Skip to content

Privacy Policy

Last updated: 2026-06-10

Draft — pending legal review before launch.

This policy explains what information Delning collects when you use the service, how we use it, and the steps we take to keep it protected. It applies to the Delning co-host application and the owner portal hosted on the delning.app domain. By using Delning, you agree to the handling of information described below.

Information we collect

We collect the account information you provide when you sign up, such as your name, email address, and the credentials used to authenticate. We also store the records you enter to run your business: your organization profile, the properties you manage, and the owners you report to. When you import booking files, we process the reservation data contained in those CSV exports from Airbnb and VRBO. We store the expenses you record or import, and the tax identifiers you add for owners so that statements and year-end summaries can be prepared. We collect only the information needed to operate the service for you.

How we use it

We use the information you provide to run the service you signed up for. That means generating owner statements from your reservations and expenses, calculating revenue splits according to the commission terms you configure, sending statements and notifications by email, and operating, maintaining, and supporting the application. We do not use your records to build advertising profiles, and we do not sell your data to anyone.

Encryption at rest

Owner tax identifiers are sensitive, so we encrypt them at rest using AES-256-GCM before they are written to the database. When a tax identifier is displayed in the application it is shown masked, with only the final digits visible, and the full value is decrypted only when you explicitly request it for a permitted purpose such as preparing a tax form.

Encryption in transit

All traffic to and from the delning.app domain is served over HTTPS. Data moving between your browser, the application, and our backend services is encrypted in transit, which helps prevent it from being read or altered while it travels across the network.

Tenant isolation

Delning is a multi-tenant service, and we keep each organization's data separated at the database level. Every record is tagged with the organization it belongs to, and PostgreSQL row-level security policies enforce that one organization cannot read or modify another organization's data. This isolation is applied by the database itself, in addition to the checks performed by the application.

Cookies and analytics

We use cookies that are needed to keep you signed in and to operate the service. For aggregate usage metrics we use Google Analytics, loaded through Google Tag Manager, which helps us understand how the site is used so we can improve it. These metrics are reviewed in aggregate, and we do not sell personal data to advertisers or other third parties.

Data export and deletion

The records you keep in Delning belong to you. You can export your data from the application at any time, and you can request deletion of your account and its associated records whenever you choose. When you request deletion we remove your data from the live service, subject to any short retention required to meet legal or accounting obligations.

Sub-processors

We rely on a small set of trusted service providers to operate Delning. Each processes data only as needed to provide its part of the service:

  • Supabase — database, authentication, and file storage
  • Vercel — frontend hosting
  • Railway — API hosting
  • Resend — email delivery
  • ExchangeRate-API — currency exchange rates
  • Google — sign-in and analytics
  • BetterUptime — uptime monitoring
  • Sentry — error monitoring

Contact

If you have questions about this policy or how your data is handled, reach us at hello@delning.app.