← Back to BookCheckin

Privacy Policy

Last updated: 14 July 2026  |  Effective date: June 2026

Summary: BookCheckin processes guest identity documents (passports, national IDs) on behalf of accommodation providers to extract the traveller-registration fields required for mandatory submission to Spain's Ministry of Interior (SES Hospedajes). Document images are used only to extract those fields and are not retained on our servers — only the extracted text fields are stored. We act as a Data Processor under GDPR. This policy explains exactly what data we collect, why, and your rights.

1. Who We Are

BookCheckin (bookcheckin.com) is a Software-as-a-Service platform providing automated guest check-in and regulatory reporting services for accommodation providers in Spain.

Data Controller: The accommodation provider (hotel, hostel, apartment, etc.) that uses BookCheckin to collect Guest data.
Data Processor: BookCheckin, acting on the instructions of the Data Controller.

For questions about this policy: privacy@bookcheckin.com

2. Data We Collect

2.1 Customer Account Data

DataPurposeLegal Basis
Name, email address, usernameAccount creation and authenticationContract performance (Art. 6(1)(b) GDPR)
Google / Apple profile (name, email)Optional sign-in via Google or Apple, where you choose social loginContract performance (Art. 6(1)(b))
Billing details (via Stripe)Payment processingContract performance
Login timestamps, IP addresses, device/user-agentSecurity, session management and fraud preventionLegitimate interests (Art. 6(1)(f))

2.2 Guest Personal Data (processed on behalf of Customers)

This data is particularly sensitive — it includes identity document data. We process it strictly to fulfil the legal obligation of traveller registration under Spanish Royal Decree 933/2021.
Data CategoryExamplesLegal Basis
IdentityFull name, date of birth, nationality, sexLegal obligation (Art. 6(1)(c)) — RD 933/2021
Identity documentDocument type, number, support number. The document scan image is processed transiently to extract these fields and is not stored on our servers (see section 4).Legal obligation (Art. 6(1)(c))
ResidenceAddress, city, postal code, countryLegal obligation (Art. 6(1)(c))
SignatureElectronic signature / declaration captured at check-in (adult guests)Legal obligation (Art. 6(1)(c))
Minors' dataFor children under 14: name, date of birth, nationality, and relationship to the accompanying adult. No identity document or signature is required for under-14s.Legal obligation (Art. 6(1)(c))
ContactPhone, email (guest-provided; may also be imported from the booking)Legitimate interests of the Customer
Stay dataCheck-in/check-out dates, reservation numberLegal obligation + Contract performance

3. How We Use Your Data

4. AI Document Processing

When guests upload identity document images, those images are sent to Anthropic's Claude API (a third-party AI service based in the United States) to extract the document fields required for traveller registration (name, document number, nationality, date of birth, expiry). All images are transmitted over encrypted connections. In accordance with Anthropic's commercial API terms, Anthropic does not use API-submitted data to train its models. Once the required fields have been extracted, the document image is discarded and is not persisted on our servers.

No biometric processing. BookCheckin does not perform facial recognition, and does not carry out any selfie-to-document facial comparison, in the check-in flow. No check-in selfie is requested, and no biometric data (a special category of personal data under Article 9 GDPR) is processed.

Storage of document images. Identity document images are not stored or retained on our servers. They are transmitted to Anthropic's Claude API (with EXIF metadata removed, over an encrypted connection) solely to extract the fields required for traveller registration, and are then discarded. Only the extracted text fields are stored in our database, for the retention period described in section 7, and those text fields are securely deleted when an erasure request is fulfilled. This data is not used for any purpose other than those described in this policy.

For Anthropic's data practices, see anthropic.com/privacy.

5. Data Sharing

We share personal data only in the following circumstances, and only as needed to deliver the service on the Customer's instructions:

RecipientPurposeSafeguards
Spain Ministry of Interior (SES Hospedajes)Mandatory traveller registration (RD 933/2021)Statutory requirement — no transfer safeguard needed
Anthropic (Claude API)AI document field extraction (OCR)Data Processing Agreement; Standard Contractual Clauses for international (US) transfers
Address autocomplete (HERE Technologies; CartoCiudad / IGN-CNIG for Spanish addresses)Where a guest uses the optional address search box, converting the residence address they type into structured suggestions so they can enter an accurate address. Only the typed address text is sent — no name, document, email or other data — and the request is made server-side by BookCheckin, so the provider does not receive the guest's IP address or browser information.Data Processing Agreement; Standard Contractual Clauses for any processing outside the EEA. Used only where the accommodation enables the address search; guests may type their address manually instead.
StripePayment processing (Customer billing only)SCCs; PCI-DSS compliant
Property Management Systems / channel managers (e.g., Amenitiz)Importing reservation and booker details for connected accountsAt the Customer's instruction; Data Processing Agreement
Messaging provider (WhatsApp)Delivering check-in links and notifications to guests, where configuredData Processing Agreement; limited to the contact data needed to send the message
Email delivery providerTransactional and support emailsData Processing Agreement
Google / AppleOptional social sign-in for Customer accountsOnly where the Customer chooses to sign in with Google/Apple
Smart-lock providers (e.g., Nuki, igloohome, TTLock)Issuing access codes for self check-in, where the Customer enables itData Processing Agreement; only the data needed to grant access
Cloud infrastructure (DigitalOcean)Server hosting and databaseData Processing Agreement; servers located in the EU (Frankfurt, Germany)

We do not sell, rent, or share personal data with advertisers or data brokers.

6. International Transfers

Anthropic is based in the United States. Where guest document images are sent to Anthropic's API to extract the required fields, this constitutes a transfer outside the EEA. This transfer is governed by Standard Contractual Clauses (SCCs) as adopted by the European Commission. Our servers and database are hosted within the EU (Frankfurt, Germany).

Where a guest uses the optional address search, the address text they type may be processed by HERE Technologies (owned by a European consortium). To the extent any such processing occurs outside the EEA, it is governed by Standard Contractual Clauses under HERE's Data Processing Agreement. Address search for Spanish addresses uses CartoCiudad, a service of Spain's National Geographic Institute (IGN-CNIG), processed within the EU.

7. Data Retention

Data TypeRetention PeriodReason
Guest identity records3 years from date of staySpanish regulatory requirement (RD 933/2021; Ley Orgánica 4/2015)
Identity document imagesNot retained — processed transiently to extract the required fields, then discarded (see section 4)Images are not stored on our servers
Customer account dataDuration of contract + 2 yearsLegal obligation and dispute resolution
Billing records5 yearsTax and accounting obligations (Spanish law)
Security logs (IP, timestamps)Up to 12 monthsSecurity and fraud detection

8. Security

We implement appropriate technical and organisational measures to protect personal data, including:

In the event of a data breach affecting your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected individuals without undue delay.

9. Your Rights Under GDPR

If you are in the EU/EEA, you have the following rights:

To exercise these rights, contact privacy@bookcheckin.com. We will respond within 30 days.

If you believe we have not handled your data correctly, you have the right to lodge a complaint with the Spanish Data Protection Authority (AEPD): aepd.es.

10. Guest Rights

Guests whose data is processed through BookCheckin should contact the accommodation provider (the Data Controller) to exercise their GDPR rights. The accommodation provider is responsible for responding to such requests. BookCheckin will assist the accommodation provider in fulfilling these requests as required by our Data Processing Agreement.

11. Cookies

BookCheckin uses the following cookies:

CookiePurposeTypeDuration
access_tokenAuthentication sessionhttpOnly, SameSite=Lax (not accessible to JS)Session / configurable
csrf_tokenCSRF protectionSameSite=Lax (readable by JS)Session / configurable

We do not use advertising, analytics, or third-party tracking cookies.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify Customers via email or in-app notification at least 14 days before material changes take effect. The "Last updated" date at the top of this page reflects the most recent revision.

13. Contact

BookCheckin — Privacy Team
Email: privacy@bookcheckin.com
Website: bookcheckin.com