This page explains what data Dormaflow collects, how it's stored, who can access it, and your rights to that data.
Names, contact details, and booking history—stored to run your operations.
When a guest checks in, Dormaflow stores:
What we don't do: We do not share guest data with marketing companies, airlines, or OTAs (except when you manually sync to Booking.com or Hostelworld). We do not use guest data to build profiles or send unsolicited marketing. We do not sell guest contact information. If a guest requests deletion of their data, you can remove them from Dormaflow and their data is permanently deleted from our systems.
Card details are never stored by Dormaflow. Stripe handles all payment data.
When a guest books through your Dormaflow booking page and pays by card, their payment goes directly to Stripe's secure servers. Dormaflow never sees the card number, expiration date, or CVV. Dormaflow only records that a payment was received, the amount, and the date. Stripe stores the encrypted card token and handles PCI compliance. This is the safest way to handle payments online.
Your hostel data is isolated from all other hostels.
If you manage multiple hostels, each one has its own separate workspace. A staff member at one hostel cannot see bookings, guest lists, or operational data from your other hostels. This isolation is enforced at the database level, not just the user interface, so no bug or misconfiguration can accidentally leak data between properties.
We track usage to improve the platform, not to track individuals.
Dormaflow tracks:
What we don't track: We do not track individual keystrokes, form field values, passwords, or guest names. Analytics are aggregated and non-blocking—if tracking fails, your app continues working normally.
Why we do this: Understanding which features solve real problems helps us prioritize development. If check-in fails frequently, we fix it. If the housekeeping queue is slow, we optimize it. Your operational success is our success.
You own your data. We keep it safe. You can export or delete it anytime.
Only your staff members with appropriate roles. Support staff can access your data only with your explicit permission and only to resolve technical issues. We never sell or share your data with third parties.
As long as your Dormaflow account is active. Once you cancel, we retain data for 30 days to allow account recovery. After 30 days, all guest and operational data is permanently deleted. Audit logs are retained for 90 days for compliance purposes.
Yes. You can export all your guest data, bookings, and operational logs as CSV or JSON at any time. No lock-in.
Dormaflow uses trusted partners for specific services.
You have control over your data and your guests' data.