Privacy policy
This policy explains what personal data HostDesk collects, why, who it is shared with and how to exercise your rights, in accordance with the General Data Protection Regulation (GDPR).
Last updated: 9 June 2026
Data controller
The data controller is HACORP (EURL, RCS Paris 793 020 546), 1 rue de Rocroy, 75010 Paris, France.
For any question about your data: contact@hostdesk.co.
Data we collect
We only collect the data needed to run the service:
- Account data: email address, name, password (stored hashed).
- Data you enter: properties, bookings, expenses and other management information.
- Billing data: handled through our payment processor Stripe.
- Technical data: connection and security logs.
Purposes and legal bases
Each processing activity rests on a specific legal basis:
- Providing the service (managing your rentals) — performance of the contract.
- Billing and accounting obligations — legal obligation.
- Security and fraud prevention — legitimate interest.
Recipients and processors
Your data may be processed by technical processors, strictly for the purposes of the service:
- Stripe — payment processing.
- Resend — transactional emails.
- Render — application hosting.
- Supabase — database.
- Vercel — website hosting.
Transfers outside the European Union
Some processors are located outside the European Union. Such transfers are governed by appropriate safeguards, in particular the Standard Contractual Clauses (SCCs) adopted by the European Commission.
Retention periods
Your data is kept for as long as your account is actively used, then deleted or anonymised.
Some data is kept longer to meet our legal and accounting obligations — for example, invoices are kept for 10 years.
Your rights
Under the GDPR, you have the following rights:
- Right of access, rectification and erasure of your data.
- Right to restriction and portability.
- Right to object to processing.
Exercising your rights and complaints
You can exercise your rights by writing to contact@hostdesk.co.
You also have the right to lodge a complaint with the French data protection authority (CNIL) — www.cnil.fr.
Cookies
HostDesk only uses strictly necessary cookies and storage: a session cookie for authentication, and local storage (localStorage) of your language and currency preferences.
We use no advertising trackers and no third-party analytics. No consent banner is therefore required.