1. Information We Collect
Information used to operate the service
STR Engine may collect and process information necessary to deliver monitored operational support. Depending on the implementation,
this may include:
- Client account and contact information, such as names, email addresses, business details, and service configuration details.
- Property and portfolio information, such as property names, operational notes, amenity references, equipment references, turnover details, and internal instructions.
- Reservation and workflow data, including booking references, status changes, scheduling data, exceptions, escalation notes, and monitoring outputs.
- Guest-related operational information, such as communication context, support history, check-in instructions, issue reports, and stay-related handling data supplied through the client’s systems.
- API and integration data, including API-connected records, integration payloads, request metadata, response metadata, sync events, system mapping references, and operational data exchanged through connected services.
- Webhook data, including inbound and outbound webhook payloads, delivery events, timestamps, routing records, endpoint references, and operational triggers used to automate or monitor workflows.
- Access and system data, including IP-related logs, timestamps, token access activity, portal usage events, API access records, webhook activity records, and security-related events.
- Technical and workflow records, including logs, automation events, message routing records, processing traces, and support actions required to operate, review, secure, or improve the service.
2. How We Use Information
Operational use, not unnecessary collection
STR Engine uses information primarily to operate, support, secure, and improve the service. This may include using information to:
- Monitor reservations, workflows, operational exceptions, and portfolio activity.
- Support guest communication handling and escalation workflows.
- Coordinate turnover, cleaner notifications, issue routing, and maintenance triage support.
- Operate, receive, send, validate, route, and troubleshoot API and webhook-based workflows.
- Provide dashboards, portal views, internal support visibility, and operational alerts.
- Authenticate access, maintain system integrity, and reduce misuse or unauthorized entry.
- Diagnose technical issues, improve workflow reliability, and support service performance.
- Communicate with the client regarding service changes, support issues, billing, or operational notices.
3. Client Role & Data Responsibility
The client remains responsible for the underlying business data
STR Engine operates as an operational support layer around the client’s business systems. The client remains responsible for the
lawful collection, accuracy, and use of guest, listing, reservation, integration, and business information within their portfolio.
- The client is responsible for the legality of their listings, policies, and guest data practices.
- The client is responsible for ensuring they have the right to provide data to STR Engine for service operation.
- The client remains responsible for business decisions made using the data processed through the service.
- The client is responsible for the setup, accuracy, permissions, and security posture of APIs, webhook endpoints, and connected third-party systems they control or authorize.
- STR Engine processes data for operational support, monitoring, and execution-related purposes within the service environment.
Where applicable, STR Engine acts in a service-provider or processor-like role for operational data handled on the client’s behalf.
4. Third-Party Services
External systems may be part of the operating environment
STR Engine may rely on third-party services and infrastructure to deliver the service. Depending on setup, this may include
PMS platforms, workflow tools, databases, hosting providers, content delivery providers, communication systems, analytics services,
APIs, webhook-connected services, and client-authorized integrations.
Information may be transmitted through or stored within those systems as part of normal operation. STR Engine does not control
the independent privacy or security practices of third-party systems, and their handling of information is governed by their own terms and policies.
5. Portal, API & Webhook Security
Access credentials and integration paths are part of the security model
Where STR Engine provides portal access, token-based authentication, API connectivity, or webhook-based workflow handling,
those access paths are intended only for authorized operational use. Access may be logged, limited, rotated, disabled,
or invalidated for security or operational reasons.
- The client is responsible for controlling who receives access links, credentials, API keys, secrets, tokens, or integration permissions.
- The client is responsible for protecting webhook endpoints, callback URLs, API credentials, connected accounts, and any systems under the client’s direct control.
- The client must notify STR Engine promptly if access is believed to be compromised, exposed, misrouted, or shared improperly.
- STR Engine may suspend, rotate, revoke, restrict, or reconfigure access to protect the system or the client environment.
Tokenized access, API credentials, and webhook connections should be treated as confidential operational infrastructure, not public-facing links or shareable credentials.
6. Data Retention
We retain information for as long as needed for service operation
STR Engine retains information only for as long as reasonably necessary to operate the service, maintain security,
fulfill contractual obligations, resolve disputes, support legitimate business records, and comply with applicable legal requirements.
Different categories of data may be retained for different periods depending on operational need, legal obligation,
support history, technical logging practices, security review needs, integration traceability, or the client’s service status.
7. Security
Reasonable safeguards, not absolute guarantees
STR Engine uses reasonable administrative, technical, and operational safeguards designed to protect information against unauthorized access,
misuse, alteration, or loss. These may include access controls, role-based limitations, logging, credential controls, restricted workflow access,
API and webhook handling controls, and infrastructure-level protections where applicable.
However, no platform, integration environment, cloud system, API workflow, webhook route, or internet-based operational tool can be guaranteed fully secure.
The client acknowledges that the use of connected systems and online operational tools carries inherent risk.
8. Access, Updates & Deletion
Requests regarding information
Clients may request reasonable access to, correction of, or deletion of information controlled within STR Engine’s service environment,
subject to operational feasibility, security requirements, contractual limits, and any legal obligations requiring retention.
Where requested information originates from or is controlled primarily in a third-party platform, API-connected service,
or external system of record, the client may also need to make changes directly in that underlying platform.
9. International Use
Cross-border service operations
STR Engine may serve clients, systems, and infrastructure across more than one country or region. As a result, information may be processed,
transferred, or stored in jurisdictions different from the client’s location.
By using the service, the client acknowledges that operational data may move through international hosting, workflow, communication,
API, webhook, or infrastructure environments as part of normal service delivery.
10. Policy Updates
Privacy terms may evolve with the service
STR Engine may update this Privacy Policy from time to time to reflect service changes, operational improvements, legal requirements,
infrastructure updates, or changes to connected data flows. The most current version published on the website will apply from its effective posting date unless otherwise stated.
