Privacy Policy

1. Introduction

Eastern Shore Technologies LLC, a Maryland limited liability company doing business as “South EST” (“South EST,” “we,” “us,” or “our”), operates a white-label loyalty platform for independent hotels and hospitality businesses. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you visit our website, use our platform, or interact with loyalty programs powered by South EST. By using our services, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

We collect different categories of information depending on how you interact with our platform:

Lead and Inquiry Information

When you submit a lead form, request a demo, or use our ROI calculator, we collect your name, email address, and company or property name.

Loyalty Program Data

For guests enrolled in loyalty programs operated by our hotel partners, we collect and store stay data (check-in dates, property names, nightly rates), points balances and earning history, tier status, badges earned, redemption history, and feedback submitted through the platform.

Account Information

When you create a loyalty member account, we collect your email address, a password (which is cryptographically hashed and never stored in plain text), and optional profile information such as your name, phone number, birthday, and home address.

Usage and Device Data

We automatically collect certain information when you access our platform, including pages visited and interactions with the application, device type, browser type, and operating system, IP address, and referring URLs and access timestamps. This data is collected to maintain platform security and improve performance.

3. How We Use Information

We use the information we collect to:

• Operate and administer loyalty programs on behalf of our hotel partners, including tracking stays, awarding points, managing tier status, and processing reward redemptions.
• Send transactional emails such as welcome messages, post-stay confirmations, reward notifications, and account security alerts via our email service provider.
• Communicate with prospective hotel clients who have submitted inquiries or requested demos of our platform.
• Analyze platform usage to improve performance, fix bugs, and develop new features.
• Generate aggregated, anonymized analytics for our hotel partners to help them understand loyalty program performance.
• Comply with legal obligations and enforce our terms of service.

4. Service Providers

We use the following third-party service providers to operate our platform. These providers access personal data only as necessary to perform their services and are contractually obligated to protect it:

• Supabase — Database hosting, user authentication, and real-time data services. Member account credentials and loyalty program data are stored in Supabase's cloud infrastructure.
• Resend — Transactional email delivery. Resend processes recipient email addresses and email content to deliver messages such as welcome emails, post-stay summaries, and reward notifications.
• Vercel — Application hosting and content delivery network (CDN). Vercel serves the platform application and may process IP addresses and request metadata in the course of delivering content.
• Cloudflare — DNS management and security services. Cloudflare routes traffic to our platform and provides protection against malicious activity.

5. Cookies and Local Storage

Our platform uses the following browser storage mechanisms:

• Authentication session cookies — Set by Supabase Auth to maintain your login session. These are strictly necessary for the platform to function and expire when your session ends or after a set period of inactivity.
• localStorage — Used to store UI preferences such as dark mode settings and application state. This data remains on your device and is not transmitted to our servers.

We do not use third-party tracking cookies, advertising cookies, or analytics cookies. We do not participate in ad networks or cross-site tracking.

6. Data Sharing

We do not sell your personal data. We have never sold personal data and have no plans to do so.

We share personal data only in the following circumstances:

• With hotel partners: Guest loyalty data (stay history, points, tier status, redemptions) is shared with the hotel partner that operates the loyalty program you are enrolled in. Each hotel partner acts as a data controller for their guests' information, and South EST acts as a data processor on their behalf.
• With service providers: As described in Section 4, our service providers access data only to the extent necessary to provide their services to us.
• As required by law: We may disclose personal data if required to do so by law, regulation, legal process, or governmental request.

7. Data Retention and Deletion

Lead form data is retained for the purpose of sales follow-up and business development. If you submitted a lead form and would like your information removed, you may contact us at the email below.

Loyalty member data is retained for as long as the loyalty program operated by the hotel partner remains active on our platform. This includes stay history, points balances, tier status, badges, and redemption records.

Member deletion requests: Loyalty program members may request deletion of their account and associated data by contacting support@southest.info. We will process deletion requests within 30 days, subject to any legal or contractual obligations to retain certain records.

Hotel partner requests: Hotel partners may request a full export of their loyalty program data or request deletion of all data associated with their organization upon termination of their agreement with South EST.

8. Your Rights Under the CCPA (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with the following rights:

• Right to know: You have the right to request that we disclose what categories of personal information we have collected about you, the sources of that information, the business purposes for collecting it, and the categories of third parties with whom we share it.
• Right to delete: You have the right to request that we delete personal information we have collected from you, subject to certain exceptions provided by law.
• Right to opt-out of sale: We do not sell personal information. Because we do not engage in the sale of personal data, there is no need to opt out.
• Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA rights. We will not deny you services, charge you different prices, or provide a different level of service because you exercised your privacy rights.

To exercise any of these rights, please contact us at support@southest.info. We will respond to verifiable consumer requests within 45 days.

9. Your Rights Under the GDPR (EU/EEA Visitors)

If you are located in the European Union or European Economic Area, the General Data Protection Regulation (GDPR) provides you with the following rights regarding your personal data:

• Right of access: You may request a copy of the personal data we hold about you.
• Right to rectification: You may request that we correct inaccurate or incomplete personal data.
• Right to erasure: You may request that we delete your personal data, subject to legal retention requirements.
• Right to restriction: You may request that we restrict the processing of your personal data under certain circumstances.
• Right to data portability: You may request a copy of your data in a structured, machine-readable format.
• Right to object: You may object to the processing of your personal data for certain purposes, including direct marketing.

To exercise any of these rights, please contact us at support@southest.info. We will respond to requests within 30 days as required by the GDPR.

10. Children's Privacy

Our platform is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected personal data from a child under 13, we will take steps to delete that information as promptly as possible. If you believe that a child under 13 has provided us with personal information, please contact us at support@southest.info.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will update the “Last updated” date at the top of this page. We encourage you to review this page periodically to stay informed about how we protect your information. Your continued use of our platform after any changes to this policy constitutes your acceptance of the updated terms.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Eastern Shore Technologies LLC
Email: support@southest.info

We will make every effort to respond to your inquiry within a reasonable timeframe.