Back to Hostanova
Hostanova

Privacy Policy

Your privacy is important to us. This policy explains how we collect, use, and protect your personal information when you use Hostanova.

Last updated: March 8, 2026

1. Introduction

This Privacy Policy (“Policy”) describes the information practices of CODEXMARK (SMC-PRIVATE) LIMITED (“Codexmark,” “we,” “us,” or “our”) in connection with the Hostanova hotel management platform accessible at hostanova.codexmark.com and all related services, applications, and tools (collectively, the “Service”).

By accessing or using the Service, you consent to the collection, use, and disclosure of your information as described in this Policy. If you do not agree, please discontinue use of the Service immediately.

2. Information We Collect

We collect information to provide, improve, and secure our Service. The types of information we collect include:

2.1 Information You Provide

  • Account Information: Name, email address, phone number, company/hotel name, designation, and password when you register for an account.
  • Hotel & Organization Data: Property details, department structures, room configurations, staff information, and other operational data you enter into the platform.
  • Payment Information: Billing address, payment method details, and transaction records. Payment card data is processed securely through our third-party payment processor (Stripe) and is not stored on our servers.
  • Communications: Messages, feedback, and support requests you send to us via email, phone, or through the Service.
  • Guest Data: Information about hotel guests that you enter into the system, including names, contact details, booking history, and preferences.

2.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, actions taken, time spent, and interaction patterns within the Service.
  • Device & Browser Data: IP address, browser type and version, operating system, device type, screen resolution, and language preferences.
  • Log Data: Server logs including access times, referring URLs, and error logs for debugging and security monitoring.
  • Cookies & Similar Technologies: We use cookies, local storage, and similar technologies as described in Section 6 below.

2.3 Information from Third Parties

  • OAuth Providers: If you sign in using Google OAuth or similar providers, we receive your name, email address, and profile picture as authorized by you.
  • Payment Processors: Transaction confirmations and billing status from Stripe or other payment gateways.

3. How We Use Your Information

We use collected information for the following purposes:

  • Service Delivery: To provide, operate, and maintain the Hostanova platform and all its 23+ integrated modules.
  • Account Management: To create and manage your account, authenticate your identity, and enforce role-based access controls (200+ permissions across 49 roles).
  • Communication: To send transactional notifications, service updates, security alerts, and support responses. We support 250+ notification types across in-app, push, and email channels.
  • Analytics & Improvement: To analyze usage patterns, generate reports, and improve the Service’s functionality and user experience.
  • Security & Compliance: To monitor for suspicious activity, prevent fraud, enforce our Terms, and comply with applicable laws including FBR (Federal Board of Revenue) tax compliance requirements.
  • Billing & Payments: To process subscription payments, generate invoices, and manage billing cycles.
  • Legal Obligations: To comply with legal requirements, respond to lawful requests, and protect our rights.

4. Data Storage & Security

We implement industry-standard technical and organizational measures to protect your data:

  • Encryption: All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption.
  • Access Controls: Strict role-based access controls with multi-factor authentication for administrative access.
  • Audit Logging: 150+ auditable actions are tracked with severity levels (Info, Warning, Error, Critical, Security) including IP and device information.
  • Infrastructure: Our services are hosted on enterprise-grade cloud infrastructure with regular security audits and vulnerability assessments.
  • Sync & Backup: Our bi-directional cloud sync engine includes conflict resolution, auto-retry mechanisms, and checkpoint-based recovery.

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any security incidents.

5. Data Sharing & Disclosure

We do not sell your personal information. We may share your data only in the following circumstances:

  • Service Providers: With trusted third-party vendors who assist in operating our Service (e.g., Stripe for payment processing, cloud hosting providers, email delivery services). These providers are contractually obligated to protect your data.
  • Legal Requirements: When required by law, regulation, legal process, or governmental request, including compliance with FBR and other Pakistani regulatory authorities.
  • Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your data may be transferred as part of that transaction. We will notify you of any such change.
  • With Your Consent: We may share information when you have given us explicit consent to do so.
  • Protection of Rights: To protect the rights, property, or safety of Codexmark, our users, or the public as required or permitted by law.

6. Cookies & Tracking Technologies

We use the following types of cookies and similar technologies:

TypePurposeDuration
EssentialAuthentication, session management, security, and core functionality. These cannot be disabled.Session / 30 days
FunctionalRemember your preferences, language settings, and theme choices (Light/Dark/POS).1 year
AnalyticsUnderstand how users interact with the Service to improve features and performance.1 year

You can manage cookie preferences through your browser settings. Disabling essential cookies may affect the functionality of the Service.

7. Data Retention

We retain your information for the following periods:

  • Account Data: For as long as your account is active, plus 90 days after deletion to allow for recovery.
  • Hotel Operational Data: For the duration of your subscription. Upon termination, data is retained for 30 days before permanent deletion, unless a longer retention period is required by law.
  • Billing Records: Retained for 7 years to comply with tax and financial regulations, including FBR requirements.
  • Audit Logs: Retained for 2 years for security and compliance purposes.
  • Analytics Data: Aggregated and anonymized analytics data may be retained indefinitely.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data, subject to legal retention requirements.
  • Data Portability: Request your data in a structured, commonly used, machine-readable format (JSON, CSV, or Excel).
  • Objection: Object to certain processing activities, including direct marketing.
  • Withdrawal of Consent: Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at work@codexmark.com. We will respond to your request within 30 days.

9. International Data Transfers

Your data may be processed and stored in servers located outside of Pakistan. When we transfer data internationally, we ensure appropriate safeguards are in place to protect your information in accordance with this Policy and applicable data protection laws.

10. Children’s Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will take steps to delete such information promptly. If you believe a child has provided us with personal information, please contact us immediately.

11. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party services you access through our platform.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

  • Posting the updated Policy on this page with a revised date.
  • Sending an in-app notification or email for significant changes.

Your continued use of the Service after changes are posted constitutes acceptance of the updated Policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

CODEXMARK (SMC-PRIVATE) LIMITED

Email: work@codexmark.com

Phone: +92 303 404 2345

Website: codexmark.com

Office Address: Islamabad, Pakistan