Host Privacy Policy

Last Updated: March 26, 2025

1. Introduction

The 88th Day Pty Ltd (ABN 17 944 507 152) (“we”, “us” or “The 88th Day”) respects your privacy and is committed to protecting the personal information of our Hosts. This Host Privacy Policy (“Privacy Policy”) explains how we collect, use, disclose, and safeguard personal information of individuals who use the Host side of our platform (stay.the88thday.com) and related services. It also describes your rights regarding your personal information and how you can contact us with questions or concerns.

We manage personal information in an open and transparent way in accordance with the Australian Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs). In line with APP requirements, this Privacy Policy sets out the types of personal information we collect, how and why we collect and use it, the parties we disclose it to (including those overseas), and how you may access or correct your information or make a privacy complaint. We aim to be clear and straightforward in explaining our privacy practices.

By using the The 88th Day Host platform, you consent to the practices described in this Privacy Policy. We may update this Policy from time to time; we will notify you of any significant changes and post the latest version on our website. We encourage you to read this Policy carefully and contact us if you need any clarification.

2. What Personal Information We Collect

We only collect personal information that is reasonably necessary for providing our services to Hosts and operating the Platform. The types of personal information we may collect and hold about Hosts include:

  • Identity Information: Such as your full name, date of birth, and identity verification details. For example, we may request copies of your driver’s license, passport, or other identification documents during account verification. If you represent a business, we may collect your business name or ABN and evidence that you are authorized to act on its behalf.
  • Contact Details: Including your email address, telephone number, and mailing address. We use these to communicate with you about your account, bookings, and platform updates. We may also collect your emergency contact details for safety purposes (if you choose to provide them).
  • Accommodation Listing Information: Details about the property you are listing, which might indirectly include personal information. For instance, if you list your home, the property address could be considered personal information. We also record the description of your accommodation, photos you upload, availability calendar, house rules, pricing, and other listing content that you provide. Some of this content may contain personal information (for example, if a photo shows family pictures, or if your house rules mention personal details). We advise you to review and remove any unnecessary personal info before uploading content.
  • Financial and Payout Information: Information needed to process payments to you. This includes your bank account details (account holder name, BSB, account number) or other payout information you provide in Stripe Connect. We do not collect or store full credit card numbers for payouts (Stripe handles any necessary bank or card details through its secure systems), but we may store records of your payout transactions. If required by law (e.g., for tax reporting), we might also collect your tax file number (TFN) or GST status, but we will only do so with your consent and in accordance with the law.
  • Verification and Background Data: As part of Host onboarding or ongoing compliance, we may collect additional data such as references, professional licenses, or certifications if relevant (e.g., if a local law requires proof of a permit to host). We may also receive results of checks (identity verification status from third-party services, or sanctions lists if any) to confirm your eligibility.
  • Usage Data and Device Information: When you use our Platform, we automatically collect technical information about your use. This may include:
    • Log and Usage Data: Date and time of your visits, pages or screens viewed, actions taken (such as updating a listing or responding to a booking request), referral URLs, errors encountered, and other system activity.
    • Device Information: Details about the device and software you use to access our Platform, such as IP address, browser type, operating system, device model, unique device identifiers, language preference, and version of our app (if applicable).
  • Cookies and Tracking: We use cookies and similar technologies to collect information about your interactions with the Platform. Cookies help us recognize you, remember your preferences, and analyze site traffic. For example, we may use Google Analytics or similar tools that use cookies to track user behavior on our site. You can manage cookie preferences through your browser settings, but note that disabling cookies may affect certain features of our Platform.
  • Communications: Copies of communications we have with you. If you contact us (for support, feedback, or disputes), we will collect the information you provide in that correspondence (such as your inquiries, compliments, or complaints). We also process messages that you exchange with Travellers through our Platform’s messaging system – these messages are monitored for trust and safety purposes and to assist in dispute resolution if needed.
  • Transactional Information: Records of bookings you are involved in as a Host – including booking dates, accommodation details, prices, cancellations, and associated correspondence. We keep this to manage bookings and for record-keeping.
  • Marketing Preferences: If you subscribe to receive marketing communications or newsletters from us, we will record that and any preferences you express (for example, what type of updates you want to receive). You can opt out of marketing at any time as described below.

We will generally collect personal information directly from you, for example when you fill out forms on our website, communicate with us, or input information into your Host profile and listings. In some cases, we may collect information from third parties: for instance, from Stripe for identity verification or account setup (Stripe may provide us confirmation of your KYC completion or updated payout status), or from public sources (if we need to verify license information with a government registry). We may also get information about you from Travellers (for example, if a Traveller provides feedback about you or reports an issue).

You do not have to provide personal information we request. However, if you choose not to provide certain details, we may not be able to register you as a Host or allow you to use certain features. For example, without identity verification, we might not permit you to list accommodations; without contact info, we cannot communicate with you; without payout details, we cannot pay you for bookings.

3. How We Use Your Personal Information

We collect and use Hosts’ personal information for purposes necessary to run our marketplace and provide services to you. These purposes include:

  • Providing the Platform Services: We use your information to create and maintain your Host account, to enable you to list accommodations, and to facilitate bookings with Travellers. For example, we use identity and contact info to register your account and listings, listing info to display to potential Travellers, and schedule data to manage bookings. We also use your information to communicate with you about bookings (e.g., sending booking requests, confirmations, or cancellations).
  • Payment Processing: We use financial and identification information to set up payouts through Stripe Connect and to ensure you get paid. Your bank details are used to route payments to you. We also generate records of payouts and fees for accounting purposes. Stripe may use your info (like identity data and bank account) to perform required verification under financial regulations (e.g., “Know Your Customer” checks) and to process payments to you.
  • Verification and Trust & Safety: Information you provide (identity docs, profile info) is used to verify your identity and eligibility to operate as a Host, fostering trust on the platform. We may use personal information to conduct screening (such as checking against watchlists or verifying permits with authorities if required by law). We also monitor user communications and behavior on the Platform to detect and prevent fraudulent activity, violations of our Terms, and other misuse. For example, automated systems may scan messages for scam indicators, or we may review a Host’s background if an issue is reported. This is done to keep our community safe.
  • Communicating with You: We use your contact information to send important account and transactional communications. These include: service emails for verification, booking inquiries and confirmations, check-in instructions, payout notifications, and updates to our terms or policies. We might also send you promotional communications about new features, tips for Hosts, surveys, or special offers, but only if you have not opted out of such messages. You can control marketing emails by using the unsubscribe link in them. Transactional communications (related to bookings and account security) are necessary and will be sent even if you opt out of marketing.
  • Facilitating Communications with Travellers: When you have a confirmed booking, we may share certain info with the Traveller (e.g., your first name, listing location/address, and contact phone number) to coordinate the stay. We use your information in our system to route messages or calls between you and the Traveller through the Platform (for privacy, we may proxy contact details).
  • Improving and Personalizing our Services: We analyze usage data and feedback to improve the Platform’s functionality and user experience. For instance, we might review how Hosts navigate our site or where they encounter problems to refine those areas. We may also use data to personalize the service for you, such as recommending relevant resources or suggesting pricing tips based on your location and past bookings.
  • Advertising and Marketing: We may use some of your content (like listing photos or summary) and public profile information in our marketing materials to promote The 88th Day (for example, showcasing a variety of host listings on our homepage or social media accounts). We will not expose sensitive personal info for marketing without consent. We might also send you marketing tailored to you (like if you often host certain types of travellers, we might invite you to related events or programs). You can opt out of receiving direct marketing at any time, as mentioned above.
  • Customer Support: If you reach out with questions, bug reports, or disputes, we will use your information to investigate and respond. This may involve accessing your account details, booking records, and prior communications. If needed, we will also contact you through your provided channels to resolve issues.
  • Legal Compliance and Enforcement: We may process your personal information to comply with legal obligations, such as responding to a lawful subpoena or data request, fulfilling business record-keeping requirements, or satisfying obligations under the Australian Privacy Act or other laws. We also use and retain data as necessary to enforce our Terms and policies, to resolve disputes, or to detect/prevent fraud or other illegal activities (for example, we may retain evidence of fraudulent behavior or a breach to use in potential legal claims, or provide information to law enforcement if someone is suspected of engaging in criminal conduct).
  • Data Analytics: We may aggregate and anonymize personal information (so it no longer identifies you) to generate statistical insights. For instance, we might compile data on average Host earnings by region, or the number of bookings per host. This aggregated data can be used to understand trends, improve our business, or share with business partners. It does not contain personal information once anonymized.

We will not use your personal information for purposes other than those described above without your consent, unless we are required or permitted by law to do so. If we need to use your data for a new purpose, we will update this Privacy Policy and notify you as needed.

4. How We Disclose or Share Personal Information

The 88th Day will never sell your personal information to third parties. However, in the course of providing our services, we do share personal information with others in certain circumstances. The main instances where Host information may be disclosed are:

  • To Travellers: As noted, to facilitate bookings we share necessary Host information with the Traveller who is booking or inquiring. This typically includes your public profile (photo, first name, Host bio if you provide one) and listing details that you have published. Once a booking is confirmed, we provide the Traveller with the Host’s full name (if needed for check-in), the property address, and contact information (phone and/or email) to coordinate arrival. We do not publicly display your contact details on the listing, and Travellers only receive that after booking to protect your privacy. Traveller reviews of you will be posted on your listing profile, which include the Traveller’s first name and last initial and their feedback. If you respond to a review, that response (which may contain your personal info if you include it in text) will be visible to platform users.
  • Stripe and Payment Processors: We share personal and financial information with Stripe, our payment processor, as needed to enable payouts and process transactions. This includes your identity details and bank account information used in Stripe Connect onboarding. Stripe acts as a data processor for payments; they use and store this info to facilitate transactions, perform anti-fraud checks, and meet legal obligations (like anti-money laundering laws). Stripe may also share back with us certain data (e.g., your Stripe account ID, verification status, payout records). Stripe’s handling of personal information is governed by their own privacy policy. By hosting on our platform, you agree to your information being sent to and processed by Stripe for these purposes.
  • AWS and IT Service Providers: Our Platform is built on third-party cloud infrastructure and services. In particular, we use Amazon Web Services (AWS) for our servers and file storage, MongoDB Atlas for our databases, and Google Firebase for certain application functionality (such as real-time updates, notifications, and authentication). These service providers may host or process personal data on our behalf, which means your data may be stored on their servers. We have agreements in place to ensure they protect your data. AWS and MongoDB Atlas may store data in Australia or abroad. Firebase (by Google) often involves servers in the United States. Because of this, your personal information may be transferred to and stored on servers in countries outside Australia. (See Section 5 below for more on this.) Rest assured, these providers are reputable companies with strong security practices, and we take steps (like encryption and access control) to safeguard your data within these systems.
  • Other Third-Party Service Providers: We may also use additional third-party services to help us operate the business, which could have access to personal information. Examples include:
    • Email and Communication Tools: Services like email delivery providers, SMS gateways, or customer support software.
    • Analytics and Marketing: Tools like Google Analytics or marketing platforms that manage mailing lists.
    • Verification Services: If we use a third-party identity verification or KYC service to validate Host identities.
    • Professional Advisors: Lawyers, accountants, auditors bound to confidentiality.

    In all cases, we only share the minimum information necessary and ensure contracts require secure handling. Service providers are not permitted to use your information for their own purposes.

  • Within Our Corporate Group: If The 88th Day Pty Ltd has affiliates or parent/subsidiary companies, we may share information within that group for business operations, consistent with this Policy.
  • Business Transfers: If we undergo a merger, acquisition, or asset sale, your personal information may be transferred as part of the deal, subject to this Policy or notice of changes.
  • Legal Requirements and Protection of Rights: We may disclose personal information when required by law, legal process, or government request. We may also share information to protect our rights, property, safety, or those of others, or to investigate fraud or violations. We will limit disclosure to what is necessary.

Apart from the scenarios above, we will not disclose your personal information to a third party unless we have your consent or it is otherwise allowed under the APPs. If we ever want to share your information in a way not covered by this Policy, we would seek your permission first.

5. Do We Disclose Personal Information Overseas?

Yes, some of the personal information we collect may be disclosed to or stored by our service providers in overseas locations. As noted, our key service providers (Stripe and Firebase) are based in the United States, meaning host personal information (identity details, bank info, usage data, etc.) will likely be stored on or transit through servers in the USA. Additionally, if we engage any contractors or support staff located overseas, they may access host data from their country.

We recognize that Australian Privacy Principle 8 imposes obligations when sending personal information outside Australia. Before disclosing information overseas we will take reasonable steps to ensure the overseas recipient does not breach the APPs. This is typically done through contractual agreements requiring them to handle information in line with Australian privacy standards. Large providers like AWS, MongoDB, Stripe, and Firebase maintain robust security certifications.

However, overseas jurisdictions may not have privacy laws equivalent to Australia’s. In some cases, if an overseas recipient mishandled personal information, you might not have the same recourse. By using our Platform, you consent to your information being transferred to servers and third parties in the United States and other countries as necessary for us to provide our services. We will assume responsibility for ensuring our overseas partners protect your info (unless APP 8 does not require it, which is rare). In summary, we will ensure overseas recipients are bound to protect your data to an equivalent level as in Australia. If you have questions, please contact us.

6. Data Security and Storage

Security Measures: We take the security of your personal information seriously and implement reasonable technical, administrative, and physical controls to protect it from misuse, interference, loss, and unauthorized access, modification or disclosure. Measures include password protection, encryption (HTTPS/TLS, hashed passwords), firewalls, access controls, staff training, and secure infrastructure (AWS, MongoDB).

Despite all efforts, no method is 100% secure. You play a part by using a strong password and reporting suspicious activity.

Data Retention: We retain your personal information for as long as necessary for the purposes collected, unless a longer period is required by law. We keep account information while active. After account closure, certain data may be stored for legal compliance (e.g., financial records), dispute resolution, or backup/business continuity. We take reasonable steps to destroy or de-identify information when no longer needed. Backups may persist for a short time after deletion from active systems.

Notifiable Data Breaches: We comply with Australia’s Notifiable Data Breaches (NDB) scheme. If an “eligible data breach” occurs (unauthorized access/disclosure/loss likely to result in serious harm), we will promptly assess it and notify you and the Office of the Australian Information Commissioner (OAIC) as required. Notifications include details of the breach and recommended response steps. We have a data breach response plan for containment and remediation.

By using our Platform, you acknowledge these security measures and limitations. Contact us immediately if you suspect your data is insecure.

7. Your Rights and Choices

Under Australian privacy law, you have certain rights regarding the personal information we hold about you:

  • Access: You have the right to request access to your personal information. Much is available via your Host account. For comprehensive reports, contact us. We will verify identity and respond within a reasonable period, providing reasons if access is refused as permitted by law. A reasonable fee may apply for complex requests (notified in advance).
  • Correction: If you believe information is incorrect, incomplete, or outdated, you can request correction. Edit details via your account or contact us. We will take reasonable steps to amend it or explain why if we cannot (and note your request).
  • Deletion/Erasure: While there's no blanket "right to be forgotten" in Australia, we honor requests to delete information where feasible and legally permissible. Closing your account triggers deletion/anonymization per our retention policy, subject to legal/operational needs.
  • Withdrawal of Consent: Where processing relies on consent (e.g., marketing), you can withdraw it anytime (unsubscribe links, account settings, or contact us). Withdrawal doesn't affect past processing; if consent is vital for service, we may need to cease providing it (we will advise).
  • Anonymity: Generally not practicable for Hosts due to trust/safety needs requiring verifiable identity. You can control public profile display (e.g., first name only).
  • Complaints: You have the right to complain if you believe we've mishandled your information (see Section 8 below).

To exercise these rights, contact our Privacy Officer (details below). We may need identity verification. We aim to respond within 30 days. We do not charge for inquiries or corrections; access charges are limited to cost recovery for complex requests.

8. Privacy Complaints and Inquiries

If you believe we have breached your privacy rights, please contact us first to resolve the issue:

  • Email: Contact our Privacy Officer at privacy@the88thday.com or our support email, mentioning “Privacy Complaint/Inquiry” in the subject. Provide details.
  • Mail: Write to The 88th Day Pty Ltd, Attn: Privacy Officer, Adelaide, South Australia.

Our Response Process: We will acknowledge receipt (aiming for 5 business days), investigate thoroughly, and respond in writing (usually within 30 days) with the outcome and any resolution plan. Complex issues may take longer, with updates provided.

If unsatisfied, you can escalate to the Office of the Australian Information Commissioner (OAIC) after attempting resolution with us (or after 30 days). Visit oaic.gov.au for details.

9. Children’s Privacy

Our Host platform is intended for adults (18+). We do not knowingly collect personal information from individuals under 18 for hosting. If you are aware a minor has registered as a Host, please contact us so we can delete their information.

10. Updates to This Privacy Policy

This Privacy Policy may be updated periodically. We will notify Hosts of material changes (e.g., via website notice or email). The “Last updated” date at the top indicates the latest version. Please review periodically. Continued use after changes implies acceptance; if you disagree, stop using the Platform.

11. Contact Us

If you have questions or comments about this Host Privacy Policy, contact us:

  • Email (Support): support@the88thday.com
  • Website: Via the contact form on our site.

Your trust is important, and we are committed to protecting your privacy.