Overall, we try to be transparent and open about what kind of data we collect and how we use this data. We value user privacy by collecting information in a clear cut manner without using invasive tactics or dark patterns and by letting users control what kind of information is available publicly to the best of our abilities. Because of the business we are in however, we must also consider the safety and security of Clients, Guests, Hosts and Neighbours, employing measures to verify the identities of individuals.
Please refer to General Terms & Conditions for explicit definitions of roles & responsibilities of all parties affected by this policy including 12635224 Canada Inc, operating as www.RoyalCottages.ca, Hosts, Guests, Agents & others. Nothing contained in this policy shall supersede the General Terms & Conditions of the use of the site.
What information do we collect
To create an account on and further use our site, we may collect information related to you as an individual. Below is a list of the data we may collect, alongside the purpose and its visibility to the public.
- Name: To have a name to refer to you as and identify you. As a Guest, your name is shared with the Host when you send in an inquiry or have one of your bookings accepted by a Host. As a Host, this is publicly shared on your cottage page.
- Email: As our primary method of contacting you to notify you of important updates or necessary actions. As a Guest, your email is shared with the Host if you send an inquiry or have one of your bookings accepted by a Host. As a Host, this is shared with the Guest if you reply to an inquiry or accept a booking.
- Mobile Number: As a secondary, but more immediate, method of contacting you in cases where we require immediate action from your end. This is shared between the Host and Guest when a booking is accepted.
- Address: For display on your Statement of Payment as a Guest or Payout Receipt as a Host when bookings are sent in. This is not shared with others.
- (Host only) Proof of Cottage Ownership: Collected as part of TICO requirements to verify that you own the cottages you list. This information is not shared publicly and only accessed on a strict need-to-know basis internally, identical to that of your Photo ID. Hosts who do not own the cottages they list, instead acting as Legal Representatives of owners, are required to upload the Owner's proof of ownership alongside an agreement which we provide that confirms the relationship between you, the Host, and the Owner.
This personal information is used to provide our services, verify your personal identity, prevent fraud, and to contact you if there are any discrepancies or claims that arise, for whatever reason, from tax filings with the Canadian Revenue Agency, Guest or neighbour disputes, or Travel Industry Council of Ontario licensing.
To pay for services, plan upgrades, or bookings on the site, we ask that you provide the necessary payment information (card number, expiration date, CVC, and postal code) to our payment processor, Stripe. We do not have direct access to all of this information, but are able to see your card issuer, the last four digits of your card, the expiration date, and postal code. This information is not displayed publicly.
For payouts on the Gold and Platinum plans, we ask Hosts to go through the same processes as above, providing the necessary payment information to Stripe to allow us to remit your earnings from your bookings. This information is never publicly displayed.
For cottage listings, we collect relevant property & booking information involving various general property characteristics, location, available amenities, rates, policies, images, and videos. All of this information is displayed publicly, with the exception of the exact location which, with a configuration option, we attempt to anonymize. Please refer to Terms & Conditions for Host Information Provision Responsibilities/Liability.
Cookies are used for long-lived authorization data to remember your logged in account across visits.
We store request logs containing your IP address and browser information to manage any security issues for a period of 1 month. Otherwise, we do not track you on our website, only collecting aggregate, anonymous metrics like number of requests to URLs and number of inquiries sent via the platform for each cottage listing.
Interaction with third parties
We do not embed third party scripts on our website, except for one from Stripe for the purposes outlined above. We also include one locally hosted script from Leaflet which makes requests to OpenStreetMap for mapping data such as images. The following information may be sent as part of your browser's connection to Stripe or OpenStreetMap:
- Your IP address
- Information about your browser (ex. browser version, operating system)
- The URL of the page you are currently on
Your browser may send additional information to these pages, something which we are not responsible for.
Data access, retention, and removal
To receive a copy of all of your private data we have on file, please email firstname.lastname@example.org. We are working on a system to do this automatically.
As a Host, to delete your cottage data, please go to the "Visibility" tab in your cottage edit page and press the "Delete" button. Note that cottage information relevant to past bookings is kept according to our data retention policy below.
To delete the rest of your private data which does not fall under the Data Retention policy, please email email@example.com. We are working on a system to do this automatically.
If you make or receive bookings through the platform, we will retain booking and payment data (including Guest & Host contact information, record of financial transactions related to the specific booking, details of stay such as number of Guests & travel dates) as required by Ontario Regulation 26/05 (pursuant to the Travel Industry Act, 2002) and the Canadian Revenue Agency for a period of 6 years and in effort of fraud prevention.
The anonymous, aggregate data mentioned in the Other Information section is stored for 3 months to analyze trends.
The request log containing your IP address and browser information is stored for 1 month to manage security issues.