Privacy Policy

Version 1.0  |  Effective: March 15, 2026  |  Last Updated: March 29, 2026

1. Introduction

This Privacy Policy describes how Sun Sol Software, LLC ("we," "us," or "our") collects, uses, shares, and protects information in connection with our reservation management software (the "Service").

Who This Policy Applies To:

This policy covers:

• Business Customers: Companies that subscribe to our Service
• Authorized Users: Employees and staff of our business customers who use the Service
• End Consumer Data: Information about individuals whose reservations are managed through our Service

Important Note About End Consumer Data:

We process end consumer data (such as reservation details) on behalf of our business customers. Our business customers act as the "data controller" for their end consumers' information, while we act as a "service provider" or "data processor." This means:

• Our business customers decide what end consumer information to collect
• We process this information only as instructed by our business customers
• Our business customers are responsible for providing privacy notices to their end consumers
• End consumers should contact the business they interacted with for privacy requests

2. Information We Collect

2.1 Business Customer Information

When you subscribe to our Service as a business customer, we collect:

• Account Information: Business name, business address, contact email address, phone number, and tax identification number (for invoicing and tax reporting purposes)
• Billing Information: Information necessary for payment processing, such as but not limited to your connected payment processor account identifier
• Payment Transaction Data: Transaction amounts, payment status, and fee calculations related to your use of the Service

2.2 Authorized User Information

When our business customers invite and create accounts for their employees and staff:

• Invitation Data: When a business customer invites a new user, we collect the invitee's email address and assigned role. Pending invitations expire after 7 days, but the invitation record is retained for audit purposes.
• User Credentials: First name, last name, company email address, and login credentials. Passwords are encrypted and hashed.
• Activity Data: Permanent audit records linking each reservation and payment transaction to the specific authorized user who created or processed it, login timestamps, and usage of Service features. These records are retained for the full duration of the applicable retention period for accountability and compliance purposes.
• Authentication Data: IP addresses, browser type, device information, and session data collected through our authentication system

2.3 End Consumer Data — Processed on Behalf of Business Customers

We process the following end consumer information on behalf of our business customers:

• Reservation Details: Names, reservation dates and times, service or rental details, and rental unit identifier or room number for room charge transactions.
• Transaction Information: Transaction amounts, payment status (paid, pending, refunded, cancelled), and payment metadata from our payment processor (such as last 4 digits of payment card and payment method type).
• Communication Data: Email addresses are processed by our email delivery provider and payment processor to send transactional receipts, but are not stored in our database.
• Signature Images: For non-card payment methods, such as room charges, a digital signature image may be captured at the time of transaction and stored securely in our cloud storage infrastructure provider. Signature images are associated with the relevant reservation and transaction record and retained for the same period as the associated transaction record (7 years) under our retention policy. Signature images may constitute biometric data under certain state laws.
• Notes and Special Instructions: The Service includes free-text note fields where authorized users may record information related to a reservation. The content of these fields is determined by the business customer's authorized users, and may include information beyond the categories listed above. We do not control or review the content entered into these fields.

Important: We do not collect or store full payment card numbers. All payment card data is processed and stored by our payment processor. We only receive limited payment metadata necessary for transaction tracking.

2.4 Automatically Collected Information

When you use our Service, we automatically collect:

• Server Logs: IP addresses, browser type and version, operating system, request URLs, timestamps, and error logs
• Analytics Data: Aggregated usage statistics, feature utilization, performance metrics, and error reports
• Performance Monitoring: Information about Service performance, uptime, and technical issues

2.5 Platform-Specific Information

iOS Application: Our iOS application uses secure token-based authentication and does not use cookies. Non-personal configuration data such as pricing settings and feature preferences may be cached locally on the device and is cleared upon signout.

Web Application: When you access our Service through our web application, we use cookies and similar technologies to support authentication and maintain session state. Our web analytics provider collects anonymized usage data to help us understand how the Service is used. You can control cookie settings through your browser; however, disabling certain cookies may affect the functionality of the Service, including the ability to stay logged in.

3. How We Use Information

3.1 To Provide the Service

We use the information we collect to:

• Operate and maintain the reservation management software
• Process payments and calculate platform fees through payment processor
• Send transactional emails such as reservation confirmations and receipts to end consumers via our email service provider
• Authenticate authorized users and manage user accounts
• Track which users performed which actions for accountability and audit purposes
• Provide customer support to business customers

3.2 To Improve and Secure the Service

We use information to:

• Monitor Service performance and identify technical issues
• Analyze usage patterns to improve features and user experience
• Detect, prevent, and respond to security incidents, fraud, or unauthorized access
• Debug errors and optimize system performance
• Conduct aggregated analytics to understand how the Service is used
• Use aggregated or anonymized data which cannot reasonably identify any individual or business for product improvement, benchmarking, and internal research purposes

3.3 For Legal and Compliance Purposes

We use information to:

• Comply with applicable laws, regulations, and legal processes
• Enforce our customer agreements and other contractual obligations
• Respond to lawful requests from government authorities
• Maintain records for tax reporting and financial compliance such as including issuing Form 1099 to business customers when required
• Protect our legal rights and property

3.4 Legal Basis for Processing

We process information based on: (a) contractual necessity to provide the Service to business customers and authorized users; (b) our legal obligations for tax reporting, financial compliance, and applicable law; and (c) our legitimate interests in maintaining the security, preventing fraud, and improving the performance of the Service. Where we process end consumer data, we do so as a service provider acting on the instructions of our business customers, who are responsible for establishing their own legal basis for collection.

3.5 Automated Processing

We use automated systems to calculate pricing, platform fees, and discounts based on reservation parameters configured by business customers. These calculations follow rules set by business customers and do not involve profiling, artificial intelligence, or automated decision making that produces legal or similarly significant effects on end consumers.

3.6 Transactional Communications

As part of providing the Service, we may send transactional communications on behalf of our business customers to end consumers. These communications may include reservation confirmations, receipts, payment confirmations, cancellations, refunds, service notifications, or other messages directly related to a reservation or transaction processed through the Service.

Business customers authorize us to send these communications using the contact information they provide or collect from end consumers, such as email addresses or phone numbers. We send these communications solely as a service provider acting on behalf of the business customer.

4. How We Share Information

4.1 Service Providers and Third-Party Platforms

We share information with trusted third-party service providers that help us operate the Service:

All service providers are contractually required to protect the confidentiality and security of the information they process on our behalf and to use it only for the purposes we specify. A detailed list of specific sub-processors is available to business customers under the Data Processing Addendum. If we add, remove, or replace a sub-processor in a way that materially affects the processing of your data, we will notify business customers by email or through the Service with reasonable advance notice.

4.2 Business Customer Access

Business customers have access to:

• Their own account information
• Data for their authorized users
• End consumer data they have entered into the system
• Transaction and payment data for their business

4.3 Legal Requirements

We may disclose information if required by law or in response to:

• Court orders, subpoenas, or other legal processes
• Lawful requests from government authorities
• Investigations of potential violations of law or our customer agreements
• Situations involving potential threats to safety or security

4.4 Business Transfers

If we are involved in a merger, acquisition, sale of assets, bankruptcy, or other business transaction, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your information.

4.5 With Your Consent

We may share information for other purposes with your explicit consent.

We do not sell, share, or rent personal information to third parties for their commercial or marketing purposes, as those terms are defined under applicable state privacy laws including the California Consumer Privacy Act. We follow data minimization principles and collect only the information necessary to provide the Service.

5. Data Security

5.1 Security Measures

We implement industry standard security measures to protect information from unauthorized access, disclosure, alteration, and destruction. These measures include encryption of data in transit and at rest, access controls, secure password hashing, and use of infrastructure providers that maintain SOC 2 Type II compliance. Payment card data is processed entirely by our payment processor, a PCI DSS Level 1 certified service provider; we never store or process full payment card numbers.

While we implement reasonable security measures, no system is completely secure. We cannot guarantee absolute security of information transmitted or stored through the Service.

5.2 Your Responsibilities

You are responsible for maintaining the confidentiality of your login credentials, using strong and unique passwords, promptly reporting any unauthorized access or security breaches, and managing authorized user accounts and permissions appropriately.

5.3 Incident Response

Upon receiving a report of unauthorized access or a security incident, we will investigate promptly and notify the reporting party and affected business customer of the outcome and any remedial actions taken within 30 days.

6. Data Retention

6.1 Retention Periods

We retain information for the following periods:

Business Customer Account Data: For the duration of your subscription plus 7 years after account closure for tax, legal, and audit purposes

Authorized User Data: For the duration of employment/authorization plus 7 years after account deactivation

End Consumer Reservation and Transaction Data: For 7 years from the transaction date to comply with tax regulations, legal requirements, and to support dispute resolution and chargebacks

Signature Images: Retained for the same period as the associated transaction record, 7 years. Upon expiration of the retention period or upon business customer termination and data deletion request, signature images are deleted from our cloud storage infrastructure.

Server Logs and Analytics: Typically 12–24 months, unless longer retention is required for security investigations or legal compliance

6.2 Deletion Process

Upon request from a business customer, we will delete or anonymize end consumer data subject to the following exceptions:

• Tax and Legal Records: Transaction and payment data must be retained for 7 years for IRS reporting, tax compliance, and legal requirements
• Fraud Prevention: Information necessary to prevent, detect, or investigate fraud, security incidents, or violations of our customer agreements
• Ongoing Disputes: Information subject to pending legal claims, investigations, or chargebacks

When we delete information, it is removed from active systems and backups within a reasonable timeframe. Upon termination or expiration of a business customer's account, data handling, export, and deletion procedures — including deletion of associated signature images from cloud storage — are governed by the applicable customer agreement and Data Processing Addendum.

6.3 Revoking Consent

Authorized users may revoke consent for data processing by deleting their account through the app (see Section 7.2). Business customers may revoke consent by terminating their subscription in accordance with the Master Service Agreement. Revoking consent does not affect the lawfulness of processing performed prior to revocation, and certain data may be retained as required by law (see Section 6.1).

7. Your Rights and Choices

7.1 Business Customers

As a business customer, you may:

• Access: Request a copy of your account information
• Correction: Update or correct inaccurate information through your account settings or by contacting us
• Deletion: Request deletion of your account and associated data, subject to legal retention requirements
• Export: Request an export of end consumer data you have entered into the system. Data export is fulfilled manually by our support team upon written request; please contact us at info@sunsolsoftware.com to initiate an export request. We will fulfill export requests within 30 days.
• Objection: Object to certain processing of your information where we rely on legitimate interests

7.2 Authorized Users

Authorized users may exercise the following rights:

• Account Deletion: Authorized users may delete their account from within the app. Upon account deletion, we immediately delete your profile information and authentication credentials. Transaction records associated with your account (such as which reservations you created or payments you processed) will be anonymized but retained for up to 7 years as required for tax and legal compliance. End consumer data associated with reservations you processed, including signature images, is not affected by your account deletion, as it belongs to the business customer's records.
• Access and Correction: To request access to or correction of your personal information, contact your employer (our business customer), as the employer controls user access and permissions.
• Other Privacy Requests: For privacy requests not related to account deletion, authorized users should contact their employer (our business customer) in the first instance. You may also contact us directly using the information in Section 13.

7.3 End Consumers

If you are an end consumer whose information is processed through our Service:

• Your information is controlled by the business you interacted with (our business customer)
• Privacy requests (access, correction, deletion) should be directed to that business
• We act as a service provider and process your information only as instructed by the business
• That business is responsible for providing you with privacy notices and handling your privacy rights

7.4 How to Exercise Rights

To exercise your rights, contact us at:

Email: info@sunsolsoftware.com
Mail: 1111B S Governors Ave #49796 Dover, DE 19904

We will respond to verified requests within 30 days. We may require verification of your identity before processing requests.

8. Business Customer Responsibilities

8.1 Data Controller Obligations

Our business customers act as data controllers for end consumer information and are responsible for:

• Providing privacy notices to end consumers about data collection and use
• Obtaining any necessary consents from end consumers
• Handling end consumer privacy rights requests (access, deletion, etc.)
• Ensuring compliance with applicable privacy laws in their jurisdiction
• Maintaining their own privacy policy that covers their use of our Service
• Instructing authorized users not to enter sensitive personal information (such as health data, government identification numbers, financial account numbers, or protected classifications) into free text note fields unless required for legitimate business purposes, and providing appropriate training to staff regarding data entry practices

8.2 Data Processing Agreement

Business customers agree to our Data Processing Addendum, which governs how we process end consumer data on their behalf and establishes:

• Our role as a service provider/processor
• Permitted uses of end consumer data
• Security and confidentiality obligations
• Data breach notification procedures (we will notify affected business customers within 30 days of becoming aware of a confirmed breach involving their data)
• Assistance with data subject requests
• Return or deletion of data upon termination

8.3 Breach Notification Compliance

In addition to notifying affected business customers, we will comply with all applicable state and federal breach notification laws, which may require notification to state attorneys general, regulatory authorities, and affected individuals within the timeframes prescribed by applicable law.

9. Third-Party Links and Services

Our Service integrates with third-party services, such as our payment processor, and may contain links to third-party websites. This Privacy Policy does not apply to those third-party services, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you interact with.

10. International Data Transfers

Our Service is operated in the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States. By using the Service, you consent to the transfer of your information to the United States.

Currently, we do not serve customers or process data from the European Union or other jurisdictions with data localization requirements.

11. Children's Privacy

Our Service is not directed to children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect information from children. If you believe we have collected information from a child, please contact us immediately, and we will take steps to delete such information.

12. Your Consent to This Privacy Policy

By creating an account through the invitation and registration process, authorized users consent to this Privacy Policy. Business customers consent to this Privacy Policy by executing the Master Service Agreement, which incorporates this Privacy Policy by reference.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:

• We will update the "Last Updated" date at the top of this policy
• For material changes, we will notify business customers via email or through the Service
• Continued use of the Service after changes become effective constitutes acceptance of the updated policy

We encourage you to review this Privacy Policy periodically.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Sun Sol Software, LLC
Privacy Contact: info@sunsolsoftware.com
Mail: 1111B S Governors Ave #49796 Dover, DE 19904

Our Privacy Contact is responsible for overseeing our privacy practices and responding to privacy inquiries.

For privacy requests: Please include "Privacy Request" in the subject line and provide sufficient detail to verify your identity and process your request.

For data security incidents: If you believe there has been unauthorized access to your account or a security breach, please contact us immediately at info@sunsolsoftware.com

This Privacy Policy (v4.0) is effective as of March 15, 2026 and was last updated on March 29, 2026.

← Back to Sun Sol Software