770 Stays — Privacy Policy
Effective date: July 14, 2026
770 Stays ("770 Stays," "we," "us," or "our") is a property-management app for apartment owners in the Crown Heights, Brooklyn community and the wider U.S. market. Owners use 770 Stays to manage their units, availability, reservations, guests, pricing, receipts, and a small team.
This Privacy Policy explains what information the app handles, why, who it is shared with, how long it is kept, and the choices and rights you have. Please read it together with our Terms of Service. If you do not agree with this policy, please do not use 770 Stays.
The service is operated by Yosef Yarhi dba 770 Stays. If you have any questions, contact us at contact@770stays.com.
1. Who we are, and who controls what
770 Stays plays two different roles depending on whose data is involved.
- For your own account information (your email, password, name, phone, profile photo, and the settings and content you create), 770 Stays is the controller — we decide how that information is used to run the app.
- For information you enter about your guests (guest names, phone numbers, emails, notes, billing details, and booking details), you — the owner — are the controller of your guests' data, and 770 Stays acts as your processor. In other words, 770 Stays is the platform that stores and organizes this data on your behalf; you decide what to enter and what to do with it. You are responsible for handling your guests' information lawfully, including telling your guests how you use their data and honoring their requests. See Section 4.
2. What we collect, and why
We only collect information that is needed to run the app. We do not buy data about you, and we do not sell your data. Almost everything below is entered by you (the owner) or your invited team members; a small amount is generated automatically or provided by your sign-in provider.
Account and identity
| What | Why |
|---|---|
| Email address | Create your account, sign you in, and identify you. Provided by you for email/password sign-up, or received from Apple or Google when you use those sign-in options. |
| Password | Sign in to email/password accounts. Your password is stored only as a secure bcrypt hash by our authentication provider; the app never stores or sees your plaintext password. |
| Profile: full name, phone number, profile photo | Display your account, contact within the app. Your name and email may be provided by Apple Sign In or Google when you choose those sign-in methods. |
Your properties
| What | Why |
|---|---|
| Listings: name, address, country, description, amenities/equipment, number of rooms and beds, room layout | Let you manage your units and their availability. |
| Property and interior photos | Display and share your listings (for example, branded cards or link previews you send). Please read Section 5 — these photos are stored in a publicly readable location. |
Guests and bookings (data you enter about your guests)
| What | Why |
|---|---|
| Guest contact details: name, phone, email (on reservations and in your customer list/CRM) | Manage bookings and keep your own customer records. |
| Private notes about a guest or stay | Your own private notes. |
| Booking party makeup: number of adults, number of children, and children's ages | Track occupancy and capacity. The children's-ages field stores ages only (no names) of minors in a booking party — see Section 9. |
| Reservation details: dates, booking status, source (own / Booking.com / Airbnb / other) | Track availability and the booking lifecycle. |
| Customer segmentation: tags and preferred language (Hebrew / English / French) | Group your customers and set the language of branded cards. |
| Guest reputation reviews: star rating, structured ratings (paid on time, cleanliness, communication, respected house rules), and a private note | Keep your own private notes on guests. These reviews are private to you; you can read only the reviews you wrote, and they are not shared or networked between accounts. |
Payment tracking (numbers only — no card data)
| What | Why |
|---|---|
| Amounts and status: final price, currency, deposit amount and status, down-payment amount and date | Let you track what a guest owes or has paid. These are plain numbers plus a status you pick. |
| U.S. billing identity on receipts (all optional): bill-to name, company, street, city, state, ZIP, tax ID/EIN | Issue receipts. |
See Section 6 — 770 Stays does not process payments and stores no card or bank-account data of any kind.
Team access
| What | Why |
|---|---|
| Team member records: invited email, role, permissions, and which properties a member can access | Control who in your account can see and do what. |
Notifications
| What | Why |
|---|---|
| Device push token and platform (iOS / Android / web) | Deliver reminder notifications to your device. |
| Notification log: type, date sent, and content | Prevent duplicate reminders and keep an audit of what was sent. Reminder content can include a guest's name in the notification text — see Section 5. |
Broker sharing (only if you turn it on)
| What | Why |
|---|---|
| Broker consent and audit records: the permissions you grant, commission rate, consent version and date, and an append-only log of which guest information a broker viewed, when, and how | Record your consent to share a unit with a broker, and keep a permanent record of any access to guest information. See Section 5. |
Automatic and technical data
| What | Why |
|---|---|
| Audit metadata: created/updated timestamps and which user created or edited a record | Keep an accurate history of who changed a booking and when. |
| Crash and error diagnostics (via Sentry) | Find and fix crashes and errors. This is scrubbed of personal information and is off by default. See Section 7. |
Calendar sync configuration
If you configure external calendar sync, we store the provider you chose and the external calendar identifier. Full two-way calendar sync is still in development; we will update this policy before that feature carries data off your device.
3. How we use information
We use the information above to:
- create and secure your account and sign you in;
- provide the app's core features — listings, availability, reservations, your CRM, receipts, and team access;
- send you the notifications you enable;
- keep an accurate audit history of changes and of any broker access to guest data;
- diagnose crashes and keep the app reliable; and
- comply with law and enforce our terms.
We do not use your data or your guests' data for advertising, and we do not sell it.
4. Guest data entered by owners (your responsibility)
The guest information in the app is entered by you about your guests. For that data, you are the controller and 770 Stays is your processor. You are responsible for:
- collecting and using your guests' information lawfully;
- informing your guests about how you handle their data;
- entering accurate information and keeping it up to date; and
- responding to your guests' requests to access, correct, or delete their information (you can edit or delete any guest record directly in the app).
Please only enter guest information you are permitted to hold, and avoid putting sensitive personal details into free-text notes.
5. When information is shared with third parties
We share information only with the service providers and parties needed to run the app, or when you direct us to. Here is the complete list.
Service providers (processors acting for us)
- Supabase — our core infrastructure provider. Supabase hosts and processes essentially all app data: the database, authentication (email and social sign-in), file storage, and server functions. Supabase acts as our processor to provide the service.
- Sentry — receives crash and error reports so we can fix problems. These reports are scrubbed of personal information and are only active on production builds. See Section 7.
- Expo Push Notification service — when you enable notifications, this service receives your device's push token and the notification content in order to deliver reminders to your device. Reminder content can include a guest's first or full name in the notification text; that text passes through the push service to reach your device.
Sign-in providers
- Apple (Sign in with Apple) and Google (Google sign-in) — if you choose one of these, the provider confirms your identity to us and shares your email (and, for Apple, your name) so we can create or access your account. Apple also distributes the app through the App Store.
Brokers (only with your explicit, per-unit consent)
770 Stays includes an optional broker feature that lets you grant a separate business (a broker/מתווך) limited, cross-account access to specific units, so the broker can bring you bookings that land in your own account. This sharing:
- happens only when you explicitly grant it, per unit, and is immediately revocable by you at any time;
- by default lets the broker see only that unit's occupancy (dates, booking status, and a guest's first name);
- reveals a guest's full name and phone only for stays the broker actually brokered, or if you separately grant the broker permission to view guest contact details; and
- is fully audited — every time a broker views guest information, an append-only record is kept of what was viewed, when, and how.
To keep that record accurate, the broker access log is retained even if the broker later deletes their own account, and bookings a broker brought to you remain in your account. This preserves your record of who accessed your guests' information.
Broker sharing requires a signed data-processing agreement with the broker before it is enabled.
Public property photos — please read
Property and interior photos you upload are stored in a publicly readable location and are served at public web links without any login or authentication. This is what allows listing links and shared cards to display images. It also means anyone who has the link can view the image. Do not upload photos that show guests or other information you do not want to be publicly viewable.
Legal and safety
We may disclose information if required by law, to comply with a valid legal request, or to protect the rights, safety, or property of our users, the public, or us.
Features not yet active
Some integrations are planned but not yet built — for example, AI-assisted broker tools, WhatsApp/messaging, Google/Apple calendar sync, iCal import/export, and email sending. We will update this policy before any of these begins handling your data. In particular, any AI processing of guest information will be introduced only with a separate, explicit consent that is distinct from broker consent, and only after we disclose the AI provider in this policy.
6. Payments
770 Stays does not process payments and does not integrate any payment processor. There is no Stripe, PayPal, or similar service in the app.
Everything payment-related in the app is tracking only: you manually enter amounts (final price, currency, deposit, down payment) and pick a status (for example, no payment, down payment, or fully paid; and deposit none/received/returned). Receipts store an optional U.S. billing identity you type (bill-to, company, street, city, state, ZIP, and tax ID/EIN).
No card number, CVV, expiration date, or bank-account information exists anywhere in the app.
7. Error tracking and analytics
We use Sentry to detect and fix crashes and errors. Sentry is configured to protect privacy:
- it collects errors only — no product analytics or behavioral tracking;
- it is set to not send default personal information;
- it redacts sensitive parts of technical requests (for example, database query text that could contain a guest-name search) and does not attach request headers or bodies (which could contain tokens or personal data); and
- it is off by default and runs only on production builds when explicitly configured — it is completely dormant in development builds.
We do not use advertising or marketing analytics SDKs.
8. Data retention and account deletion
Retention. We keep your data for as long as your account is active, or as long as needed to provide the service. You can delete individual records (listings, reservations, customers, and so on) at any time directly in the app. Certain audit and de-duplication logs — such as the broker access log and the notification log — are intentionally retained even after related records are deleted, for up to 24 months, so that your record of who accessed guest information and what was sent stays accurate. Where the law requires, we may keep certain records longer to meet legal obligations.
Account deletion. You can delete your entire account from within the app (Settings → Delete Account). This deletion is:
- immediate and permanent — it cannot be undone;
- self-only — the request is tied to your own signed-in session, so you can only ever delete your own account, never someone else's; and
- cascading — deleting your account removes your profile, properties, rooms, reservations, additional services, customers, team members and their access, push tokens, notification log, receipts, guest reviews, calendar sync settings, and related data.
We also make a best-effort deletion of your uploaded property photos from storage. Please note one limitation: photos uploaded by a team member under a different account may not be removed by this automatic cleanup. Account deletion does not fail if photo cleanup fails.
For the reasons described in Section 5, the broker access log survives a broker's account deletion (with the broker's identity unlinked), and bookings a broker brought to an owner remain in the owner's account, so the owner keeps a complete and accurate record.
9. Children
770 Stays is intended for apartment owners and their team members, who are adults. The app is not directed to children, and is intended for users age 18 and older (or the age of majority in your jurisdiction, if higher — matching our Terms of Service). We do not knowingly create accounts for, or collect personal information from, children as users, and there is no child-facing feature.
The app does allow an owner to record, as part of a booking, the number of children in a booking party and their ages (ages only — no names or other identifying details of minors). This information is entered by the owner about their guests, for occupancy and capacity purposes. If you believe a child's personal information has been provided to us in a way that violates applicable law, please contact us at contact@770stays.com and we will address it.
10. How we protect your data
We use industry-standard safeguards, including:
- Encryption in transit — data moving between the app and our servers is encrypted (HTTPS/TLS).
- Authentication — passwords are stored only as secure bcrypt hashes; sign-in is handled by our authentication provider.
- Row-Level Security — the database is scoped so that, in general, users can access only their own account's data.
- Least-privilege access and audit logging for sensitive actions such as broker access to guest information.
No method of transmission or storage is 100% secure, and we cannot guarantee absolute security. Remember that any property photo you upload is served at a public link (Section 5).
11. Your rights and choices
Depending on where you live, you may have rights to access, correct, delete, or export your personal information, and to object to or restrict certain processing.
- Access and correction — you can view and edit your account information and most of your content directly in the app.
- Deletion — you can delete individual records at any time, and you can delete your entire account from Settings → Delete Account (see Section 8).
- Notifications — you can turn push notifications off from your device settings.
- Broker sharing — you can revoke a broker's access to any unit at any time.
- Sign-in providers — you can manage or revoke Apple/Google connections from your Apple or Google account settings.
For guest data, remember that the owner is the controller: a guest who wants to access, correct, or delete their information should contact the owner who holds it, and the owner can act on that request directly in the app.
To exercise any right or ask a question, contact us at contact@770stays.com. We will respond as required by applicable law and may need to verify your identity first. We will not discriminate against you for exercising your rights.
12. Where your data is stored
Your data is stored and processed on cloud infrastructure operated by our provider, Supabase. 770 Stays is built for and operated in the United States, and we host your data in a United States region.
13. International users
770 Stays is intended for users in the United States. If you access the app from outside the United States, understand that your information will be transferred to, stored in, and processed in the United States, where data-protection laws may differ from those in your country. By using the app, you consent to this transfer and processing. Where required, we rely on appropriate safeguards for any such transfer.
14. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Effective date" above and, where appropriate, notify you in the app. Before introducing any new data-sharing practice — such as AI processing or new integrations — we will update this policy first, and where the change requires it, ask for your consent. Your continued use of the app after an update means you accept the revised policy.
15. Contact us
If you have any questions, requests, or concerns about this Privacy Policy or your data, contact:
Yosef Yarhi dba 770 Stays Email: contact@770stays.com