← Back to home

Privacy Policy

Bunce Privacy Policy

Last updated: December 27, 2024

This Privacy Policy describes how Bunce ("we", "us", or "our") collects, uses, stores, shares, and protects your information when you use our hotel revenue management application. For questions about this policy, contact us at privacy@bunce.app.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and organisation name.

Property Management System (PMS) Data

When you connect your PMS (such as Cloudbeds, Mews, or Opera), we access:

  • Property information (name, timezone, currency)
  • Room categories and inventory
  • Reservation data (dates, rates, occupancy)
  • Historical pricing data

Google User Data

If you sign in with Google, we collect:

  • Your Google account email address
  • Your name and profile picture (if available)

We do not access your Google Calendar, Google Drive, Gmail, or any other Google services beyond authentication.

Usage Data

We collect anonymized usage analytics to improve our service, including pages visited and features used.

2. How We Use Your Information

We use your information solely to provide and improve Bunce's functionality:

  • Provide the Service: Generate pricing recommendations, display occupancy analytics, and sync rates with your PMS
  • Authentication: Verify your identity and maintain account security
  • Customer Support: Respond to your inquiries and resolve issues
  • Service Improvement: Analyze aggregated, anonymized usage patterns to improve reliability and features

We do NOT use your data to:

  • Train public AI or machine learning models
  • Display advertisements
  • Build user profiles for marketing purposes
  • Any purpose unrelated to providing or improving Bunce

3. How We Share Your Information

We do NOT sell, rent, or trade your personal information or Google user data to third parties.

We may share your information only in the following limited circumstances:

  • Service Providers: We use trusted third-party services to operate Bunce:
    • Convex (database and backend infrastructure)
    • Vercel (application hosting)
    • WorkOS (authentication)
    • Stripe (payment processing - we never store your payment details)
  • PMS Integrations: We send pricing updates to your connected PMS as directed by you
  • Legal Requirements: If required by law, court order, or governmental authority
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (with prior notice to you)

4. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption in Transit: All data transmitted between your browser and our servers uses TLS 1.3 encryption
  • Encryption at Rest: All stored data is encrypted using AES-256 encryption
  • Access Controls: Strict role-based access controls limit who can access your data
  • Secure Credential Storage: PMS API credentials are encrypted and stored securely, never in plain text
  • Regular Security Audits: We conduct periodic security reviews of our infrastructure

5. Data Retention and Deletion

Retention Period

We retain your data for as long as your account is active or as needed to provide services. Historical pricing data is retained for up to 2 years to enable year-over-year analytics.

Account Deletion

You may request deletion of your account and associated data at any time by emailing privacy@bunce.app. We will delete your data within 30 days of your request, unless a shorter timeframe is required by contract or a longer period is required by law.

PMS Disconnection

When you disconnect a PMS integration, we delete the associated API credentials immediately. Historical data synced from that PMS is retained according to your organisation's data retention settings.

6. Your Rights and Choices

You have the following rights regarding your data:

  • Access: Request a copy of the personal data we hold about you
  • Export: Request your data in a portable, machine-readable format
  • Correction: Request correction of inaccurate personal data
  • Deletion: Request deletion of your personal data
  • Revoke Access: Disconnect PMS integrations or revoke Google sign-in access at any time

To exercise any of these rights, contact us at privacy@bunce.app. We respond to all requests within one business day.

7. Google API Services User Data Policy

Bunce's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • We only request access to Google user data necessary for authentication
  • We do not use Google user data for advertising purposes
  • We do not sell Google user data to third parties
  • We do not use Google user data to determine creditworthiness or for lending purposes
  • We limit our use of Google user data to providing and improving Bunce

8. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice in the application prior to the change becoming effective. We encourage you to review this page periodically.

9. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Bunce

Email: privacy@bunce.app

General inquiries: hello@bunce.app