Turnpilot

Privacy Policy

Last updated: July 6, 2026

Turnpilot is an operations platform for short-term rental teams, available at turnpilot.app with the application at dashboard.turnpilot.app (together, the “Service”). This Privacy Policy explains what personal data we process when you use the Service, why we process it, and the rights you have over it.

1. Who we are (data controller)

The data controller responsible for personal data processed through the Service is Turnpilot.

If you have questions about this policy or your data, you can reach us through the support option in your Turnpilot account.

Where your organization uses Turnpilot to manage its own team and operations, your organization determines what operational data is entered into the Service, and Turnpilot processes that data to provide the Service to your organization.

2. Data we process

Account data

When you create an account or are invited to one, we process your name, email address, chosen language, and your role and organization membership within the Service.

Operational data

The Service exists so that teams can run their day-to-day operations. Your organization enters and manages data such as properties and units, cleaning and maintenance tasks, checklists, inventory and supplies, schedules, notes, and work logs. Some of this data may identify individual team members — for example, who completed a task and when.

Photos and videos

Team members may upload photos and videos as part of their work — for example, walkthrough videos, task evidence, or training material. These files are stored and streamed so they can be viewed by authorized members of the same organization.

Usage and technical data

We collect technical logs generated by your use of the Service, such as sign-in events, IP addresses, device and browser information, and error and diagnostic logs. We use this data to keep the Service secure, diagnose problems, and understand how the Service is used at an aggregate level.

Payment data

Subscription payments are handled by Stripe. Your card details are entered directly with Stripe and never touch Turnpilot's systems. We receive only limited billing information from Stripe, such as your subscription status, invoice history, and the last digits of your card for display purposes.

3. Purposes and legal bases

We process personal data under the General Data Protection Regulation (GDPR) on the following bases:

4. Subprocessors and service providers

We use a small number of carefully selected providers to run the Service. They process data on our behalf, under agreements that require them to protect it:

We do not sell personal data, and we do not share it with third parties for their own advertising or marketing purposes.

5. International transfers

Some of our providers process data outside the European Economic Area, including in the United States. Where personal data is transferred outside the EEA, we rely on appropriate safeguards recognized under the GDPR, such as the European Commission's Standard Contractual Clauses and, where applicable, adequacy decisions (including the EU–US Data Privacy Framework for certified providers).

6. Retention

We keep personal data for as long as your account or your organization's account is active. When an account or organization is deleted, associated data is removed from active systems, and residual copies are deleted from backups within a limited period as backup cycles rotate. We may retain limited data for longer where the law requires it — for example, invoicing records kept for accounting purposes — or where it is necessary to establish, exercise, or defend legal claims.

7. Cookies and similar technologies

The Service uses only functional cookies and similar browser storage: keeping you signed in (session and authentication) and remembering your language preference. We do not use advertising cookies, cross-site tracking, or third-party analytics trackers.

8. Security

We apply technical and organizational measures appropriate to the risk, including encryption in transit, access controls that restrict data to members of your own organization, and the security practices of our infrastructure providers. No system is perfectly secure, but we work to protect your data against unauthorized access, alteration, and loss.

9. Your rights

Under the GDPR you have the right to:

To exercise these rights, contact us through the support option in your Turnpilot account. If your data was entered by your organization, we may direct your request to your organization's administrator, since they control that data.

10. Children

The Service is intended for business use and is not directed at children. We do not knowingly process personal data of anyone under 16 through account registration.

11. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the Service or by email before the changes take effect. The “Last updated” date at the top shows when this policy was last revised.