Nusa NovaNUSANOVA

Privacy Policy

Last updated: 27 February 2026

Nusa Nova (“we”, “us”, or “our”) operates nusanova.co and is committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

By using our platform you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

Information you provide directly

  • Account registration — name, email address, password
  • Profile — display name, phone number, profile photo, bio
  • Bookings — check-in/out dates, guest count, payment details (processed by Stripe — we never store card numbers)
  • Communications — messages sent to us via WhatsApp, email, or contact forms
  • Host listings — property details, photos, pricing, availability

Information collected automatically

  • Usage data — pages visited, search queries, filters applied, time on site
  • Device data — IP address, browser type, operating system, referral URL
  • Cookies — session cookies for authentication; analytics cookies for site improvement (see Section 5)

Information from third parties

  • Google Sign-In — name, email address, and profile picture if you choose to sign in with Google
  • Stripe — payment confirmation and tokenised card data for booking transactions

2. How We Use Your Information

We use the information we collect to:

  • Create and manage your account
  • Process bookings and payments
  • Send booking confirmations, reminders, and receipts via email
  • Respond to enquiries and provide customer support
  • Display your listings and match guests to properties
  • Improve our platform, fix bugs, and analyse usage patterns
  • Send marketing communications (only with your consent — you can unsubscribe at any time)
  • Comply with legal obligations

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area, we process your personal data under the following legal bases:

  • Contract — processing necessary to fulfil a booking or provide our service
  • Legitimate interests — improving the platform, fraud prevention, analytics
  • Consent — marketing emails and non-essential cookies
  • Legal obligation — retaining transaction records as required by law

4. Sharing Your Information

We do not sell your personal data. We share information only in the following circumstances:

  • Hosts — guest name and booking details are shared with the property host to facilitate your stay
  • Stripe — payment data is processed by Stripe, Inc. under their own privacy policy
  • Supabase — our database and authentication infrastructure provider
  • Postmark — transactional email delivery
  • Legal requirements — if required by law, court order, or to protect the rights and safety of our users

All third-party service providers are contractually bound to protect your data and use it only for the purposes we specify.

5. Cookies

We use the following types of cookies:

  • Essential cookies — required for authentication and core platform functionality. Cannot be disabled.
  • Analytics cookies — help us understand how visitors use the site (e.g. page views, session duration). You can opt out via your browser settings.
  • Preference cookies — remember your currency and theme preferences

You can control cookies through your browser settings. Disabling essential cookies will prevent you from signing in.

6. Data Retention

We retain your personal data for as long as necessary to provide our services and comply with legal obligations:

  • Account data — retained while your account is active. Deleted within 30 days of account deletion request.
  • Booking records — retained for 7 years for tax and legal compliance
  • Marketing consent — retained until you withdraw consent

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access — request a copy of the data we hold about you
  • Correction — update inaccurate or incomplete data via your profile settings
  • Deletion — request that we delete your account and personal data
  • Portability — receive your data in a structured, machine-readable format
  • Objection — object to processing based on legitimate interests
  • Restriction — request that we limit how we use your data
  • Withdraw consent — unsubscribe from marketing emails at any time

To exercise any of these rights, email us at hello@nusanova.co. We will respond within 30 days.

8. Security

We implement industry-standard security measures including HTTPS encryption, hashed passwords, and role-based access controls. Payment data is handled exclusively by Stripe and is never stored on our servers. While we take every reasonable precaution, no system is completely secure and we cannot guarantee absolute security.

9. International Transfers

Nusa Nova operates from Bali, Indonesia. Our infrastructure providers (Supabase, Stripe, Postmark) may process data in the United States and European Union. Where data is transferred internationally, we ensure appropriate safeguards are in place in accordance with applicable data protection law.

10. Children's Privacy

Our platform is not directed at children under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with their data, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page with an updated date. Continued use of the platform after changes constitutes acceptance of the revised policy.

12. Contact

For any questions, requests, or complaints regarding this Privacy Policy, please contact us:

Nusa Nova

Bali, Indonesia

hello@nusanova.co

www.nusanova.co