Overview & scope
This Privacy Policy describes how ArbiBase, LLC ("ArbiBase," "we," "us," or "our") collects, uses, shares, and protects information when you access or use our website at https://arbibase.com, our portal, APIs, and any related services (collectively, the "Services"). By using our Services, you agree to this Policy and our Terms of Service. If you do not agree, please discontinue use.
This Policy applies to all users of the Services, including property operators, coaches, and landlords. For data collected via our Data Processing Addendum (DPA), the DPA governs where it conflicts with this Policy.
Information we collect
Personal information
- Name, email address, and phone number.
- Billing and subscription details (processed securely by Stripe).
- Account preferences, login data, and communication settings.
Business & property information
- Company or brand name; role (operator, coach, landlord).
- Property details (address, rent, terms, restrictions, approval status).
- Verification records (voice, written, or digital consent documentation).
- Operator-submitted comps: reported ADR, occupancy, and revenue figures.
Usage & device data
- Pages visited, actions taken, referring URLs, and timestamps.
- IP address, browser type, device model, and approximate city/region.
- Cookies and campaign identifiers (UTMs, analytics IDs).
Third-party sources
- CRM tools, automation, and scheduling integrations you connect.
- Payment processors (Stripe) — billing and fraud-prevention signals.
- Partner databases and public property records you authorize us to import.
You may choose not to share certain data, but some features may not function properly without it.
How we use information
We use information to:
- Provide, maintain, and improve our verified-property platform.
- Operate subscriptions, billing, and customer accounts.
- Communicate with you about updates, security, or marketing (with consent where required by law).
- Verify property permissions and maintain database accuracy.
- Detect fraud, enforce our Terms, and comply with legal obligations.
- Analyze usage and produce aggregate statistics to improve platform performance.
Anonymized & aggregated use
We may anonymize and aggregate data (e.g., occupancy rates, market ADR trends) for analytics or benchmarking. This data cannot identify any individual user or unit and may be shared publicly or with partners.
Communications & consent
By providing your contact information, you consent to receive service-related emails and texts (e.g., billing, security, support). Marketing messages require opt-in consent where required by law. You may unsubscribe at any time or reply "STOP" to SMS. Standard message and data rates may apply.
Legal bases (EEA / UK)
When EU or UK GDPR applies, we process personal data under one of the following lawful bases:
- Contract
- To deliver the Services you request and operate your subscription.
- Legitimate interest
- To operate, secure, and improve the platform; prevent fraud and abuse.
- Consent
- For marketing emails, analytics cookies, or SMS where required by law. You may withdraw consent at any time without affecting prior processing.
- Legal obligation
- For tax, regulatory, or law-enforcement compliance.
Data retention & security
We retain data only as long as needed for operational or legal purposes. After retention ends, data is anonymized or securely deleted.
- Account & operator data
- 90-day export window after cancellation, then deleted from production within 30 days and from backups within 90 additional days.
- Billing records
- 5 years (for tax compliance).
- Verification records
- Active lifetime of the property listing.
- Usage logs & telemetry
- Up to 12 months, then anonymized.
Security measures
We use encryption at rest (AES-256) and in transit (TLS 1.2+), role-based access controls, and automated alerting for anomalous activity. No system is 100% secure, but we continuously review and improve our controls. You are responsible for maintaining the security of your own credentials.
Data breach notifications
If a data breach occurs that affects your personal information, ArbiBase will promptly investigate, contain, and notify affected users and the appropriate authorities as required by:
- Florida Information Protection Act (FIPA) § 501.171;
- California Civil Code § 1798.82; and
- New York SHIELD Act § 899-bb.
Notification will be sent to the email address on your account. We will include the nature of the breach, the categories of data affected, and steps we are taking to remediate it.
Your rights (GDPR / CCPA / CPRA)
Depending on your location, you may have the right to:
- Access — request a copy of the personal data we hold about you.
- Correction — request that inaccurate information be corrected.
- Deletion — request that we delete your personal data, subject to legal retention requirements.
- Portability — receive a machine-readable copy of your data.
- Withdraw consent — opt out of marketing communications at any time.
- Opt out of sharing for targeted advertising — as defined under CPRA.
- Limit use of sensitive data — where applicable under state law.
B2B communications
If you interact with us solely as a business representative (operator, coach, landlord), some consumer privacy rights may not apply, but your data remains protected under this Policy.
Florida & New York residents
We will notify you of any security breach affecting your personal information within the statutory time frames prescribed by FIPA and the NY SHIELD Act.
International transfers
ArbiBase is based in the United States. If you access our Services from outside the U.S., your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country.
Where required by applicable law (e.g., GDPR), we use Standard Contractual Clauses (SCCs) and other appropriate safeguards to protect cross-border data transfers.
Children's privacy
The Services are intended for users who are at least 18 years old. We do not knowingly collect personal information from children under 13. If we discover that we have inadvertently collected such data, we will delete it immediately. If you believe we have collected information from a child, please contact us at privacy@arbibase.com.
"Do Not Track"
There is currently no universally accepted standard for how websites should respond to browser "Do Not Track" (DNT) signals. We do not currently respond to DNT signals, but we monitor regulatory developments and will update this Policy if a recognized standard emerges.
You can limit tracking at any time through our cookie consent banner and your browser's privacy settings.
Automated decision-making & AI use
We do not make decisions with significant legal or similarly significant effects solely through automated means without human review. We may use AI-assisted filters to detect duplicate property submissions, flag potentially fraudulent data, or improve data quality. These systems are human-supervised and limited to internal data quality improvements.
Where EU/UK GDPR applies, you have the right not to be subject to solely automated decisions that produce legal or similarly significant effects. To exercise this right, contact privacy@arbibase.com.
Changes to this policy
We may update this Policy periodically. The "Last revised" date at the top of this page reflects the most recent revision. For material changes, we will provide at least 14 days' advance notice to active account holders via email, and for California users at least 30 days' notice where required by law.
Continued use of the Services after a revised Policy takes effect constitutes acceptance. If you do not agree, you may close your account before the effective date.
Contact & compliance
To exercise your rights, submit a privacy request, or report a concern, contact us:
ArbiBase, LLC
1111b South Governors Ave STE 48151
Dover, DE 19904 US
privacy@arbibase.com
support@arbibase.com
+1 (844) 939-3594
Compliance statement
ArbiBase complies with:
- Florida Information Protection Act (FIPA)
- California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
- New York SHIELD Act (§ 899-bb)
- EU / UK General Data Protection Regulation (GDPR)
We review our data-protection measures annually and maintain auditable records of compliance activities.