This Privacy Policy explains how handpikt(“we”, “us”) collects and uses personal data when you visit handpikt.io, use our platform as a hotel/host (“customer”), or open a perks guide we power on a host's behalf (“guest”).
1. Who is responsible
For our marketing site and customer accounts, handpikt is the data controller. For guest data uploaded by a host (guest names, emails, booking references), the host is the controller and handpikt acts as a processor on their instructions.
2. What we collect
- Account data — name, email, password hash, company details.
- Guest data — name, email, hotel/booking reference, the perks issued and redeemed. Provided by the host or their booking system.
- Billing data — handled by Stripe; we store only a customer/subscription reference, never card numbers.
- Usage & device data — only with your consent (see Cookies), via Google Tag Manager / analytics.
3. How we use it
- To provide the service: send perks guides, issue QR tickets, track redemptions, show analytics.
- To take payment and manage subscriptions.
- To secure the service and prevent abuse.
- With consent, to understand usage and improve the product.
4. Cookies & consent
Essential cookies (session, security) are always on — they're required to run the site. Analytics and marketing cookies load only after you opt in; we use Google Consent Mode v2, so tracking stays disabled until you accept. You can change your choice anytime via .
5. Sub-processors
We share data with vetted providers only as needed to run the service:
- Stripe — payments & subscriptions.
- Resend — transactional & perks emails.
- Google — Wallet passes, Maps venue lookup, Tag Manager / Analytics (consent-gated).
- Apple — Wallet passes.
- Our hosting / infrastructure provider.
6. Retention
We keep account and guest data for as long as the account is active, then delete or anonymise it within a reasonable period after closure, unless law requires otherwise.
7. Your rights
Subject to the GDPR and local law, you may access, correct, export, or delete your data, and object to or restrict certain processing. Guests should contact the host first; we'll assist the host in responding. Email hello@handpikt.io for any request.
8. International transfers
Some providers may process data outside your country; where they do, appropriate safeguards (e.g. EU Standard Contractual Clauses) apply.
9. Changes
We'll update this page when our practices change and revise the date above.
10. Contact
Questions: hello@handpikt.io.