Privacy Policy

Last Updated: January 2026

1. Introduction

Buffr Host ("we", "us", "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our hospitality management platform ("Platform").

This policy complies with:

  • Namibia Data Protection Bill (when enacted)
  • Namibia Constitution Article 13 (Right to Privacy)
  • General Data Protection Regulation (GDPR) for international users
  • Namibia Electronic Transactions Act 2019
  • Industry best practices for data protection

2. Data Controller

Buffr Host is the data controller responsible for your personal data. For questions about this policy or your data rights, contact us:

Buffr Host
Email: privacy@buffrhost.com
Address: Windhoek, Namibia

3. Information We Collect

3.1 Account Information

When you register, we collect:

  • Name and contact information (email, phone)
  • Business information (property name, address)
  • Account credentials (encrypted passwords)
  • Payment information (processed securely through third-party providers)

3.2 Guest Data

As a property manager, you may collect and store guest information through the Platform:

  • Guest names and contact details
  • Booking and reservation information
  • Payment information (processed securely)
  • Preferences and special requests
  • Communication history

Important: You are responsible for ensuring you have lawful basis and consent to collect guest data in accordance with applicable data protection laws.

3.3 Usage Data

We automatically collect:

  • IP addresses and device information
  • Browser type and version
  • Platform usage patterns and analytics
  • Error logs and performance data

3.4 Cookies and Tracking

We use cookies and similar technologies. See our Cookie Policy for details.

4. How We Use Your Information

We use your data for the following purposes:

4.1 Service Provision

  • To provide and maintain the Platform
  • To process bookings and reservations
  • To enable AI concierge services (Sofia AI)
  • To manage your account and properties

4.2 Legal Basis (GDPR)

We process your data based on:

  • Contractual necessity: To fulfill our service agreement
  • Legal obligation: To comply with applicable laws
  • Legitimate interests: To improve our services and ensure security
  • Consent: Where you have provided explicit consent

4.3 Communication

  • To send service-related notifications
  • To respond to your inquiries
  • To provide customer support
  • To send important updates about the Platform

4.4 Analytics and Improvement

  • To analyze Platform usage and performance
  • To improve our services and features
  • To detect and prevent fraud or abuse

5. Data Sharing and Disclosure

We do not sell your personal data. We may share data only in these circumstances:

5.1 Service Providers

We share data with trusted third-party service providers who:

  • Host our infrastructure (with data processing agreements)
  • Process payments (PCI-DSS compliant)
  • Provide analytics services
  • Deliver email and communication services

All service providers are contractually bound to protect your data.

5.2 Legal Requirements

We may disclose data when required by:

  • Namibia laws and regulations
  • Court orders or legal processes
  • Government authorities
  • To protect our rights, property, or safety

5.3 Business Transfers

In the event of a merger, acquisition, or sale, your data may be transferred to the new entity, subject to the same privacy protections.

6. Data Security

We implement industry-standard security measures:

  • Encryption: Data in transit (TLS/SSL) and at rest
  • Access Controls: Role-based access and authentication
  • Regular Audits: Security assessments and penetration testing
  • Data Backup: Regular encrypted backups
  • Incident Response: Procedures for data breach response

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Data Retention

We retain your data only as long as necessary:

  • Account Data: While your account is active, plus 30 days after deletion
  • Guest Data: As determined by your data retention policies (you control this)
  • Legal Requirements: As required by applicable laws
  • Analytics Data: Aggregated and anonymized data may be retained longer

Upon account deletion, we will delete or anonymize your personal data within 30 days, except where retention is required by law.

8. Your Data Rights

You have the following rights regarding your personal data:

8.1 Right to Access

You can request a copy of your personal data we hold.

8.2 Right to Rectification

You can request correction of inaccurate or incomplete data.

8.3 Right to Erasure

You can request deletion of your data, subject to legal retention requirements.

8.4 Right to Restrict Processing

You can request we limit how we process your data.

8.5 Right to Data Portability

You can request your data in a structured, machine-readable format.

8.6 Right to Object

You can object to processing based on legitimate interests.

8.7 Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time.

To exercise these rights, contact us at privacy@buffrhost.com. We will respond within 30 days (or as required by applicable law).

9. International Data Transfers

Your data may be processed and stored outside Namibia, including in countries that may not have the same data protection laws. When we transfer data internationally, we ensure:

  • Appropriate safeguards are in place (e.g., Standard Contractual Clauses for GDPR)
  • Data is processed in accordance with this Privacy Policy
  • Security measures are maintained

For GDPR-covered transfers, we comply with Chapter V of the GDPR regarding international transfers.

10. Children's Privacy

Our Platform is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

11. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours (GDPR requirement)
  • Notify affected users without undue delay
  • Provide information about the nature of the breach and steps taken
  • Comply with Namibia data protection requirements when the Data Protection Bill is enacted

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via:

  • Email notification to registered users
  • Notice on the Platform
  • Updated "Last Updated" date

Continued use of the Platform after changes constitutes acceptance of the updated policy.

13. Contact Us

For questions, concerns, or to exercise your data rights, contact us:

Data Protection Officer
Buffr Host
Email: privacy@buffrhost.com
Address: Windhoek, Namibia

For GDPR-related inquiries, you also have the right to lodge a complaint with your local data protection authority.

14. Related Policies

This Privacy Policy should be read together with:

  • Terms of Service
  • Cookie Policy
  • Security Policy