BookCheckin (bookcheckin.com) is a Software-as-a-Service platform providing automated guest check-in and regulatory reporting services for accommodation providers in Spain.
Data Controller: The accommodation provider (hotel, hostel, apartment, etc.) that uses BookCheckin to collect Guest data.
Data Processor: BookCheckin, acting on the instructions of the Data Controller.
For questions about this policy: privacy@bookcheckin.com
| Data | Purpose | Legal Basis |
|---|---|---|
| Name, email address, username | Account creation and authentication | Contract performance (Art. 6(1)(b) GDPR) |
| Google / Apple profile (name, email) | Optional sign-in via Google or Apple, where you choose social login | Contract performance (Art. 6(1)(b)) |
| Billing details (via Stripe) | Payment processing | Contract performance |
| Login timestamps, IP addresses, device/user-agent | Security, session management and fraud prevention | Legitimate interests (Art. 6(1)(f)) |
| Data Category | Examples | Legal Basis |
|---|---|---|
| Identity | Full name, date of birth, nationality, sex | Legal obligation (Art. 6(1)(c)) — RD 933/2021 |
| Identity document | Document type, number, support number. The document scan image is processed transiently to extract these fields and is not stored on our servers (see section 4). | Legal obligation (Art. 6(1)(c)) |
| Residence | Address, city, postal code, country | Legal obligation (Art. 6(1)(c)) |
| Signature | Electronic signature / declaration captured at check-in (adult guests) | Legal obligation (Art. 6(1)(c)) |
| Minors' data | For children under 14: name, date of birth, nationality, and relationship to the accompanying adult. No identity document or signature is required for under-14s. | Legal obligation (Art. 6(1)(c)) |
| Contact | Phone, email (guest-provided; may also be imported from the booking) | Legitimate interests of the Customer |
| Stay data | Check-in/check-out dates, reservation number | Legal obligation + Contract performance |
When guests upload identity document images, those images are sent to Anthropic's Claude API (a third-party AI service based in the United States) to extract the document fields required for traveller registration (name, document number, nationality, date of birth, expiry). All images are transmitted over encrypted connections. In accordance with Anthropic's commercial API terms, Anthropic does not use API-submitted data to train its models. Once the required fields have been extracted, the document image is discarded and is not persisted on our servers.
Storage of document images. Identity document images are not stored or retained on our servers. They are transmitted to Anthropic's Claude API (with EXIF metadata removed, over an encrypted connection) solely to extract the fields required for traveller registration, and are then discarded. Only the extracted text fields are stored in our database, for the retention period described in section 7, and those text fields are securely deleted when an erasure request is fulfilled. This data is not used for any purpose other than those described in this policy.
For Anthropic's data practices, see anthropic.com/privacy.
We share personal data only in the following circumstances, and only as needed to deliver the service on the Customer's instructions:
| Recipient | Purpose | Safeguards |
|---|---|---|
| Spain Ministry of Interior (SES Hospedajes) | Mandatory traveller registration (RD 933/2021) | Statutory requirement — no transfer safeguard needed |
| Anthropic (Claude API) | AI document field extraction (OCR) | Data Processing Agreement; Standard Contractual Clauses for international (US) transfers |
| Address autocomplete (HERE Technologies; CartoCiudad / IGN-CNIG for Spanish addresses) | Where a guest uses the optional address search box, converting the residence address they type into structured suggestions so they can enter an accurate address. Only the typed address text is sent — no name, document, email or other data — and the request is made server-side by BookCheckin, so the provider does not receive the guest's IP address or browser information. | Data Processing Agreement; Standard Contractual Clauses for any processing outside the EEA. Used only where the accommodation enables the address search; guests may type their address manually instead. |
| Stripe | Payment processing (Customer billing only) | SCCs; PCI-DSS compliant |
| Property Management Systems / channel managers (e.g., Amenitiz) | Importing reservation and booker details for connected accounts | At the Customer's instruction; Data Processing Agreement |
| Messaging provider (WhatsApp) | Delivering check-in links and notifications to guests, where configured | Data Processing Agreement; limited to the contact data needed to send the message |
| Email delivery provider | Transactional and support emails | Data Processing Agreement |
| Google / Apple | Optional social sign-in for Customer accounts | Only where the Customer chooses to sign in with Google/Apple |
| Smart-lock providers (e.g., Nuki, igloohome, TTLock) | Issuing access codes for self check-in, where the Customer enables it | Data Processing Agreement; only the data needed to grant access |
| Cloud infrastructure (DigitalOcean) | Server hosting and database | Data Processing Agreement; servers located in the EU (Frankfurt, Germany) |
We do not sell, rent, or share personal data with advertisers or data brokers.
Anthropic is based in the United States. Where guest document images are sent to Anthropic's API to extract the required fields, this constitutes a transfer outside the EEA. This transfer is governed by Standard Contractual Clauses (SCCs) as adopted by the European Commission. Our servers and database are hosted within the EU (Frankfurt, Germany).
Where a guest uses the optional address search, the address text they type may be processed by HERE Technologies (owned by a European consortium). To the extent any such processing occurs outside the EEA, it is governed by Standard Contractual Clauses under HERE's Data Processing Agreement. Address search for Spanish addresses uses CartoCiudad, a service of Spain's National Geographic Institute (IGN-CNIG), processed within the EU.
| Data Type | Retention Period | Reason |
|---|---|---|
| Guest identity records | 3 years from date of stay | Spanish regulatory requirement (RD 933/2021; Ley Orgánica 4/2015) |
| Identity document images | Not retained — processed transiently to extract the required fields, then discarded (see section 4) | Images are not stored on our servers |
| Customer account data | Duration of contract + 2 years | Legal obligation and dispute resolution |
| Billing records | 5 years | Tax and accounting obligations (Spanish law) |
| Security logs (IP, timestamps) | Up to 12 months | Security and fraud detection |
We implement appropriate technical and organisational measures to protect personal data, including:
In the event of a data breach affecting your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected individuals without undue delay.
If you are in the EU/EEA, you have the following rights:
To exercise these rights, contact privacy@bookcheckin.com. We will respond within 30 days.
If you believe we have not handled your data correctly, you have the right to lodge a complaint with the Spanish Data Protection Authority (AEPD): aepd.es.
Guests whose data is processed through BookCheckin should contact the accommodation provider (the Data Controller) to exercise their GDPR rights. The accommodation provider is responsible for responding to such requests. BookCheckin will assist the accommodation provider in fulfilling these requests as required by our Data Processing Agreement.
BookCheckin uses the following cookies:
| Cookie | Purpose | Type | Duration |
|---|---|---|---|
| access_token | Authentication session | httpOnly, SameSite=Lax (not accessible to JS) | Session / configurable |
| csrf_token | CSRF protection | SameSite=Lax (readable by JS) | Session / configurable |
We do not use advertising, analytics, or third-party tracking cookies.
We may update this Privacy Policy from time to time. We will notify Customers via email or in-app notification at least 14 days before material changes take effect. The "Last updated" date at the top of this page reflects the most recent revision.
BookCheckin — Privacy Team
Email: privacy@bookcheckin.com
Website: bookcheckin.com