Who We Are
Home Anywhere ("Company", "we", "us") is a short-term rental property management platform headquartered at 1400 Fallenleaf St, La Habra, CA 90631-3123, United States. We provide channel management, AI-powered guest messaging, revenue management and booking engine software for property managers and vacation rental hosts worldwide.
This Privacy & Legal document describes how we collect, use, store and protect the personal data of our customers, platform users and website visitors in compliance with the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), GDPR and other applicable regulations.
By using Home Anywhere services or accessing our website, you agree to the practices described in this policy. We recommend reading it in full before providing us with any personal data.
Personal Data We Collect
We collect personal data necessary to deliver our property management platform with quality, security and personalisation:
As a channel management platform, Home Anywhere may process end-guest data on behalf of property managers as a Data Processor. In those cases, property managers act as Data Controllers and are responsible for their guests' data in accordance with applicable laws.
- Account & Identity Data — Name, email address, phone number, profile photo and login credentials.
- Property & Business Data — Property addresses, listing details, availability calendars, pricing rules and occupancy data.
- Guest Data (processed on behalf of hosts) — Guest names, contact details, booking dates, payment references and communication history.
- Usage & Platform Data — Channel sync activity, automation rules, dashboard interactions, API calls and feature usage logs.
- Payment & Billing Data — Subscription details and payment records processed by PCI-DSS certified partners.
- Technical Data — IP address, browser type, device identifiers, operating system and session logs.
- Channel Integration Data — OAuth tokens, API keys and listing data from connected OTA accounts (Airbnb, VRBO, Booking.com etc.).
- Communication Data — Guest messages managed through our AI inbox, automated messaging templates and review management.
How We Use Your Data
We use your data exclusively for legitimate, specific and informed purposes with the appropriate legal basis:
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Providing the Home Anywhere platform and services | Account, Property, Usage | Contract Performance |
| Channel synchronisation across 200+ OTAs | Property, Channel Integration | Contract Performance |
| AI guest messaging and inbox automation | Guest Data, Communication | Contract Performance |
| Revenue management and dynamic pricing | Property, Usage | Contract Performance |
| Processing subscriptions and billing | Account, Payment | Contract Performance |
| Platform analytics and feature improvement | Usage, Technical | Legitimate Interest |
| Marketing, newsletters and product updates | Account, Profile | Consent |
| Security monitoring and fraud prevention | Technical, Usage | Legitimate Interest |
| Compliance with legal and regulatory obligations | Account, Billing | Legal Obligation |
Data Sharing & Disclosure
Home Anywhere does not sell your personal data. We share information only where necessary to deliver our services and with appropriate safeguards:
- OTA channel partners — Airbnb, VRBO, Booking.com and 200+ other channels to synchronise listings, availability and bookings on your behalf.
- Payment processors — Stripe and other PCI-DSS certified processors for subscription billing and payout management.
- Cloud infrastructure providers — AWS and Google Cloud for platform hosting, data storage and processing.
- Platform integrations — PriceLabs, RemoteLock, Safely, Rentability and other partner tools connected via our integration marketplace, subject to their privacy policies.
- Analytics and monitoring tools — Under appropriate Data Processing Agreements for platform performance and error monitoring.
- Regulatory and legal authorities — Where required by US federal or state law, court order, or regulatory investigation.
- International transfers — Data may be transferred outside the US using Standard Contractual Clauses (SCCs) or other approved mechanisms.
Cookies & Tracking
Our website and platform use cookies and similar technologies to improve user experience, analyse platform usage and support marketing activities.
| Type | Purpose | Duration |
|---|---|---|
| Essential | Login sessions, security tokens, platform authentication and core functionality. Cannot be disabled. | Session |
| Analytics | Platform usage analysis, feature adoption tracking and performance monitoring. | Up to 2 years |
| Functional | Dashboard preferences, notification settings, language and interface configurations. | Up to 1 year |
| Marketing | Retargeting campaigns and personalised advertising. Activated only with explicit consent. | Up to 90 days |
Manage your cookie preferences via the consent banner on our website or through your browser settings. Disabling essential cookies may prevent access to your Home Anywhere account.
Data Retention
We retain personal data only as long as necessary to provide our services and meet legal obligations:
- Active account and property data: for the duration of the subscription, plus 3 years after termination.
- Booking and guest data: 5 years for financial record-keeping and dispute resolution purposes.
- Channel integration tokens and API keys: for the duration of the integration, securely deleted on disconnection.
- Payment and billing records: 7 years per IRS requirements and California tax law.
- Access logs and security records: 12 months for security monitoring and incident investigation.
- Marketing consent and lead data: 3 years from last engagement or until opt-out.
- AI messaging conversation logs: 2 years or as configured by the property manager in platform settings.
Your Privacy Rights (CCPA / CPRA)
As a California-based company, we uphold all rights under the CCPA and CPRA. Depending on your location, additional rights may apply under GDPR or other laws:
- Right to Know — Request disclosure of the categories and specific pieces of personal data we have collected, used, disclosed or sold.
- Right to Access — Obtain a copy of your personal data in a portable, machine-readable format.
- Right to Delete — Request deletion of personal data we hold, subject to applicable legal retention obligations.
- Right to Correction — Request correction of inaccurate or incomplete personal information in our records.
- Right to Opt-Out of Sale/Sharing — Home Anywhere does not sell personal data. This right is upheld by default.
- Right to Limit Use of Sensitive Data — Limit our use of sensitive personal information to purposes strictly necessary to provide services.
- Right to Non-Discrimination — Exercising your privacy rights will not result in denial of service or any adverse treatment.
- Right to Withdraw Consent — Withdraw marketing consent at any time without affecting prior lawful processing.
To exercise any of these rights, contact us at privacy@homeanywhere.com. We will respond within 45 days as required by CCPA (or 30 days for GDPR). Identity verification may be required before processing your request.
Security Measures
Home Anywhere implements enterprise-grade security measures to protect your data and your guests' data:
- TLS 1.3 encryption for all data in transit between users, platform components and channel APIs.
- AES-256 encryption for sensitive data at rest, including OAuth tokens and API credentials.
- Role-based access control (RBAC) ensuring only authorised personnel can access user data.
- Multi-factor authentication (MFA) required for all employee and administrator access to production systems.
- Regular SOC 2 Type II audits and penetration testing by accredited independent firms.
- 24/7 automated security monitoring, intrusion detection and alerting.
- Data breach notification within 72 hours to regulatory authorities and affected parties as required by applicable law.
- Secure isolated environments for channel API integrations to prevent cross-tenant data exposure.
External Links & Channel Integrations
Home Anywhere integrates with 200+ OTA channels, payment processors, smart home devices and partner tools. When you connect a third-party integration, you are subject to that provider's own privacy policy and terms of service.
Home Anywhere is not responsible for the privacy practices of OTAs, channel partners or third-party integrations, even those connected directly through our platform. This Privacy & Legal document applies exclusively to data processed by Home Anywhere within our own systems.
Children's Privacy
Home Anywhere's platform and services are directed exclusively at property managers, vacation rental hosts and business professionals. We do not knowingly collect personal data from individuals under the age of 13.
If you believe a minor has provided data through our platform without appropriate consent, contact us immediately at privacy@homeanywhere.com and we will take prompt action to delete the data.
Changes to This Policy
We may update this Privacy & Legal document periodically to reflect changes in our services, legal obligations or business practices. When material changes are made:
- The "Last Updated" date at the top of this page will be revised accordingly.
- Registered customers will be notified by email with at least 30 days advance notice for material changes.
- A prominent notice will be displayed on our homepage and within the platform dashboard for a minimum of 30 days.
- Previous versions of this policy are available upon request from our Privacy Team.
Continued use of the Home Anywhere platform after the effective date of any updates constitutes your acceptance of the revised policy.
Contact & Privacy Team
For any questions, rights requests or concerns regarding how Home Anywhere processes your personal data, please reach out through any of the following channels:
Privacy Team
privacy@homeanywhere.comData Protection Officer
dpo@homeanywhere.comOrganisation Address
1400 Fallenleaf StLa Habra, CA 90631-3123
United States
Compliance
CCPA · CPRA · GDPRSOC 2 Type II · PCI-DSS
ISO 27001
California residents may submit privacy rights requests to the California Privacy Protection Agency (CPPA) at cppa.ca.gov. EU/UK residents may contact the relevant supervisory authority in their member state.