This policy applies to:
- Property operators (managers and staff) who use ResortLog to run their property.
- Guests whose information is entered into the app by property operators during check-in or booking.
2.1 — Account & Authentication Information
When you register or log in to ResortLog, we collect:
- Email address
- Password (stored as a secure hash via Firebase Authentication — we never store plain-text passwords)
- Authentication tokens (stored locally on-device for persistent login sessions)
2.2 — Property Information
Information you provide about your property:
- Property name, tagline, address, city, state, PIN code
- Contact phone number and email address
- GSTIN and PAN (for GST-compliant invoice generation)
- Property logo image
- Check-in / check-out times and other property-level settings
- Configurable add-on services and billing preferences
2.3 — Room Information
Details about rooms at your property:
- Room number, name, type (Standard, Deluxe, Suite, Cottage, etc.)
- Floor, bed type, capacity (adults and children)
- Base price per night and weekend price
- Amenities list and description
- Room-level check-in and check-out times
2.4 — Guest Information
Guest details entered by property operators during booking or check-in:
- Full name, phone number, WhatsApp number, email address
- Date of birth, gender, nationality
- Full address (street, city, state, PIN code)
- Government-issued ID proof type (Aadhaar, Passport, Driving Licence, Voter ID, PAN) and ID number
- Photographs of ID documents (front and back images) — stored locally on-device
- Face photograph of the guest — optionally captured during check-in for identification purposes
- Emergency contact name and phone number — collected during check-in
- Vehicle details (e.g. registration number) — optionally collected during check-in
- Guest tags (VIP, Repeat, Corporate, Blacklisted)
- Internal notes added by the property operator
Note: Guest information is entered solely by the property operator for the purpose
of guest registration and legal compliance with local hospitality regulations (Form C requirements).
ResortLog does not independently collect guest data directly from guests.
2.5 — Booking & Stay Information
Records of bookings created in the app:
- Check-in and check-out dates and actual arrival/departure timestamps
- Number of adults and children
- Room assigned and booking reference number
- Booking status (Pending, Confirmed, Checked-In, Checked-Out, Cancelled, No-Show)
- Booking source (Walk-in, Phone, OTA)
- Add-on services added to the stay
- Special requests and internal notes
2.6 — Billing & Payment Information
Financial records associated with bookings:
- Room charges, add-on charges, fees (early check-in / late checkout)
- GST amounts (CGST, SGST) if billing is enabled
- Discounts applied and reasons
- Total amount, amount paid, balance due
- Payment mode (Cash, UPI, Card, Bank Transfer, Cheque)
- Payment timestamps
Important: ResortLog does not collect, store, or transmit full
credit/debit card numbers, CVV codes, UPI PINs, or bank account numbers. Payment mode labels
(e.g. "Card", "UPI") are stored for record-keeping only.
2.7 — Device & Technical Information
- Device type and operating system (Android)
- App version
- Crash logs and error data (used internally to improve app stability — not shared with third parties)
ResortLog requests the following Android device permissions. Each permission is used only for its stated purpose:
-
📷
Camera
Used during check-in to capture photographs of guest ID documents (front and back) and an optional face photo of the guest. Also used to capture the property logo image.
-
🖼️
Media Library / Photo Gallery (Read)
Allows selecting images from the device gallery as an alternative to the camera when capturing ID documents, guest photos, or the property logo.
-
💾
Media Library / Storage (Write)
Used when you choose to save a generated invoice PDF or a guest ID image to your device's storage or gallery.
-
🌐
Internet Access
Required for Firebase Authentication (login/register) and for syncing property data to the cloud.
No unnecessary permissions.
ResortLog does not request access to your contacts, location, microphone, call logs, or SMS.
All permissions are requested only when the relevant feature is first used.
ResortLog uses a local-first storage model. All data is stored on your device by default. Cloud sync via Firebase is used for account authentication:
| Data Type | Where Stored |
|---|
| Rooms, guests, bookings, payments, property settings |
SQLite database on-device (primary, offline-first) |
| ID document photos, guest photos, property logo |
On-device local storage (file system) |
| Login credentials / authentication |
Firebase Authentication (Google) |
| Session tokens |
On-device only (AsyncStorage — never leaves the device) |
| Generated invoice PDFs |
On-device (temporary, in app cache; saved to gallery only on your explicit request) |
Authentication is handled by Firebase (Google Cloud) and is subject to
Google's Privacy Policy.
All data transmitted to Firebase is encrypted in transit via TLS/HTTPS.
We use the information collected to:
Provide the service — manage rooms, bookings, guests, and billing for your property.
Authentication — verify your identity and keep your account secure.
Reporting — generate occupancy reports, revenue summaries, and billing statements for your own use.
Invoice generation — produce GST-compliant PDF invoices using booking and payment data stored locally on-device.
App improvement — use anonymised crash and error logs to diagnose and fix bugs.
We do not:
- Sell, rent, or trade your data or your guests' data to third parties.
- Use guest data for advertising or marketing purposes.
- Profile guests or property operators for commercial use.
- Share data with any third party except as described in Section 6 below.
We do not share personal data with third parties except in the following limited circumstances:
- Firebase / Google: For authentication services. Only email address and authentication tokens are shared with Firebase. Booking, guest, and payment data is stored locally on your device and is not sent to Firebase.
- WhatsApp / Share Sheet: When you tap Share Invoice in the checkout screen, the generated PDF is shared via Android's share sheet to apps of your choice (e.g. WhatsApp, email). This sharing is initiated entirely by you. Sahoo Soft Technologies does not transmit or receive the shared file — it goes directly from your device to the recipient app.
- Legal obligations: If required by applicable law, court order, or government authority in India.
- Account data: Retained in Firebase as long as your account is active.
- Booking, guest, and room records: Stored on-device indefinitely until you delete them within the app or uninstall the app.
- Records deleted within the app: Removed from local storage immediately upon deletion.
- Account deletion: Upon receiving a valid data deletion request (see Section 9), all associated data is permanently deleted within 7 business days.
As a property operator using ResortLog, you have the following rights:
- Access — view all data stored in the app at any time within the app itself.
- Correction — edit any inaccurate or incomplete guest, booking, or property data directly within the app.
- Deletion — delete individual records (guests, bookings) within the app, or request full account deletion (see Section 9).
- Export — export your booking and guest data as CSV files using the Reports screen.
- Withdrawal of consent — discontinue use of the app at any time. As data is stored locally, uninstalling the app removes all local data.
Guest rights: If a guest requests access to or deletion of their data, the property operator is responsible for fulfilling that request using the tools available within the app (edit/delete guest profile).
If you wish to permanently delete your account and all associated data, please send an email to:
Please include the following in your email:
- The email address registered with your ResortLog account
- Your property name (for verification)
We will process your request within 7 business days and send a confirmation
once deletion is complete. Deletion is irreversible — all data will be permanently
removed from Firebase and cannot be recovered.
ResortLog is intended for use by adult property operators and managers (18 years and above).
We do not knowingly collect personal information from children under the age of 13.
Guest records may include children's details (e.g. number of children in a booking) as required
for hospitality management — these are entered by the adult property operator and not by the child.
If you believe a child's personal information has been improperly entered, please contact us
using the deletion email in Section 9.
We take reasonable steps to protect your data, including:
- HTTPS/TLS encryption for all data transmitted to/from Firebase.
- Firebase Authentication with secure password hashing — plain-text passwords are never stored.
- Firebase Security Rules to restrict access so only the authenticated property account can read its own data.
- Local SQLite database is stored in app-private storage — not accessible by other apps on the device.
- No unnecessary data is transmitted over the network — all operational data (bookings, guests, payments) stays on-device.
However, no method of electronic storage or internet transmission is 100% secure.
We encourage you to use a strong password and keep your login credentials confidential.
In accordance with the Information Technology (Intermediary Guidelines and Digital Media Ethics Code)
Rules, 2021, and applicable Indian data protection regulations, we have appointed a Grievance Officer
to address any complaints or concerns regarding the processing of your personal data.
This Privacy Policy is governed by and construed in accordance with the laws of India, including
the Information Technology Act, 2000 and the Information Technology (Amendment) Act, 2008, and
applicable rules thereunder.
Any disputes arising under this policy shall be subject to the exclusive jurisdiction of the courts
of India.
We may update this Privacy Policy from time to time. When we do, we will update the
"Last updated" date at the top of this page. We encourage you to review this policy
periodically. Continued use of the app after changes constitutes your acceptance of the
revised policy.
If you have questions or concerns about this Privacy Policy or how your data is handled, please contact us:
ResortLog