SetStay
Sign in

Effective: 2026

Privacy Policy

What we collect

Account info (name, email, role, company), property/vendor details you upload, booking history, payment metadata (processed by our payment processor — we do not store full card numbers), and compliance documents (EIN, W-9, COI, license) stored in encrypted private buckets accessible only to you and our compliance team.

Production collaboration data

When you are a member of a production, the following is visible to other members of that production: your display name, member avatar, role/title and color, your online/offline status, what page or production section you are currently viewing ("working on this" indicator), tasks you create or are assigned to, comments you post (including @mentions of teammates), and entries you generate in the activity feed (such as attaching a booking or moving a task). This data is not shared outside the production unless you explicitly share it (e.g. by inviting a new member or exporting a report).

Real-time presence

Presence and "currently viewing" signals are transmitted live while the production page is open in your browser tab. Closing the tab ends the signal. We do not log a long-term history of which page each user viewed at which moment — only durable actions (comments, task changes, member joins, attachments) are recorded to the activity feed.

Map & location data

To display the production map, we send the address, city, state, and ZIP of attached listings and the city and state of attached vendors to Mapbox for geocoding. Mapbox processes this query under their own privacy policy. We do not send guest names, dates, or financial information to Mapbox.

Email

Auth emails (sign-up confirmation, password reset, magic links) and app emails (booking confirmations, invitations, notifications, vendor payment receipts) are sent from notify.setstay.app. Every non-transactional email includes a one-click unsubscribe link. Auth emails (e.g. password reset) cannot be unsubscribed because they are essential to account security.

Biometric authentication

If you enable Face ID / Touch ID / Windows Hello, your biometric template never leaves your device. We store only an opaque public credential identifier in your browser's local storage. Clear it any time by signing out and selecting "Forget this device".

How we use it

To operate the Platform, verify tax-incentive eligibility, comply with law (tax reporting, anti-fraud), and improve the service. We do not sell personal information.

Sharing

With Hosts/Vendors when you book or contract; with other members of any production you join; with state film offices when you request a certified audit report; with service providers (hosting, analytics, payments, mapping, email delivery, background checks) under written confidentiality.

Your rights

Access, correction, deletion, and portability requests: privacy@setstay.app. California, EU, and Canadian residents have additional rights under CCPA/CPRA, GDPR, and PIPEDA respectively.

Retention

Tax and booking records: 7 years (IRS/state audit window). Production activity logs and comments: kept for the life of the production plus 2 years, then anonymized. Other data: until account deletion plus 30 days.