Privacy Policy

Protecting your data is a priority for MyStay. This policy explains, in plain language, what data we collect, how we use it and what rights you have.

Last updated: April 2026

1. Who is the data controller

MyStay is the data controller for personal data collected through mystay.co and associated services.

For any privacy-related matter or to exercise your rights, please contact us at info@mystay.co.

2. What data we collect

We only collect data that is strictly necessary to provide our services and to meet legal obligations. Specifically:

  • Identification and contact data (name, email, phone, address).
  • Property data (location, characteristics, licensing documents where applicable).
  • Website usage data (pages visited, device, IP address, cookies).
  • Payment data handled through our payment processor (Stripe) — we never store card details on our systems.
  • Communications exchanged with us (email, chat, phone).

3. How we use your data

  • To deliver the services you have contracted (property management, distribution, invoicing, guest support).
  • To respond to information requests, estimates or meeting bookings.
  • To send service-related communications (transactional and, with your consent, marketing).
  • To improve website performance and service quality through aggregated analytics.
  • To comply with legal, tax and accounting obligations.

4. Legal basis

We process your data under one of the following GDPR bases: (i) performance of a contract with you; (ii) compliance with legal obligations; (iii) legitimate interests of MyStay (e.g. site security); (iv) your consent, where applicable (e.g. newsletters).

5. Who we share your data with

We only share your data with third parties when strictly necessary to deliver the service or to comply with the law, namely:

  • Distribution platforms (Booking.com, Airbnb, Vrbo and others) for listing and booking management.
  • Payment processors (Stripe) to issue payouts.
  • Technology providers (hosting, email, analytics) bound by data processing agreements.
  • Public authorities when legally required (SEF/AIMA, Tax Authority, INE).

6. International transfers

Some of our providers may process data outside the European Economic Area. In those cases, we make sure appropriate safeguards are in place, such as the Standard Contractual Clauses approved by the European Commission.

7. How long we keep your data

We retain your data only for as long as necessary for the purpose for which it was collected and to comply with legal retention obligations (for example, 10 years for tax documents). After that, data is deleted or anonymised.

8. Your rights

Under the GDPR you have, at any time, the following rights over your data:

  • Access — know what data we hold about you.
  • Rectification — correct inaccurate or outdated data.
  • Erasure — request deletion of your data, where applicable.
  • Restriction and objection to processing.
  • Portability — receive your data in a structured format.
  • Withdraw your consent at any time, without affecting the lawfulness of previous processing.
  • Lodge a complaint with the Portuguese Data Protection Authority (CNPD).

9. Cookies

We use essential cookies for the site to work and, with your consent, analytics and marketing cookies. You can manage your preferences at any time through your browser settings.

10. Changes to this policy

This policy may be updated to reflect legal changes or service improvements. The latest version is always available on this page, with the date of the last update.

11. Contact

To exercise your rights or ask any privacy-related question, contact us at info@mystay.co or by phone on +351 221 450 773.