Privacy Policy

Last updated: March 6, 2026

This Privacy Policy describes how StayScore (“we,” “us,” or “our”) collects, uses, and protects your personal information when you use our website and services at stayscore.ai.

1. Information We Collect

Information you provide

  • Email address — when you submit a listing for analysis or sign in to access your reports
  • Airbnb listing URL — the listing you choose to analyze

Information collected automatically

  • IP address — used for rate limiting and abuse prevention, stored for up to 30 days
  • Basic usage data — pages visited, features used, timestamps

Listing data we process

  • Publicly available listing content — including listing title, description, amenities, reviews, and publicly visible photos
  • This data is retrieved from the publicly accessible Airbnb listing page you provide
  • Listing photos are sent to our AI provider for visual analysis as part of the report generation

Information we do NOT collect

  • We do not collect passwords (authentication is passwordless via email magic links)
  • We do not access your Airbnb account or credentials
  • We do not collect or store payment card details (payments are handled entirely by LemonSqueezy)

2. How We Use Your Information

  • Email address — to deliver analysis results, send login links, and communicate about purchases
  • Listing URL and content — to retrieve publicly available listing data, send it to our AI analysis engine, and generate your report
  • Listing photos — sent to Anthropic's AI (Claude) for visual quality analysis; photos are processed in real-time and are not stored by our AI provider for training purposes
  • IP address — solely for rate limiting to prevent abuse
  • Usage data — to improve our service and fix technical issues

We do not sell, rent, or share your personal information with third parties for marketing purposes.

3. AI Processing

To generate your analysis report, we send listing data (title, description, amenities, reviews, and photos) to Anthropic (Claude AI) for processing. This data is used solely to generate your report and is handled under Anthropic's commercial API terms, which state that API inputs and outputs are not used to train their models.

4. Legal Basis for Processing (GDPR)

  • Contract performance (Article 6(1)(b)) — processing your email, listing URL, and listing content is necessary to provide the analysis service you requested
  • Legitimate interest (Article 6(1)(f)) — collecting IP addresses for rate limiting and abuse prevention
  • Consent (Article 6(1)(a)) — where applicable, such as optional communications

5. Third-Party Service Providers

We use the following third-party services to operate StayScore. Each processes only the data necessary for its specific function:

ProviderPurposeData ProcessedLocation
SupabaseDatabase & authenticationEmail, analysis resultsEU (Frankfurt)
LemonSqueezyPayment processing (Merchant of Record)Email, payment detailsUnited States
AnthropicAI analysis (text & photo)Listing content, photosUnited States
ResendEmail deliveryEmail address, email contentUnited States
VercelWebsite hostingIP address, usage dataGlobal (CDN)

6. Data Retention

  • Analysis results — retained so you can access your reports at any time
  • Email addresses — retained as long as your account exists
  • IP addresses — retained for up to 30 days, then deleted
  • Payment records — retained as required by tax and accounting regulations
  • Listing photos — photo URLs are stored for report generation; photos themselves remain on Airbnb's servers

You may request deletion of your data at any time (see Section 8).

7. Data Security

  • All data is transmitted over encrypted connections (HTTPS/TLS)
  • Database access is restricted and authenticated
  • Payment data is handled exclusively by LemonSqueezy's PCI-compliant infrastructure
  • We do not store passwords — authentication uses secure, time-limited email links
  • API keys and secrets are stored as encrypted environment variables

8. Your Rights (GDPR)

If you are located in the European Economic Area, you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate data
  • Erasure — request deletion of your data (“right to be forgotten”)
  • Restriction — request that we limit processing of your data
  • Portability — request your data in a machine-readable format
  • Objection — object to processing based on legitimate interest

To exercise any of these rights, contact us at support@stayscore.ai. We will respond within 30 days.

9. International Data Transfers

Your primary data (analysis results and account) is stored in the EU (Frankfurt, Germany) via Supabase. Some of our service providers (Anthropic, LemonSqueezy, Resend, Vercel) are located outside the European Economic Area. Where data is transferred outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses or equivalent mechanisms as required by GDPR.

10. Cookies

Our service uses only essential cookies required for authentication and session management. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

11. Children

Our service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised “Last updated” date.

13. Contact

For privacy-related inquiries or to exercise your data rights:
Email: support@stayscore.ai