Privacy Policy

The data controller for your personal data is Filoxenos.gr, operated through the platform at filoxenos.gr. For any queries regarding your personal data, please contact us at: hello@filoxenos.gr

• Account data: Email address and password (stored hashed).
• Integration credentials and connection data: Credentials, tokens, or other connection information needed to connect supported third-party services you choose to enable.
• Booking data: Guest names, check-in/check-out dates, booking amounts, commissions — pulled automatically from your channel manager.
• Accountant details: Name and email voluntarily entered for automated report delivery.
• Email connection data: Credentials for sending emails on your behalf, if you enable email integration.
• Payment data: Payment processing is handled by our payment providers; we do not store full card details.
• Technical data: IP address, browser type, visit timestamps (via essential cookies).

• Contract performance (Art. 6(1)(b) GDPR): Account and booking data are processed to deliver the service.
• Consent (Art. 6(1)(a) GDPR): Gmail and accountant details are processed only after you voluntarily provide them.
• Legitimate interests (Art. 6(1)(f) GDPR): Service improvement and platform security.

• Account data: Until account deletion.
• Booking data: 10 years (required by Greek tax law).
• Accountant & Gmail details: Until deleted by the user.
• Technical logs: 90 days.

Under the General Data Protection Regulation (GDPR), you have the rights of Access, Rectification, Erasure, Portability, Objection, and Restriction. To exercise any of these rights, contact us at hello@filoxenos.gr.

We only use strictly necessary cookies required for the service to function. We do not use tracking or advertising cookies.

We work with trusted service providers that help us operate the platform, such as infrastructure, hosting, authentication, payment, and email-related providers. These providers process data on our behalf only as necessary to deliver the service and under appropriate contractual safeguards. We do not sell personal data.

We use industry-standard technical and organizational measures designed to protect personal data, including encryption, secure transmission, access controls, monitoring, and backup procedures. No method of transmission or storage is completely secure, but we work to protect data appropriately based on the nature of the information processed.