Privacy Policy

1. Categories of Personal Information We Collect

We collect the following categories of personal information:

A. Identifiers

• Name
• Email address
• Phone number
• Mailing address
• IP address
• Account login credentials

B. Commercial Information

• Reservation history
• Payment and billing information
• Services purchased
• Transaction records

C. Internet or Network Activity

• Website usage data
• Device and browser information
• Log data
• Interaction with emails or communications

D. Professional Information

• Employer or business name
• Professional background
• Social media profiles
• Information about creative or professional projects

E. Sensitive Personal Information

We may collect limited sensitive personal information, including:

• Payment card details
• Government-issued identification (where required for verification)

Government-issued identification may be collected and stored digitally and/or physically for identity verification, fraud prevention, safety, and compliance with applicable lodging requirements. Such information is stored securely and retained only as long as required by law or operational necessity.

We use sensitive personal information only as reasonably necessary to provide services, process payments, comply with legal obligations, and ensure property safety.

We do not use sensitive personal information for profiling or advertising purposes.

2. Sources of Information

We collect personal information:

• Directly from you (applications, bookings, forms, communications)
• Automatically through website cookies and tracking technologies
• From service providers (payment processors, booking platforms)
• From third parties where legally permitted

3. How We Use Personal Information

We use personal information to:

• Process residency applications and reservations
• Communicate regarding bookings and services
• Provide check-in instructions and operational updates
• Process payments and prevent fraud
• Maintain property safety and security
• Improve our services
• Comply with legal and regulatory obligations
• Send marketing communications where you have provided consent or where otherwise permitted by applicable law

4. Disclosure of Personal Information

We do not sell your personal information.

We do not share your personal information for cross-context behavioral advertising.

We may disclose personal information to:

• Payment processors
• Property management and booking systems
• Cloud hosting providers
• Email and SMS communication providers
• IT and security vendors
• Professional advisors (legal, accounting)
• Law enforcement or regulators where required

Text messaging originator opt-in data and consent will not be sold or shared with any third parties.

5. California Privacy Rights (CPRA Notice)

If you are a California resident, you have the following rights:

Right to Know

You may request:

• Categories of personal information collected
• Categories of sources
• Business purpose for collection
• Categories of third parties disclosed to
• Specific pieces of personal information held about you

Right to Delete

You may request deletion of personal information, subject to legal exceptions.

Right to Correct

You may request correction of inaccurate personal information.

Right to Limit Use of Sensitive Personal Information

You may request that we limit use of sensitive personal information to what is necessary for providing services.

Right to Opt-Out of Sale or Sharing

We do not sell or share personal information as defined by California law.

Right to Non-Discrimination

We will not discriminate against you for exercising your privacy rights.

To exercise your rights, contact: privacy@frontiertower.io

We will respond to verifiable consumer requests within 45 days as required by California law, subject to permitted extensions.

We may verify your identity before responding.

6. Additional Rights for Individuals in the European Economic Area (EEA), United Kingdom, and Switzerland

If you are located in the European Economic Area, United Kingdom, or Switzerland, the following provisions apply:

Legal Basis for Processing

We process personal data for the purposes described in this Policy under the following legal bases:

• Performance of a contract (to provide lodging and related services, including identity verification where required)
• Compliance with legal obligations
• Legitimate interests (such as safety, fraud prevention, and service improvement)
• Consent, where required (such as marketing communications)

International Data Transfers

Personal data may be transferred to and processed in the United States. Where required, we implement appropriate safeguards such as standard contractual clauses or other approved transfer mechanisms to protect personal data in accordance with applicable law.

Your Rights

Subject to applicable law, you may have the right to:

• Access your personal data
• Rectify inaccurate data
• Erase personal data
• Restrict processing
• Object to processing
• Data portability
• Withdraw consent where processing is based on consent

Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

To exercise these rights, contact privacy@frontiertower.io.

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority in your country of residence if you believe your data protection rights have been violated.

7. Data Retention

We retain personal information only as long as reasonably necessary to fulfill the purposes described in this Policy, comply with legal and regulatory obligations, resolve disputes, and enforce agreements.

• Fulfilling reservations and services
• Complying with tax, accounting, and legal obligations
• Resolving disputes
• Maintaining security records

Reservation and financial records may be retained in accordance with state and federal tax requirements.

When determining retention periods, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure, the purposes for processing, and applicable legal requirements.

8. Data Security

We implement administrative, technical, and organizational safeguards designed to protect personal information. However, no system is completely secure.

9. Video Surveillance

For safety and security purposes, we may use video surveillance systems in common areas of our property. Surveillance footage is used for security, incident investigation, and compliance purposes and is retained for a limited period consistent with operational needs, incident investigation requirements, and applicable laws.

10. Cookies and Tracking Technologies

We use cookies and similar technologies, including analytics tools to:

• Enable website functionality
• Analyze usage trends
• Improve user experience

You may control cookies through your browser settings. Disabling cookies may affect website functionality.

11. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from minors.

12. Changes to This Policy

We may update this Privacy Policy periodically. Updates will be posted with a revised "Last Updated" date.

13. California "Shine the Light" Notice

Under California Civil Code Section 1798.83, California residents may request information regarding disclosure of personal information to third parties for direct marketing purposes.

Superhero Hospitality LLC does not disclose personal information to third parties for their own direct marketing purposes.

14. Contact Information

Superhero Hospitality LLC

825 Sutter Street, San Francisco, CA 94109

Email: privacy@frontiertower.io