Roomly

Privacy Policy

Last updated: 20 April 2026

1. Who we are

Roomly is an online marketplace for short-term holiday accommodation in the Eastern Cape, South Africa, operated by Roomly (Pty) Ltd (“Roomly”, “we”, “us”, or “our”). Our platform connects guests looking for self-catering accommodation with hosts who have properties to rent.

We are a “responsible party” as defined in the Protection of Personal Information Act, 2013 (“POPIA”). Questions about this policy can be directed to support@myroomly.co.za.

2. Information we collect

Information you give us

  • Account details: name, email address, password (hashed — never stored in plain text).
  • Profile information: profile photo, biography, languages spoken, location.
  • Personal information added voluntarily: phone number, residential address, emergency contact.
  • Booking information: check-in/out dates, guest counts, messages to hosts.
  • Payment information: processed securely by our payment provider — we do not store card numbers.
  • Reviews and communications: messages sent through the platform.

Information we collect automatically

  • Log data: IP address, browser type, pages visited, referring URLs, timestamps.
  • Device information: device type, operating system, screen resolution.
  • Cookies and similar technologies: session cookies (required for login), preference cookies, and analytics cookies. See Section 9.

Information from third parties

  • Google OAuth: if you sign in with Google, we receive your name, email, and profile picture from Google.

3. How we use your information

We use personal information to:

  • Create and manage your account and verify your identity.
  • Process bookings and facilitate communication between guests and hosts.
  • Send transactional emails (booking confirmations, messages, payment receipts).
  • Provide customer support and resolve disputes.
  • Improve our platform through analytics and usage data.
  • Comply with legal obligations under South African law.
  • Detect and prevent fraud and abuse.

We rely on the following lawful bases under POPIA: contract performance (bookings), legitimate interests (platform security, analytics), and your consent (optional communications).

4. Who we share your information with

We share information only where necessary:

  • Hosts and guests: When you make or receive a booking, the relevant party sees your name, profile photo, and booking details. Hosts do not see your email address or phone number unless you share it via messages.
  • Service providers: Supabase (database and authentication), Vercel (hosting), Resend (transactional email). These parties process data on our behalf under data processing agreements.
  • Payment processors: Your payment data is passed directly to our payment provider and is governed by their privacy policy.
  • Legal requirements: We may disclose information if required by law, court order, or government authority.

We do not sell your personal information to third parties.

5. Your rights under POPIA

You have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate or incomplete information.
  • Delete your account and associated personal information (subject to our legal retention obligations).
  • Object to certain processing activities.
  • Lodge a complaint with the Information Regulator of South Africa at inforegulator.org.za.

To exercise any of these rights, email support@myroomly.co.za. We will respond within 30 days.

6. Data retention

We retain your personal information for as long as your account is active and for a reasonable period thereafter to comply with legal obligations, resolve disputes, and enforce our agreements. Specifically:

  • Account data: retained until you delete your account, then purged within 30 days.
  • Booking records: retained for 5 years for financial/tax compliance.
  • Messages: retained for 2 years after the relevant booking checkout date.

7. Security

We implement industry-standard security measures: TLS encryption in transit, hashed passwords, row-level security on our database, and role-based access controls. However, no system is completely secure — please use a strong, unique password and keep your login credentials private.

8. Children

Our platform is not directed at children under 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

9. Cookies

We use the following types of cookies:

  • Strictly necessary cookies: Session and authentication tokens required for the platform to function. These cannot be disabled.
  • Analytics cookies: We may use privacy-respecting analytics to understand how users interact with the site. No personally identifiable information is sent to analytics providers.

POPIA does not require a cookie consent banner for cookies that are strictly necessary for the service. We do not use advertising or tracking cookies.

10. Changes to this policy

We may update this policy from time to time. We will notify registered users by email of material changes. The “Last updated” date at the top of this page indicates the most recent revision. Continued use of Roomly after changes constitutes acceptance of the updated policy.

11. Contact us

For any privacy-related queries, to exercise your POPIA rights, or to report a concern:

Email: support@myroomly.co.za
Website: www.myroomly.co.za

Terms of ServiceBack to Roomly