Privacy Policy

We collect information you provide directly, information generated through your use of the Service, and information from third-party sources as described below.

Account Information. When you register for an account, we collect your name, email address, company or organization affiliation, and job title. If you subscribe to a paid plan, we also collect billing address and payment method details (processed by Stripe — see Section 3).

Usage Information. As you interact with the Service, we automatically collect information about your activity, including pages visited, features accessed, search queries submitted, vendor profiles viewed, filters applied, and session timestamps. This data helps us understand how the platform is used and improve the Service.

Payment Information. Subscription payments are processed by Stripe, Inc. Ostrich does not store full credit card numbers or CVV codes on its own servers. We receive and store tokenized payment references, subscription status, and billing history from Stripe.

User-Generated Content. Reviews, ratings, community posts, comments, and other content you submit to the Service are collected and stored. Public content may be visible to other users.

Device and Technical Data. We collect standard log data including your IP address, browser type and version, operating system, referring URLs, and device identifiers to maintain service security, diagnose issues, and detect abuse.

We use the information we collect to:

• Provide, operate, and maintain the Ostrich platform and its features.
• Generate and improve intelligence products, including vendor scores, market benchmarks, and aggregated data reports.
• Send transactional emails (account confirmations, password resets, subscription receipts) and, where you have consented, product updates and newsletters.
• Detect, investigate, and prevent fraudulent activity, abuse, and violations of our Terms of Service.
• Comply with legal obligations and enforce our agreements.

GDPR Legal Basis. For users in the European Economic Area (EEA) or United Kingdom (UK), we process your personal data on the following legal bases:

• Consent — For marketing communications and optional analytics cookies. You may withdraw consent at any time.
• Contract — To fulfill our obligations under your subscription agreement, including account management and billing.
• Legitimate interest — For fraud prevention, platform security, product improvement, and aggregated analytics, where these interests are not overridden by your rights.

We share your information with trusted third-party service providers that help us operate the Service. Each processor is bound by data processing agreements consistent with applicable privacy law.

We do not sell your personal information to third parties, nor do we share it with advertisers or data brokers.

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you the following rights regarding your personal information:

• Right to Know. You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the sources from which it was collected, the business purpose for collection, and the categories of third parties with whom it has been shared.
• Right to Delete. You have the right to request that we delete personal information we have collected from you, subject to certain exceptions (such as data needed to complete a transaction or comply with a legal obligation).
• Right to Opt-Out of Sale. Ostrich does not sell personal information. No opt-out action is required, but you may contact us to confirm this practice.
• Right to Non-Discrimination. You have the right to exercise your privacy rights without receiving discriminatory treatment. We will not deny you services, charge different prices, or provide a different quality of service because you exercised rights under the CCPA.

To exercise any of these rights, please contact us at privacy@ostrichintel.com. We will respond to verifiable requests within 45 days.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) and applicable national implementing laws grant you the following rights:

• Right of Access. The right to obtain confirmation of whether we process your personal data and, if so, to receive a copy of that data.
• Right to Rectification. The right to request correction of inaccurate or incomplete personal data we hold about you.
• Right to Erasure. The right to request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, or where you withdraw consent (and no other legal basis applies).
• Right to Restriction of Processing. The right to request that we limit our processing of your personal data in certain circumstances, such as while the accuracy of data is being contested.
• Right to Data Portability. The right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller.
• Right to Object. The right to object to processing of your personal data based on legitimate interests or for direct marketing purposes. Where you object to direct marketing, we will cease processing immediately.

To exercise any of these rights, contact us at privacy@ostrichintel.com. We will respond within one (1) calendar month. You also have the right to lodge a complaint with your local supervisory authority.

A core component of the Ostrich intelligence platform involves the collection, aggregation, and analysis of publicly available business information. We wish to be transparent about this practice.

Ostrich collects and processes publicly accessible information about vendors and companies operating in the short-term rental industry, including but not limited to:

• Company names, trade names, and brand identities
• Technology products and integrations publicly advertised or disclosed
• Market presence, geographic footprint, and publicly stated customer counts
• Public pricing information and advertised feature sets
• Publicly filed corporate records and registrations

This publicly available business data is not personal data as defined under the GDPR or CCPA. It is used to construct vendor profiles, calculate intelligence scores, and generate market benchmarks for platform users.

If you represent a business listed on Ostrich and believe information about your company is inaccurate, you may submit a correction request to support@ostrichintel.com. Verified business representatives may also claim their listing to manage their profile directly.

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. The following retention periods apply:

• Account data — Retained for the duration of your active account, plus 180 days following account deletion or termination, to allow for re-activation, dispute resolution, and orderly data export.
• Usage data — Retained for 12 months from the date of collection, after which it is deleted or aggregated into anonymized analytics.
• Reviews and community content— Retained indefinitely to preserve the integrity of the platform’s historical record. Where you delete your account, your personal identifying information will be removed and your reviews will be anonymized within the 180-day retention window.
• Payment records— Retained in accordance with Stripe’s retention practices and applicable financial recordkeeping laws (typically 7 years).
• Scraped / public business data — Maintained in active storage for 90 days from the most recent collection cycle, then archived. Archived data may be retained for analytical and historical intelligence purposes.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our privacy team:

We aim to respond to all privacy inquiries within 30 days. For verified GDPR or CCPA requests, we will respond within the statutory timeframes described in Sections 4 and 5 above.