SmallPMSSmallPMS
Sign inGet started

Privacy Policy

Last Updated: 29. 03. 2026

At small-pms, we believe in being completely transparent about how we handle data. We build software to help you manage your short-term rentals, not to sell your information. This Privacy Policy explains what data we collect, why we collect it, and who we share it with to make our service work.

1. Our Role: Processor vs. Controller (GDPR)

If you are using our software to manage your properties, it is important to understand the legal distinction of how we handle data:

  • Your Data (The Host): When it comes to your personal account information and billing details, small-pms is the Data Controller.

  • Your Guests' Data: When it comes to the names, emails, and reservation details of your guests, you are the Data Controller. small-pms acts solely as the Data Processor. We only use guest data to provide the service to you (like triggering automated emails or saving reservations).

2. What Information We Collect

Information you provide to us (As a Host):

  • Account details: Your email address, name, and login credentials.

  • Property & Settings: The configurations you save in your tenants table, including pipeline setups, custom forms, and survey settings.

  • Financial Information: We do not store your credit card numbers. All payment processing is handled securely through Stripe.

Information you process through us (About your Guests):

  • Guest names, email addresses, check-in/check-out dates, and any custom data you collect via our public guest forms (/guest/, /survey/, etc.).

Information we collect automatically:

  • Event Logs: We log significant actions (like creating a reservation or updating settings) to our event_logs table for audit trails and to help you recover data.

  • Error Tracking: If the app crashes or a cron job fails, we capture error reports to help us fix the bug.

3. How We Use the Data

We strictly use the collected data to operate, maintain, and improve small-pms. This includes:

  • Authenticating your account and keeping your session secure.

  • Processing your subscription payments.

  • Sending automated guest communications on your behalf based on your specific pipeline rules.

  • Providing customer support and troubleshooting issues.

4. Third-Party Services We Use (Subprocessors)

To run a modern SaaS, we rely on a few trusted third-party infrastructure providers. We only share the minimum amount of data necessary for these services to function:

  • Supabase: Hosts our database and manages secure user authentication.

  • Netlify: Hosts our application and runs our scheduled cron jobs.

  • Resend: Delivers the automated transactional emails to you and your guests.

  • Stripe: Securely processes your subscription billing.

  • Sentry: Captures crash reports and errors so we can fix bugs quickly.

5. Cookies and Tracking

We keep things simple. small-pms uses essential cookies required for the app to function. Specifically, we use Supabase SSR (Server-Side Rendering) cookies to keep you securely logged in as you navigate between pages. We do not use third-party advertising or tracking cookies.

6. Data Security and Beta Status

We implement industry-standard security measures, including Row Level Security (RLS) in our database, to ensure that your data is isolated and cannot be accessed by other tenants. However, small-pms is currently in Beta. No system is 100% secure, and we cannot guarantee absolute security of your data against unauthorized access or server failures.

7. Your Data Rights

Under the GDPR, you have the right to access, correct, export, or delete your personal data.

  • You can update your information directly within your dashboard settings.

  • If you wish to permanently delete your account and all associated guest data, please contact us.

  • Note to Hosts: If your guests request that their data be deleted, you can manage and remove their records directly within your small-pms dashboard.