Guesto

Privacy Policy

Last updated: January 30, 2026

1. Introduction

Guesto ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our vacation rental management platform.

We comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Who This Policy Applies To

This Privacy Policy applies to:

  • Hosts: Property owners and managers who use Guesto to manage their vacation rentals
  • Travelers/Guests: Individuals who submit inquiries, requests, reviews, or other information through property pages hosted on Guesto
  • Visitors: Anyone who visits the Guesto website

3. Data Controller vs. Data Processor

It is important to understand the different roles regarding your data:

  • For Hosts: Guesto is the Data Controller for your account data, subscription information, and platform usage data.
  • For Travelers/Guests: When you submit information through a property's inquiry form, contact form, or review form, the Host (property owner) is the Data Controller for that data. Guesto acts as a Data Processor on behalf of the Host, meaning we store and process the data according to the Host's instructions.

This means that if you are a traveler and want to exercise your data rights (access, deletion, etc.), you should contact the property Host directly. They are responsible for responding to your requests. However, you may also contact us at privacy@guesto.eu and we will assist in facilitating your request.

4. Information We Collect

4.1 Information from Hosts

  • Account Information: Name, email address, password when you create an account
  • Property Information: Property details, addresses, booking links
  • Financial Information: Subscription details, billing information (payment card details are processed by Stripe and not stored by us)
  • Communications: Support messages and feedback

4.2 Information from Travelers/Guests

When you submit a form on a property page (inquiry, contact, request, or review), we collect on behalf of the Host:

  • Contact Information: Name, email address, phone number (if provided)
  • Booking Details: Requested dates, number of guests, special requests
  • Messages: The content of your inquiry or request
  • Review Content: Your review text and ratings

Purpose: This data is collected to enable the Host to respond to your inquiry, manage your stay, and provide better hospitality services.

4.3 Information Collected Automatically

  • Usage Data: Pages visited, features used, time spent on the platform
  • Device Information: Browser type, operating system, device identifiers
  • Log Data: IP addresses, access times, referring URLs
  • Cookies: See our Cookie Policy section below

5. How We Use Your Information

5.1 For Hosts

  • Service Delivery: To provide and maintain our platform, manage your properties, and enable guest communications
  • Subscription Management: To process your subscription, billing, and account management
  • Communication: To send service updates, respond to inquiries, and provide customer support
  • Compliance: To help you meet legal requirements (e.g., Greek TAAK tax, AADE registration)
  • Analytics: To provide you with insights about your properties and bookings
  • Security: To detect, prevent, and address technical issues and security threats

5.2 For Travelers/Guests

  • Inquiry Handling: To forward your inquiry to the property Host
  • Communication Facilitation: To enable the Host to respond to you
  • Service Improvement: To improve the platform experience

Note: The Host determines how they use your information for their hospitality purposes. This may include responding to your inquiry, managing your booking, sending pre-arrival information, and post-stay communications.

6. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide our services to you
  • Legitimate Interests: Processing for analytics, security, and service improvement
  • Legal Obligation: Processing required to comply with applicable laws
  • Consent: Processing for marketing communications (which you can withdraw at any time)

7. Data Sharing and Disclosure

We may share your information with:

  • Service Providers: Third parties who help us operate our platform (hosting, email delivery, analytics)
  • Legal Requirements: When required by law or to protect our rights
  • Business Transfers: In connection with a merger, acquisition, or sale of assets

We do not sell your personal data to third parties.

8. Your Rights (GDPR)

Under GDPR, you have the following rights:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data
  • Right to Portability: Receive your data in a structured, machine-readable format
  • Right to Restrict Processing: Limit how we use your data
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent for marketing at any time

To exercise these rights, please contact us at privacy@guesto.eu or use the self-service options in your account settings.

9. Data Retention

We retain your personal data for as long as necessary to provide our services and comply with legal obligations. Specifically:

  • Account Data: Retained until you delete your account
  • Booking Records: Retained for 7 years for tax and compliance purposes
  • Marketing Consent: Retained until withdrawn
  • Audit Logs: Retained for 2 years for security purposes

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit (TLS/SSL)
  • Secure password hashing
  • Regular security assessments
  • Access controls and audit logging
  • Rate limiting to prevent abuse

11. Cookies and Tracking

We use cookies and similar technologies to:

  • Essential Cookies: Required for the platform to function (authentication, security)
  • Analytics Cookies: Help us understand how you use our platform (with your consent)
  • Preference Cookies: Remember your settings and preferences

You can manage your cookie preferences through our cookie consent banner or your browser settings.

12. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

13. Children's Privacy

Our platform is not intended for children under 16 years of age. We do not knowingly collect personal data from children.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

15. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

You also have the right to lodge a complaint with your local data protection authority.

See also: Terms of Service · Data Processing Agreement · Exercise Your Data Rights