reservation data. This data is provided directly by you through manual entry, CSV import, or third-party integrations you authorize (such as Hospitable).

Usage Data

We automatically collect information about how you interact with the Service, including pages visited, features used, timestamps, and error logs. This data helps us improve the Service and diagnose technical issues.

Device Data

We may collect information about the device you use to access the Service, including browser type, operating system, IP address, and screen resolution. This information is used to optimize the Service for your device and for security purposes.

2. How We Use Your Information

  • Provide, operate, and maintain the Service
  • Process financial transactions, generate tax reports, and facilitate bookkeeping
  • Process payments and manage your subscription through Stripe
  • Analyze receipts and financial documents using AI-powered tools
  • Synchronize reservation data from third-party platforms you connect
  • Send in-app notifications related to your account and usage
  • Detect, prevent, and address security incidents and technical issues
  • Comply with legal obligations, including tax reporting requirements
  • Improve and develop new features for the Service

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA) and United Kingdom, we process personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide the Service you have signed up for
  • Legitimate Interests: Improving the Service, security monitoring, and fraud prevention
  • Legal Obligation: Complying with applicable laws such as tax regulations
  • Consent: Where you have given explicit consent for specific processing activities

4. Data Storage & Security

We take the security of your data seriously and employ industry-standard measures to protect it:

  • Database: Your data is stored in Neon PostgreSQL databases hosted in the United States
  • Tenant Isolation: Each organization is isolated in its own database schema, ensuring your data is not accessible to other users
  • File Storage: Receipt images and documents are stored in Cloudflare R2 with access controls
  • Encryption: AES-256 encryption is used for sensitive data such as API keys. All data in transit is protected by HTTPS/TLS encryption
  • Audit Logs: User-configurable audit logs are maintained within the application

While we implement robust security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

5. Third-Party Services

We share data with the following third-party service providers, solely to operate the Service:

  • Stripe — Payment processing. Stripe receives your payment information (credit card details, billing address) to process subscription payments. We do not store your full credit card number. See Stripe's Privacy Policy.
  • OpenRouter / Google Gemini — AI-powered receipt scanning and CSV analysis. Receipt images and document contents are sent to AI models for automated data extraction. This processing is initiated only when you use these features.
  • Hospitable — Reservation synchronization. When you connect your Hospitable account, reservation data is synced to Lodgic. This integration is user-initiated and can be disconnected at any time.
  • Cloudflare R2 — File storage for receipts, documents, and other uploaded files.
  • Neon — PostgreSQL database hosting. All application data is stored in Neon databases located in the United States.
  • Google Analytics — Website analytics. Collects anonymized usage data including pages visited, session duration, and general location (country/region). Used to understand how users interact with the Service and improve the experience. See Google's Privacy Policy.
  • Microsoft Clarity — Behavior analytics. Records anonymized session replays and heatmaps to help us understand how users navigate the Service. Clarity may collect mouse movements, clicks, and scroll behavior. No personal financial data is captured. See Microsoft's Privacy Statement.
  • Meta (Facebook) Pixel — Conversion tracking and advertising. The Facebook Pixel collects data about page visits and actions to measure advertising effectiveness and build audiences for targeted ads on Meta platforms. You can opt out of personalized advertising through your Facebook Ad Preferences or the Digital Advertising Alliance opt-out.

Each third-party provider is bound by their own privacy policies and data processing terms. We only share the minimum data necessary for each provider to perform its function.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Financial records and tax-related data may be retained as required by applicable law. Upon account deletion, we will remove your personal data within 90 days, except where retention is required by law or for legitimate business purposes (such as resolving disputes or enforcing agreements). Anonymized and aggregated data that cannot identify you may be retained indefinitely for analytics purposes.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

GDPR Rights (EEA/UK Users)

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate or incomplete data
  • Erasure: Request deletion of your personal data ("right to be forgotten")
  • Portability: Request your data in a structured, machine-readable format
  • Restriction: Request that we limit processing of your data
  • Objection: Object to processing based on legitimate interests

CCPA Rights (California Residents)

  • Right to Know: Request disclosure of data collected, used, and shared
  • Right to Delete: Request deletion of personal information
  • Right to Opt-Out: We do not sell personal information. If this changes, you will have the right to opt out
  • Non-Discrimination: You will not receive discriminatory treatment for exercising your rights

To exercise any of these rights, contact us at privacy@lodgicapp.com. We will respond to verified requests within 30 days (or as required by applicable law).

8. Cookies & Tracking

Lodgic uses minimal cookies. We use essential session cookies to maintain your authenticated session and remember your preferences. These cookies are strictly necessary for the Service to function and cannot be disabled.

We also use the following third-party cookies and tracking technologies:

  • Google Analytics — analytics cookies to understand site usage and improve the Service.
  • Microsoft Clarity — session recording and heatmap cookies to analyze user behavior.
  • Meta (Facebook) Pixel — conversion tracking cookies to measure advertising effectiveness.

You can manage or disable these cookies through your browser settings. Most browsers allow you to block third-party cookies while still allowing essential cookies. You can also opt out of interest-based advertising at aboutads.info or networkadvertising.org.

9. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal data from a child under 18, we will take steps to delete that information promptly. If you believe a child under 18 has provided us with personal information, please contact us at privacy@lodgicapp.com.

10. International Data Transfers

Your data is primarily stored and processed in the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. By using the Service, you consent to such transfers. For EEA/UK users, we rely on appropriate legal mechanisms (such as Standard Contractual Clauses) to ensure adequate protection of your data when transferred internationally.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Effective Date" at the top of this page and, where appropriate, providing in-app notification. We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

12. Contact Information

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

Email: privacy@lodgicapp.com

Website: lodgic.io

© 2026 Lodgic. All rights reserved.