Privacy Policy

Apalyst ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our financial reporting platform integrated with Apaleo.

1. Information We Collect

Personal Information

• Email address (from your Apaleo account)
• Hotel property information and access permissions
• User account preferences and settings

Financial Data

• Hotel financial transaction data from Apaleo (receivables, liabilities, account balances)
• Property performance metrics and reporting data
• Generated report history and preferences

Technical Information

• IP address and browser information
• Usage analytics and application performance data
• Authentication tokens and session data

2. How We Use Your Information

We use your information to:

• Provide financial reporting and analytics services
• Generate and deliver scheduled reports
• Authenticate and authorize access to your data
• Improve our service performance and user experience
• Send important service notifications and updates
• Provide customer support and technical assistance

3. Data Storage and Security

We implement industry-standard security measures to protect your data:

• Encryption: All data is encrypted in transit and at rest
• Infrastructure: Hosted on secure cloud infrastructure (Vercel/AWS Frankfurt region)
• Database Security: Database hosted on Neon in AWS Europe (Frankfurt) region for GDPR compliance
• Access Control: Strict access controls and authentication protocols
• Temporary Storage: Financial data is processed temporarily and not permanently stored
• Report Retention: Generated reports are automatically deleted after 90 days
• Session Management: Secure session handling with automatic expiration

4. Data Sharing

We do not sell, trade, or transfer your personal information to third parties. We may share data only in these limited circumstances:

• With your explicit consent
• To comply with legal obligations or court orders
• To protect our rights, property, or safety
• With trusted service providers who assist in our operations (under strict confidentiality agreements)

5. Integration with Apaleo

Our service integrates with Apaleo through their official API. We:

• Access only the data necessary for financial reporting
• Respect all permissions and access controls set in your Apaleo account
• Use OAuth 2.0 for secure authentication
• Do not store your Apaleo login credentials

6. Your Rights

Under GDPR and other privacy laws, you have the right to:

• Access: Request information about the data we hold about you
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your personal data
• Portability: Export your data in a machine-readable format
• Withdrawal: Revoke consent for data processing at any time

7. Data Retention

• Generated reports: Automatically deleted after 90 days
• Account information: Retained while your account is active
• Session data: Expired automatically based on security policies
• Audit logs: Retained for compliance purposes as required by law

8. International Data Transfers

Your data is processed within the European Union (Frankfurt, Germany) to ensure GDPR compliance. Specifically:

• Database: Hosted on Neon in AWS Europe (Frankfurt) region
• Application: Hosted on Vercel Frankfurt region
• No data transfers outside the EU without your explicit consent
• Full compliance with European data protection standards

9. Cookies and Tracking

We use essential cookies and similar technologies to:

• Maintain your authentication session
• Remember your account and property preferences
• Ensure proper integration with Apaleo One
• Analyze usage to improve our service (anonymized data only)

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes by:

• Posting the updated policy on our website
• Sending email notifications for material changes
• Updating the "Last Updated" date at the top of this policy

11. Children's Privacy

Our service is not intended for individuals under 16 years of age. We do not knowingly collect personal information from children under 16.