Legal
Privacy Policy
Last updated: 18 May 2026
Who we are
MaxBooking.com is operated by hospitality applications s.r.o., a company registered in the Czech Republic. In this policy, we refer to MaxBooking.com as "MaxBooking", "Max", "we", "us" or "our".
For privacy questions or requests, use our contact form and choose "Privacy, legal or company information".
Our role
MaxBooking provides booking-engine software to accommodation properties such as hostels, hotels and other accommodation providers. When a guest submits a booking through a property's MaxBooking-powered booking page, the booking agreement is between the guest and that property. The property decides why booking data is needed and how long it must be kept for its accommodation, administration, bookkeeping and legal purposes.
For that guest booking data, MaxBooking normally acts as a processor on behalf of the property. We store and process the data to provide the booking-engine tools the property uses to receive, manage and fulfil bookings. We do not use guest booking data for our own marketing.
MaxBooking acts as a controller for personal data we process for our own purposes, including property account management, service security, abuse prevention, support, legal compliance and operation of this website.
Personal data we process
Guests may provide their name, email address, phone number and postal address when submitting a booking through a property's booking page. The booking record may also include booking dates, selected accommodation, booking status and related operational information needed by the property.
Property owners and managers may provide company name, company email address, company address and manager email address when creating or using a MaxBooking account.
We may process technical information such as IP address, device and browser information, security events and logs where needed to keep the service secure, prevent abuse and operate the booking engine.
Payments
MaxBooking supports the property's payment setup through Stripe Connect. Each property has its own connected Stripe account and is the merchant of record for guest payments. MaxBooking does not see or store card numbers, card security codes or other full payment credentials.
Payment information is collected and handled by Stripe under Stripe's own terms and privacy notices. We share only the information needed to support the payment flow.
Why we process data
We process personal data to provide and operate MaxBooking's booking-engine software, support property accounts, help properties use their booking-page and dashboard tools, respond to support requests, maintain security, prevent abuse, comply with legal obligations and protect our rights and the rights of our customers.
Where we act as controller, our legal bases include performance of a contract, compliance with legal obligations and our legitimate interests in operating, securing and improving the service. Where a property is the controller, the property is responsible for identifying the applicable legal basis for its use of guest booking data.
Service providers and recipients
We share personal data only where needed to provide the booking-engine software, support the property's payment flow, maintain security, comply with law or follow the instructions of the relevant property. Recipients may include the booked property, payment provider, email/service communication providers, security providers and support providers.
We use bot-protection and security tools, currently including Cloudflare Turnstile, to help protect booking and signup forms from abusive automated traffic.
We do not sell personal data, and we do not share guest booking data with third parties for advertising.
Cookies and analytics
We do not currently use advertising cookies, analytics cookies, tracking pixels or marketing analytics tools on MaxBooking.com. Security tools may use technical measures that are necessary to protect forms and booking flows from abuse.
International transfers
MaxBooking hosts booking data in the European Union. Some service providers, including Stripe and Cloudflare, may process data in other countries where they operate. Where personal data is transferred outside the European Economic Area, we rely on appropriate safeguards such as adequacy decisions, standard contractual clauses or other lawful transfer mechanisms.
Retention
Guest booking data is kept for as long as needed by the relevant property for accommodation administration, bookkeeping, legal claims and related business records, or until the property instructs us to delete or anonymise it where deletion is legally and technically possible.
Property account data is kept while the property account is active and afterwards where needed for legal, accounting, security or dispute-resolution purposes. Technical logs and abuse-prevention records are kept only for as long as reasonably needed to protect the service, investigate abuse and comply with legal obligations.
We may keep anonymised booking statistics that no longer identify an individual.
Security
We use technical and organisational measures designed to protect personal data, including access controls, encryption, secure infrastructure and abuse-prevention controls. No online service can guarantee absolute security, but we work to protect the data entrusted to MaxBooking.
Your rights
Depending on the circumstances, you may have the right to request access to your personal data, correction, deletion, restriction of processing, portability, objection to processing and withdrawal of consent where processing is based on consent.
If your request relates to a booking with a specific property, we may need to forward or refer the request to that property because it controls the booking relationship and related record-keeping obligations.
You also have the right to lodge a complaint with a data protection authority. In the Czech Republic, the supervisory authority is the Office for Personal Data Protection.
Automated decisions
We do not use personal data to make decisions based solely on automated processing that produce legal or similarly significant effects. We do use security and abuse-prevention tools, including IP based controls, to protect the service from abusive traffic.
Changes
We may update this policy from time to time. The latest version will be published on this page.