HotelPath

Privacy Policy

How we collect, use, and protect your personal information

VanEdge Pty Ltd (ABN 18 695 562 291) trading as HotelPath

Last updated: March 2026

1. About This Policy

This Privacy Policy explains how VanEdge Pty Ltd (ABN 18 695 562 291), trading as HotelPath (“we”, “us”, “our”), collects, uses, stores, discloses, and protects your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This policy applies to all users of the HotelPath platform at hotelpath.com.au, including guests making bookings and accommodation providers (“Hotels”) managing their listings.

By using the Platform, you acknowledge that we may handle your personal information in the ways described in this policy and as otherwise permitted or required by law.

2. How We Collect Information

We collect personal information directly from you when you browse the Platform, create an account, make or manage a booking, contact support, or otherwise interact with us.

We also collect some information automatically through cookies and similar technologies, and may receive information from Hotels, Stripe (our payment processor), identity verification providers, fraud prevention tools, and other service providers where reasonably necessary to operate the Platform.

Where lawful and practicable, you may deal with us anonymously or by pseudonym, for example when making a general enquiry. However, we generally need your identity and contact details to create an account, process a booking, take payment, respond to a complaint, or comply with legal obligations.

3. Information We Collect

We collect the following categories of personal information:

Guest Information

(a) Name, email address, phone number (provided during booking)

(b) Booking details: dates, number of guests, room preferences, special requests

(c) Payment information: processed and stored by Stripe (our payment processor). We do not store credit card numbers, CVV codes, or full payment details on our systems.

(d) Communication records: emails or messages exchanged with us or through the Platform

(e) Technical data: IP address, browser type, device information, pages visited, referring URL, collected automatically through cookies and similar technologies

Hotel Information

(f) Business name, ABN, contact name, email address, phone number

(g) Bank account details (collected and stored by Stripe for payment processing)

(h) Property details: address, room types, rates, amenities, photos, descriptions

(i) Login credentials (email and encrypted password, managed by Supabase Auth)

4. How We Use Your Information

We use your personal information for the following purposes:

(a) To process and confirm bookings between guests and Hotels

(b) To process payments securely through Stripe

(c) To send booking confirmations, reminders, and updates via email

(d) To provide customer support and respond to enquiries

(e) To enable Hotels to manage their listings, availability, and bookings through the dashboard

(f) To improve the Platform, including analysing usage patterns and troubleshooting issues

(g) To comply with legal obligations, including tax reporting and dispute resolution

(h) To send you service-related communications (not marketing) about your account or bookings

We will not use your personal information for direct marketing without your express consent. We do not sell your personal information to third parties.

5. Who We Share Your Information With

We may share your personal information with the following third parties, only to the extent necessary to provide our services:

(a) Hotels: When you make a booking, we share your name, email, phone number, booking dates, guest count, room type, and special requests with the Hotel to fulfil your reservation.

(b) Stripe: Our payment processor. Stripe collects and stores payment details directly. Stripe’s privacy policy applies to information they hold. See stripe.com/au/privacy.

(c) Supabase: Our database and authentication provider. Data is stored in Supabase’s Sydney (ap-southeast-2) data centre. See supabase.com/privacy.

(d) Vercel: Our website hosting provider. See vercel.com/legal/privacy-policy.

(e) Resend: Our email delivery provider, used to send booking confirmations and notifications. See resend.com/legal/privacy-policy.

(f) Law enforcement or government bodies: where required by law, court order, or to protect our legal rights.

We require all third-party service providers to handle your personal information in accordance with applicable privacy laws. We do not share your information with third parties for their own marketing purposes.

We do not disclose guest booking personal information to public AI tools or third-party search interfaces except where the disclosure is reasonably necessary to provide a service you have requested, you have been notified, and the disclosure is otherwise permitted by law. Hotel listing content (name, description, amenities, rates, availability) may be made available through APIs and AI-enabled search interfaces to help guests discover accommodation.

6. Overseas Disclosure

We are likely to disclose personal information to service providers located in Australia, the United States, and other countries in which Stripe, Vercel, Resend, Supabase and their subprocessors operate from time to time. A current list of likely countries is available on request.

Where we disclose personal information overseas, we take reasonable steps to ensure the recipient handles the information in a manner consistent with the APPs or otherwise as permitted by law.

7. Cookies and Tracking

We use cookies and similar technologies to operate the Platform, remember your preferences, and analyse how the Platform is used.

Essential cookies are required for the Platform to function (e.g., maintaining your session during the booking process). These cannot be disabled.

Analytics cookies help us understand how visitors use the Platform. We use privacy-respecting analytics tools.

You can manage cookie preferences through your browser settings. Disabling cookies may affect the functionality of the Platform.

8. Data Storage and Security

Your personal information is stored on servers located in Australia (Supabase Sydney region, ap-southeast-2) and may be processed by service providers located overseas (Stripe in the United States, Vercel in the United States).

Where information is transferred overseas, we take reasonable steps to ensure that recipients comply with the APPs or equivalent privacy protections.

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, loss, misuse, or alteration. These include encryption in transit (HTTPS/TLS), encryption at rest, access controls, and regular security reviews.

However, no data transmission or storage system is completely secure. We cannot guarantee the absolute security of your information.

9. Data Retention

We retain your personal information for as long as necessary to provide our services and fulfil the purposes described in this policy. Specifically:

(a) Booking records: retained for 7 years from the date of the booking for tax, accounting, and legal compliance purposes.

(b) Account information: retained for the duration of your account and for 2 years after account closure.

(c) Payment records: retained by Stripe in accordance with their data retention policies and applicable financial regulations.

(d) Technical logs: retained for up to 12 months for security and troubleshooting purposes.

10. Your Rights

Under the Privacy Act 1988 and the Australian Privacy Principles, you have the following rights:

(a) Access: You may request access to the personal information we hold about you. We will respond within 30 days.

(b) Correction: You may request that we correct any inaccurate or incomplete personal information. We will take reasonable steps to correct the information within 30 days.

(c) Deletion: Where permitted by law, you may request that we delete or de-identify personal information we no longer need for a lawful purpose. We may retain information where required or authorised by law, for fraud prevention, dispute handling, or the establishment, exercise or defence of legal claims.

(d) Complaints: If you believe we have breached your privacy, you may lodge a complaint with us (see Contact Us below). If you are unsatisfied with our response, you may complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

To exercise any of these rights, contact us at inquiry@hotelpath.com.au with the subject line “Privacy Request”. We may need to verify your identity before processing your request.

11. Children’s Privacy

The Platform is not intended for use by children under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on the Platform. The updated policy will take effect from the date it is posted.

We encourage you to review this policy periodically.

13. Contact Us

If you have any questions about this Privacy Policy or wish to make a privacy-related request or complaint, please contact us:

VanEdge Pty Ltd (ABN 18 695 562 291) trading as HotelPath

Email: inquiry@hotelpath.com.au

Website: hotelpath.com.au

You may also contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or by phone at 1300 363 992.

HotelPath Support
Hi! I'm HotelPath's support assistant. What's your name and email so I can help you?