1.1 Data Controller

When this policy refers to 'Wecostay' or 'we', it means Wecostay as the company responsible for your information under this Privacy Policy ('Data Controller').

1.2 Payment Data Controller

This Privacy Policy also applies to the payment services provided to you by Danal under the Payment Service Terms ('Payment Terms'). When you use those services, you provide your information to that company, which is generally responsible for your payment-related information based on your country of residence.

1.3 Insurance Data Controller

Please refer to the relevant document referenced in the insurance supplemental terms for detailed definitions.

2.1 Information Required to Use the Wecostay Platform

We collect personal information when you use the Wecostay platform. Without this information, we may not be able to provide you with the requested services. This includes:

2.1.1 Contact, Account, and Profile Information

Your name, phone number, mailing address, email address, date of birth, profile photo. Some of these may vary depending on the features you use.

2.1.2 Identity Information

Where appropriate and required by law, we may request images or details of government-issued IDs, passports, driver’s licenses, birthdate, address, email, phone number, digital identity data, and/or selfie. If ID copies are submitted, we extract relevant information. See the Help Center for more on identity verification.

2.1.3 Payment Transaction Information

Payment account, credit card details, bank account info, payment method used, date and time of payment, amount, payment method expiration, billing zip code, PayPal email, IBAN info, your address, and other transaction details.

2.2 Information You Voluntarily Provide

You may voluntarily provide Wecostay with additional personal information including:

2.2.1 Additional Profile Information

Gender, preferred language, city, personal details, additional profile information.

2.2.2 Information About Others

Information on another person’s payment method, contact details, or fellow travelers. By providing such info, you confirm you have the authority and have shared this Privacy Policy with them.

2.2.3 Biometric Information

If you submit ID documents and photos for verification, facial recognition data may be extracted (with your consent, if required). See Help Center for details.

2.2.4 Communication Information

Emails, calls, messages, texts via or through the Wecostay platform. This may include call recordings/transcripts, phone numbers, sender/receiver IDs, account names, routing and log info, per legal requirements.

2.2.5 User-Generated Content

Photos, videos, and other content you choose to submit.

2.2.6 Customer Support Information

Call recordings/transcripts, chat messages, and other support communications collected to investigate concerns and improve service.

2.2.7 Other Information

Data shared via forms, surveys, research, forum posts, promotions, importing address book contacts, providing addresses/locations, business details, and voluntarily provided health data.

2.3 Automatically Collected Information

We collect certain data automatically when you use Wecostay or our payment services. This may include:

2.3.1 Location Information

Depending on your device settings: IP address, GPS, or other device-derived data. If enabled, we may collect location even when the app is not in use.

2.3.2 Usage Data

Searches, bookings, add-ons, access dates, pages viewed or clicked, actions on the platform. We may collect this data even without a Wecostay account or login.

2.3.3 Device Information

IP address, hardware/software data, crash logs, identifiers, message delivery status. Also collected without account/login.

2.3.4 Cookies and Similar Technologies

See our Cookies Policy for more information.

2.4 Information from Third Parties

We may also collect data from other sources:

2.4.1 Third-Party Applications

If you log in using Google, Facebook, WeChat, etc., those services may share your approved profile, contacts, or registration info. Connecting smart locks or similar devices may also share logs and device data.

2.4.2 Corporate Product Invitations & Management

Organizations using our corporate services may provide personal data for account invitations or administration.

2.4.3 Referrals and Companions

If invited to Wecostay by another user, your personal data may be provided by them.

2.4.4 Complainants

If a complaint is filed against you, we may collect information about the issue to review and act appropriately.

2.4.5 Financial Institutions

If you pay via bank transfer, we may receive bank account info and balance details from your financial institution.

2.4.6 Installment and Financing Service Providers

If you opt for installment payments, we may receive data like your payment plan and approved installment amounts from the third-party provider.

2.4.7 Other Sources

To the extent permitted by applicable law, Wecostay may obtain additional information about you—such as identity data, demographic details, or information that may help detect fraud and safety issues—from (i) third-party service providers, other third parties, and/or partners, or (ii) members, other individuals, organizations, or authorities. For example, we may receive identity verification results or fraud alerts from identity verification providers for use in fraud prevention, security investigations, and risk assessments. We may also obtain information about you and your activities both on and off the Wecostay platform from users, the public, government agencies, public institutions, or tax authorities. This may include publicly available information such as social media posts or profiles, as well as information about your usage and interactions from partners. Wecostay may also obtain health-related information, such as data related to infectious diseases.

3.1 Provision of the Wecostay Platform

We may process your information for the following purposes:

• Enabling you to access the Wecostay platform and make or receive payments
• Enabling communication and interaction with others
• Responding to and processing your requests
• Providing customer support services
• Sending messages, updates, security alerts, and account notifications
• Automatically determining your country of residence based on your account info and interaction with the Wecostay platform, as described in the 'Change of Residence Country' section
• Supporting your use of our products and accommodation services

3.2 Improvement and Development of the Wecostay Platform

Wecostay may process this information for the following purposes:

• Conducting analytics, debugging, and research
• Developing and improving our products and services
• Providing customer service training

3.3 Personalization of the Wecostay Platform

Wecostay may process this information for the following purposes:

• Personalizing your experience based on your interactions with the platform, search and booking history, profile info and preferences, and other information you choose to provide
• Customizing your experience using the Wecostay platform

3.4 Protection of the Wecostay Platform and Community

We may process this information for the following purposes:

• Conducting research and eliminating discrimination according to Wecostay’s anti-discrimination policy
• Detecting, preventing, assessing, and resolving fraud and security risks
• Protecting the community from illegal or prohibited activities, including those listed on the Wecostay Safety Policy page
• Verifying or authenticating the information you provide (including identity information), as described in 'Information Required to Use the Wecostay Platform'
• Running checks using databases and other sources (e.g. identity verification)
• Complying with legal obligations and ensuring the health and safety of guests and the public
• Enforcing contracts between Wecostay and third parties
• Determining eligibility for specific types of reservations (e.g. Instant Book)
• Complying with laws, responding to legal requests, preventing harm, and protecting our rights
• Enforcing the Wecostay Terms of Service, Anti-Discrimination Policy, and other policies
• Evaluating your interactions with the platform and information obtained from third parties

In some cases, your account and activity, and related internal and external actions may be analyzed through automated processes. If a safety or other risk is detected, your access to the platform may be restricted.
To contest a decision based on an automated process, please refer to the 'Contact Information' section.

3.5 Advertising, Marketing, and Performance Measurement

We may process this information for the following purposes:

• Sending promotions, advertisements, marketing messages, and other information
• Placing Wecostay ads on advertising platforms, personalizing them, measuring performance, and improving them
• Managing referral programs, rewards programs, surveys, sweepstakes, contests, and other promotions or events sponsored or run by Wecostay or third-party partners
• Analyzing your traits and preferences to send promotional messages, marketing, ads, and other information you may find interesting
• Inviting you to events and related opportunities

3.6 Communication Analysis

3.6.1 Purpose

We may review, scan, or analyze your communications on or through the Wecostay platform for purposes of safety, support, product improvement, and for the reasons listed in the 'Why Wecostay Reviews Messages' section. For example, as part of our fraud prevention activities, we may scan or analyze messages to obscure contact information or references to other websites. Where permitted by law, we may also scan or analyze images uploaded by users in message windows, profiles, listing and experience pages to detect certain illegal or inappropriate conduct (e.g., evidence of child abuse).

3.6.2 Method

Where reasonably possible, we use automated methods. In some cases, communications may be manually reviewed for investigation or customer support purposes.

3.6.3 No Sale

We do not sell the results of our review and analysis of such communications.

3.7 Provision of Payment Services

To enable third parties to use or be granted access to payment services (as defined in the Payment Terms), personal information may be used for the following purposes:

• Processing payments
• Fulfilling contracts with you
• Conducting identity verification
• Detecting and preventing money laundering, fraud, abuse, and security incidents
• Conducting security investigations and risk assessments
• Complying with applicable legal obligations and regulations (such as anti-money laundering laws and sanctions enforcement)
• Enforcing the Payment Terms and other payment policies
• Providing and improving payment services

If you are not a Wecostay user—for example, if a Wecostay user provides your payment card to complete a booking—we may receive your payment information.

4.1 Sharing Based on Your Consent or Instruction

If you authorize a third-party application or website to access your Wecostay account, file an insurance claim, apply for installment or financing services, or participate in promotional activities with our partners or third parties, we will share your information as described at the time of your consent or instruction.

4.2 Recipients of Shared Information

We may share your information with the following types of recipients.

4.2.1 Other Members

To facilitate bookings, interactions, or other engagements between members (including those located in jurisdictions with different data protection standards or using service providers located in such jurisdictions), we may share your information with other members in specific situations as described in the 'Sharing and Disclosure' section.

4.2.2 Wecostay Business Program Partners

If a booking is marked for business or work purposes and the guest is affiliated with a company enrolled in the Wecostay Business Program, Wecostay may share booking-related information with that company to the extent necessary to fulfill our contractual obligations and provide services. If requested, Wecostay may also share such information with third parties hired by the company to provide support services.

4.2.3 Service Providers

We share personal information with affiliated and unaffiliated service providers (including their own service providers) who help us operate Wecostay and comply with laws. This includes providers who assist with:

(i) Verifying your identity or credentials
(ii) Checking information using public databases
(iii) Supporting identity checks, fraud prevention, security investigations, and risk assessments
(iv) Developing, maintaining, and debugging products
(v) Delivering Wecostay services through third-party platforms and tools
(vi) Providing customer service, advertising, or payment services
(vii) Offering additional services you've selected
(viii) Processing and handling insurance claims or similar matters
(ix) Reviewing, scanning, and analyzing communications on the Wecostay platform for specific purposes (see 'Analysis and Sharing of Communications')
(x) Providing installment or financing services through third-party credit providers

These providers are contractually required to protect your information and may only access your personal information as necessary to perform their tasks. We may also disclose information as required by law.

4.2.4 Corporate Affiliates

To support, integrate, promote, or improve Wecostay's platform, payment services, and services offered by our affiliates, we may share your personal information with our parent company (House Sara Co., Ltd.) and other group affiliates.

4.3 Why We Share Your Information

We may share your information for the following purposes.

4.3.1 Public Profile Creation

Information you publicly share on the Wecostay platform may be indexed by third-party search engines. In some cases, you can disable this feature in your account settings. We may publicly display the following types of information:

• Your profile, account details, and derived information
• Approximate or exact descriptions of listing or experience locations, availability, profile photo, demand metrics
• Reviews, ratings, and other public feedback

* Content in community forums, blogs, social media posts, and any other content you make publicly available (including listings displayed on third-party platforms, apps, or websites)

4.3.2 Legal Compliance, Legal Requests, Preventing Harm, and Protecting Our Rights

(i) Disclosure

Where appropriate or required by law, we may disclose your information or communications to courts, law enforcement agencies, government authorities, tax authorities, authorized third parties, or other members to:

• Comply with legal obligations
• Respond to valid legal requests (e.g., subpoenas, court orders)
• Cooperate with criminal investigations or respond to unlawful conduct allegations
• Enforce our Terms, agreements, and other policies
• Investigate potential legal violations, including emergencies involving the risk of death or serious injury
• Respond to actual or potential legal claims involving Wecostay or third parties
• Protect the safety, security, rights, or property of Wecostay, its users, or the public

For more, see our Law Enforcement Guidelines.

(ii) Notification

Where appropriate or legally required, we may notify you about such disclosures unless:

• The legal process, court order, or law prohibits it
• We believe that notification would be futile, ineffective, create risk of harm or fraud, or interfere with legal procedures

4.3.3 Business Transfers

If Wecostay is involved in a merger, acquisition, restructuring, sale of assets, bankruptcy, or insolvency, we may sell, transfer, or share your information as part of such a transaction or its consideration (e.g., due diligence). If your personal data is to be transferred and subject to a different Privacy Policy, we will notify you beforehand.

5.1 Connecting to Third-Party Services

You may connect your Wecostay account to certain third-party services, such as social networks. If you instruct such a connection, the following applies:

• Some information provided from the connected account may be published on your public Wecostay profile.
• Information provided through the connection may be retained, processed, and transmitted for fraud prevention, security investigations, and risk assessment purposes.
• We may share your booking-related information with third-party travel partners and rewards programs.
• The display and posting of information provided through these connections is governed by your settings and consent on both the Wecostay platform and the third-party service.

5.2 Third-Party Service Terms

Wecostay may be partially integrated with third-party services. We do not own or control such third parties. If you interact with or use their services, you are providing your data directly to them. Use of these services is governed by their own terms and privacy policies, including the Google Maps/Earth Additional Terms of Service and Google Privacy Policy (see here for more information on how Google uses data).

6.1 Applicable Data Controller

If you change your country of residence (or state, for U.S. residents), the Data Controller, Payment Data Controller, and/or Insurance Data Controller will be determined based on your new country of residence as of the date of change.

6.2 Transfer Between Data Controllers

To facilitate this change, the Data Controller, Payment Data Controller, and/or Insurance Data Controller that initially collected your information will transfer it to the newly determined Data Controller, Payment Data Controller, and/or Insurance Data Controller. The new controller(s) will continue processing your personal data in accordance with this Privacy Policy (where applicable).

6.3 Applicable Rights

Your country (or state) of residence, as defined by applicable law, may affect which rights you are entitled to exercise.

7.1 Managing Information

You may access and update some of your personal information via your account settings. You are responsible for keeping your information current.

8.1 Retention Period

We retain personal information for as long as necessary or permitted under applicable laws, considering the purposes for which it was originally collected and subsequently processed. Criteria used to determine retention periods include:

• The duration of our ongoing relationship with you and provision of Wecostay services (e.g., as long as you maintain an account or continue using our services), and for any further period necessary for legitimate business needs (e.g., operations, issue resolution, or defending against potential claims)
• Legal, tax, and regulatory obligations that apply to us (e.g., retaining transaction records for a required period under anti-money laundering regulations)
• Where retention is advisable for legal reasons, such as statutes of limitations, litigation, or regulatory investigations, or to protect personal safety

8.2 Shared Information

Information you shared with others (e.g., reviews, forum posts) may continue to be publicly displayed on Wecostay even after your account is deactivated.

8.3 Residual Copies

As part of our backup systems and safeguards against accidental or malicious loss or destruction, residual copies of your personal data may not be immediately deleted and may remain for a limited time.