Privacy Policy

Last updated: April 9, 2026

1. Who We Are

This Privacy Policy explains how MagicBNB, also branded in parts of the Service as BNBCalculator.AI ("MagicBNB," "we," "us," or "our"), collects, uses, discloses, stores, and protects personal information when you use our website, web application, and related services (collectively, the "Service").

MagicBNB is a web-based SaaS platform for short-term rental operators, hosts, and investors. The Service provides analytics, reporting, property and portfolio insights, PMS data syncing, bank transaction syncing and categorization, profitability workflows, and AI-powered analysis and assistance.

Operator contact: support@magicbnb.io
Location: Edmonton, Alberta, Canada

2. Scope

This Privacy Policy applies to personal information we collect:

  • when you create or use an account;
  • when you subscribe to a paid plan;
  • when you connect third-party services such as Plaid, Hospitable, or Hostfully;
  • when you use AI-assisted features;
  • when you contact us for support or otherwise communicate with us;
  • when you visit and use our website or app.

This Privacy Policy does not govern third-party websites, platforms, or services that have their own privacy policies and terms, including Plaid, Stripe, Supabase, Hospitable, and Hostfully.

3. What We Collect

3.1 Information you provide directly

We may collect the following information you provide to us:

  • name;
  • email address;
  • account credentials and authentication information, including passwords stored in hashed form;
  • billing and subscription information associated with your account;
  • properties, portfolio details, listing details, notes, reporting inputs, and other content you submit;
  • messages, support requests, and other communications you send to us;
  • connection credentials or tokens required to enable third-party integrations, where applicable.

3.2 Information we collect automatically

When you use the Service, we may automatically collect:

  • log data, such as IP address, browser type, device type, timestamps, pages viewed, referring URLs, and error data;
  • usage data, such as feature interactions, session activity, and performance data;
  • cookie and session data used for authentication, security, and remembering preferences.

3.3 Information we receive from connected services

Plaid

If you connect a financial account using Plaid, we may receive the information you authorize through Plaid, including:

  • account identifiers and metadata, such as account name, mask, type, and subtype;
  • balances made available by Plaid;
  • transaction data, such as date, amount, merchant, category, and linked account details;
  • Item or connection status information needed to maintain and update the connection;
  • webhook-triggered status and update information from Plaid.

We use Plaid Transactions only at this time. We do not use Plaid Investments or Plaid Liabilities.

We do not directly collect or store your online banking username or password. That credential flow is handled by Plaid and/or your financial institution.

Hospitable

If you connect Hospitable, we may receive data you authorize through Hospitable's OAuth flow, including listings, reservations, calendar data, operational data, and related portfolio data needed for the features you enable.

We do not receive your Hospitable password.

Hostfully

If you connect Hostfully, you may provide a Hostfully API key in the Service. We may use that API key to access listing, reservation, and related PMS or portfolio data that Hostfully makes available to your account.

Hostfully sync is manual in the current version of the Service. It is not described as continuous real-time sync unless we explicitly state otherwise in the Service.

3.4 Payment information

Payments are processed by Stripe. We do not store full payment card details on our own systems. We may receive limited billing-related information from Stripe, such as subscription status, billing period, payment confirmation, and limited transaction metadata.

3.5 AI feature inputs and outputs

If you use AI-powered features, we collect the inputs you submit to those features and the outputs generated for you. This may include property data, deal assumptions, notes, portfolio data, prompts, follow-up questions, and similar business information you choose to provide.

4. How We Use Personal Information

We use personal information to:

  • provide, operate, maintain, and improve the Service;
  • create and manage user accounts;
  • authenticate users and secure the Service;
  • process subscriptions, payments, renewals, and refunds;
  • sync, organize, categorize, and display connected financial and PMS data;
  • generate analytics, reports, and AI-assisted outputs requested by users;
  • provide customer support and respond to inquiries;
  • monitor system performance, troubleshoot issues, and protect against abuse, fraud, and security incidents;
  • enforce our Terms of Service and other applicable policies;
  • comply with legal, tax, accounting, and regulatory obligations;
  • communicate with you about account, billing, support, service, and security matters.

We may also use aggregated or de-identified data for analytics, operations, product improvement, and business reporting.

5. Our Legal/Operational Basis for Collection and Use

We collect, use, and disclose personal information for purposes that are reasonably necessary to provide and operate the Service, based on your interactions with us, your use of the Service, your instructions, and your consent where applicable.

Where consent is required or appropriate, you may provide it by:

  • creating and using an account;
  • agreeing to our Terms of Service and this Privacy Policy;
  • connecting third-party services;
  • submitting information into the Service;
  • using AI-powered features;
  • contacting us or asking us to take action on your behalf.

6. Cookies and Similar Technologies

We use cookies and similar technologies that are essential to operate the Service and preference technologies to remember settings and improve user experience.

These may include technologies used for:

  • login sessions and authentication;
  • security and fraud prevention;
  • remembering preferences and settings;
  • basic service functionality.

At this time, we do not describe our current setup as using non-essential advertising or marketing cookies. If we later add non-essential analytics, advertising, or marketing tracking, we may update this Privacy Policy and any related notice or consent flows.

7. Third-Party Service Providers and Integrations

We use third parties to help us operate the Service. Depending on how you use the Service, these may include:

  • Stripe for payment processing and subscription billing;
  • Supabase for database, storage, and/or realtime infrastructure;
  • Plaid for bank and transaction connectivity;
  • Hospitable for PMS OAuth connectivity and data syncing;
  • Hostfully for PMS connectivity using a user-provided API key.

These third parties have their own terms, privacy practices, and security controls. Your use of their products or services may also be governed by your agreements with them.

8. AI-Assisted Features

MagicBNB includes AI-assisted features. When you use those features, we may send relevant inputs to third-party AI service providers in order to generate the requested output.

AI-generated outputs may be inaccurate, incomplete, outdated, or unsuitable for your situation. AI outputs are provided for informational purposes only and should not be relied on as the sole basis for any financial, investment, tax, legal, accounting, real estate, or other significant business decision.

We recommend that users independently verify important information and consult qualified professionals where appropriate.

9. How We Share Information

We do not sell personal information.

We may share personal information in the following situations:

  • with service providers and infrastructure providers that help us operate the Service;
  • with third-party integrations you choose to connect or use;
  • with payment processors and billing providers;
  • with AI service providers used to operate AI-assisted features;
  • with professional advisors, auditors, insurers, or legal counsel where reasonably necessary;
  • where required by law, court order, legal process, or governmental request;
  • where reasonably necessary to protect our rights, users, systems, or the public;
  • in connection with a merger, acquisition, financing, restructuring, sale of assets, or similar business transaction;
  • with your direction or consent.

10. User Responsibility for Connected Data

You are responsible for ensuring that you have the right and authority to connect any bank account, PMS account, API key, or other third-party data source to the Service.

If you connect data that includes information about third parties, such as co-owners, staff, contractors, guests, or customers, you are responsible for ensuring you have all permissions, notices, and rights needed to share that data with MagicBNB and to authorize our processing of it for the Service.

11. Safeguards and Security

We use reasonable administrative, technical, and organizational safeguards designed to protect personal information against unauthorized access, collection, use, disclosure, copying, modification, disposal, or destruction.

Examples may include:

  • TLS or similar protections in transit;
  • encryption at rest for sensitive stored credentials and tokens;
  • server-side storage controls;
  • authentication and access controls;
  • logging, monitoring, and security review processes.

No security measure is perfect, and we cannot guarantee absolute security.

You are responsible for maintaining the confidentiality of your account credentials and for notifying us promptly if you suspect unauthorized access to your account.

12. Data Retention and Deletion

We retain personal information only for as long as reasonably necessary for the purposes described in this Privacy Policy, including business, legal, accounting, tax, fraud prevention, security, and support purposes.

Our current target retention approach is:

  • account and workspace data: while your account remains active;
  • connected Plaid and PMS synced data: while needed to provide the Service and while the related account or workspace remains active, subject to disconnect and deletion workflows;
  • account deletion / deletion requests: target deletion within 30 days, where applicable;
  • backups and disaster recovery copies: generally 30 to 90 days;
  • billing, tax, and accounting records: up to 7 years;
  • security, audit, and fraud-prevention logs: generally 12 to 24 months.

When you disconnect Plaid, we attempt to revoke the relevant Plaid Item and remove synced Plaid accounts and transactions from the Service, subject to technical limitations and any retention we must or may maintain for legal, tax, billing, fraud-prevention, security, dispute, or support purposes.

When you delete your account, we also attempt to revoke active Plaid Items before deleting the account, again subject to technical limitations and permitted or required retention.

When you disconnect Hospitable or Hostfully, we stop further syncing related to that integration and may delete related connection credentials and synced data, subject to the same operational, legal, security, billing, and support retention needs.

13. Access, Correction, and Deletion Requests

You may contact us at support@magicbnb.io to:

  • request access to personal information we hold about you;
  • request correction of inaccurate account information;
  • request account deletion;
  • request help disconnecting third-party integrations.

We may need to verify your identity before processing a request. We may also decline or limit a request where permitted by law or where we need to retain certain information for legal, billing, tax, fraud-prevention, support, or security reasons.

14. Cross-Border Processing

MagicBNB and its service providers may process or store personal information in Canada and other jurisdictions, depending on where our providers and infrastructure are located and how the Service is configured.

As a result, your personal information may be accessible to courts, law enforcement, regulators, or government authorities in jurisdictions outside your province or country.

15. Children

The Service is not intended for children, and we do not knowingly provide the Service to children.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date above. If we make material changes, we may provide additional notice through the Service or by other reasonable means.

17. Contact Us

If you have questions, requests, or concerns about this Privacy Policy or our privacy practices, contact us at:

  • MagicBNB
  • Email: support@magicbnb.io
  • Location: Edmonton, Alberta, Canada