Privacy Policy

Sora Luxury Stays is a premium property investment and hospitality company based in the United Kingdom. We operate the website soraluxurystays.com and manage bookings for our curated portfolio of premium properties.

For the purposes of UK data protection law, Sora Luxury Stays is the data controller for the personal information we collect through this website.

When you make an enquiry or booking, we collect your name, email address, phone number, and any additional information you provide in your message.

When you create a member account, we collect your name, email address, and a securely hashed password. If you sign in via Google, we receive your name and email address from Google.

When you make a payment, your card details are processed directly by Stripe. We do not store or have access to your full card number.

When you browse our website, we may collect anonymised analytics data (such as pages visited and session duration) via Google Analytics 4 to help us improve our service.

To process and manage your booking enquiry, and to communicate with you about your stay.

To send you booking confirmations, payment requests, check-in instructions, and other correspondence directly related to your reservation.

To maintain your member account, including saving properties you have bookmarked and your booking history.

To respond to contact form messages and general enquiries.

To improve our website and services through aggregated, anonymised analytics.

We do not use your personal data for marketing purposes without your explicit consent, and we do not sell your data to any third party.

Contract: processing your booking and communicating about your stay is necessary to fulfil our agreement with you.

Legitimate interests: maintaining the security of our website, preventing fraud, and improving our services.

Legal obligation: we may process your data where required to comply with applicable law.

Consent: where we require your consent (for example, for non-essential cookies), we will ask for it explicitly.

We share your information only with trusted service providers who help us operate our business, including:

Stripe — payment processing (governed by Stripe's own privacy policy)

Microsoft 365 — email delivery

Neon — secure database hosting

Vercel — website hosting and infrastructure

Google Analytics — anonymised website analytics

All third-party providers are bound by appropriate data processing agreements and may not use your data for any other purpose.

We retain your booking and guest information for up to 7 years for legal and accounting purposes.

Member account data is retained for as long as your account remains active. You may request deletion of your account at any time.

Analytics data is retained in anonymised, aggregated form and is not linked to individual users.

Our website uses essential cookies to maintain your login session and ensure the website functions correctly. These cannot be disabled without affecting site functionality.

We also use Google Analytics cookies to collect anonymised data about how visitors use our site. These are non-essential and you may opt out by using a browser extension such as the Google Analytics Opt-out Add-on.

We do not use advertising or tracking cookies.

Under UK GDPR and the Data Protection Act 2018, you have the following rights:

Right of access — you may request a copy of the personal data we hold about you.

Right to rectification — you may ask us to correct inaccurate data.

Right to erasure — you may ask us to delete your data, subject to legal retention obligations.

Right to restriction — you may ask us to limit how we use your data.

Right to data portability — you may request your data in a structured, machine-readable format.

Right to object — you may object to processing based on legitimate interests.

To exercise any of these rights, please contact us at info@soraluxurystays.com. We will respond within 30 days.

We take the security of your personal data seriously. All data is transmitted over HTTPS. Passwords are stored as one-way bcrypt hashes and are never visible to us or any staff member.

Access to personal data is restricted to authorised personnel only, and our systems are reviewed regularly for security.

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) and affected individuals as required by law.

Some of our service providers may process data outside the UK or European Economic Area. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or equivalent protections.

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The most current version will always be available on this page, with the date of the last update shown at the top.

If you have any questions or concerns about how we handle your personal data, please contact us at info@soraluxurystays.com.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.