Early access — Reserve your spot before public launch. First 50 hosts get 6 months of Pro free. Join the list →

Privacy policy

Last updated: April 2026

1. Data controller

Baptiste RAILLARD — sole trader ("caribBook") is responsible for processing personal data collected via the caribBook platform as a processor on behalf of the property owners using the platform.

Each host using caribBook to manage their bookings is the data controller for their guests' data.

Contact: contact@webdevcaraibes.com

2. Data collected

Hosts (platform users)

  • Name, email, phone, identifying slug
  • Billing details (SIRET, address, VAT) if applicable
  • Login credentials (encrypted password)
  • Payment data via Stripe (caribBook stores no card data)

Guests (host customers)

  • Name, email, phone
  • Stay dates, number of guests, special notes
  • Payment data processed exclusively by Stripe (PCI DSS certified)

3. Processing purposes

  • Contract performance: booking management, payment processing, sending confirmations and reminders
  • Account management: authentication, billing, technical support
  • Communication: transactional emails tied to bookings (confirmations, reminders, cancellations)
  • Legal obligation: retention of billing data per accounting and tax obligations

caribBook never sells personal data to third parties. No data is used for advertising.

4. Legal bases

  • Contract: processing necessary to deliver bookings and the caribBook service
  • Legitimate interest: service improvement, platform security
  • Legal obligation: retention of invoices and accounting data

5. Retention period

  • Booking data: stay duration + 3 years (accounting and tax obligations)
  • Host account data: subscription duration + 3 years after closure
  • Security logs: 12 months
  • Billing data: 10 years (legal obligation)

6. Sub-processors and transfers

caribBook relies on the following sub-processors:

  • Stripe (payments) — PCI DSS certified, data hosted in EU/US with standard contractual clauses
  • Hostinger (hosting) — servers in Europe
  • GitHub (source code and CI/CD) — no customer data stored

No data is transferred outside the EU without adequate safeguards (standard contractual clauses, adequacy decision).

7. Data security

  • Encrypted communications (TLS/SSL)
  • Hashed passwords (bcrypt)
  • Per-tenant data isolation (multi-tenancy)
  • Role-based access (RBAC)
  • Attack protection (rate limiting, XSS sanitisation)
  • Payments delegated to Stripe (PCI DSS level 1 certified)

8. Your rights (GDPR)

Under the General Data Protection Regulation, you have the following rights:

  • Right of access: get a copy of your personal data
  • Right to rectification: correct inaccurate data
  • Right to erasure: request deletion of your data (subject to legal retention obligations)
  • Right to portability: receive your data in a structured format (JSON)
  • Right to object: object to the processing of your data
  • Right to restriction: temporarily restrict processing

Guests: exercise your rights via caribBook's GDPR endpoints or contact the host directly.

Hosts: contact us at contact@webdevcaraibes.com.

You also have the right to lodge a complaint with the CNIL (www.cnil.fr).

9. Cookies and trackers

caribBook uses Plausible Analytics for audience analytics. Plausible is a cookieless solution hosted in Europe (EU) that drops no tracking cookies and collects no personally identifiable data.

The only cookies used are strictly necessary to the service (JWT authentication stored in localStorage, language preferences). These are exempt from consent under the ePrivacy Directive.

10. Changes

caribBook reserves the right to amend this privacy policy. In case of substantial changes, users will be notified by email or via the dashboard. The last update date is shown at the top of this page.