Effective: 2026
Privacy Policy
What we collect
Account info (name, email, role, company), property/vendor details you upload, booking history, payment metadata (processed by our payment processor — we do not store full card numbers), and compliance documents (EIN, W-9, COI, license) stored in encrypted private buckets accessible only to you and our compliance team.
Production collaboration data
When you are a member of a production, the following is visible to other members of that production: your display name, member avatar, role/title and color, your online/offline status, what page or production section you are currently viewing ("working on this" indicator), tasks you create or are assigned to, comments you post (including @mentions of teammates), and entries you generate in the activity feed (such as attaching a booking or moving a task). This data is not shared outside the production unless you explicitly share it (e.g. by inviting a new member or exporting a report).
Real-time presence
Presence and "currently viewing" signals are transmitted live while the production page is open in your browser tab. Closing the tab ends the signal. We do not log a long-term history of which page each user viewed at which moment — only durable actions (comments, task changes, member joins, attachments) are recorded to the activity feed.
Map & location data
To display the production map, we send the address, city, state, and ZIP of attached listings and the city and state of attached vendors to Mapbox for geocoding. Mapbox processes this query under their own privacy policy. We do not send guest names, dates, or financial information to Mapbox.
Auth emails (sign-up confirmation, password reset, magic links) and app emails (booking confirmations, invitations, notifications, vendor payment receipts) are sent from notify.setstay.app. Every non-transactional email includes a one-click unsubscribe link. Auth emails (e.g. password reset) cannot be unsubscribed because they are essential to account security.
Biometric authentication
If you enable Face ID / Touch ID / Windows Hello, your biometric template never leaves your device. We store only an opaque public credential identifier in your browser's local storage. Clear it any time by signing out and selecting "Forget this device".
How we use it
To operate the Platform, verify tax-incentive eligibility, comply with law (tax reporting, anti-fraud), and improve the service. We do not sell personal information.
Sharing
With Hosts/Vendors when you book or contract; with other members of any production you join; with state film offices when you request a certified audit report; with service providers (hosting, analytics, payments, mapping, email delivery, background checks) under written confidentiality.
Your rights
Access, correction, deletion, and portability requests: privacy@setstay.app. California, EU, and Canadian residents have additional rights under CCPA/CPRA, GDPR, and PIPEDA respectively.
Retention
Tax and booking records: 7 years (IRS/state audit window). Production activity logs and comments: kept for the life of the production plus 2 years, then anonymized. Other data: until account deletion plus 30 days.