Privacy Policy
We've written this in plain English. No legal padding — just what you need to know about
what data Perkd·it collects, why, and what your rights are.
Data controller: Perkd·it, operating via perkdit.com (England & Wales).
Questions? Email hello@perkdit.com.
1. What data we collect and why
1.1 Waitlist sign-ups
If you join the waitlist at perkdit.com, we collect your email address. We use it to send a confirmation email and to notify you when we launch.
Lawful basis: Consent — you submitted the form.
1.2 Account registration
When you create a Perkd·it account, we collect:
- Email address — to identify your account and send transactional emails
- Password — stored securely via Supabase Auth (hashed; we never see it in plain text)
- Interests and hobbies — an optional list you choose at sign-up (e.g. restaurants, outdoor, culture, spa). Used to personalise local activity recommendations alongside hotel offers.
Lawful basis: Contract — you need an account to use the service.
1.3 Hotel booking data (Chrome Extension)
The Perkd·it Chrome Extension activates only when you land on a booking confirmation or cancellation page at a supported travel site (Booking.com, Expedia, Hotels.com, Agoda, Trip.com). It captures only:
- Hotel name
- Booking confirmation number
- Check-in and check-out dates
- Booking price
- Which travel site the booking came from (e.g. "booking.com")
- City (where detectable)
It does not capture: passwords, payment card details, search history, browsing history, or any data from pages other than confirmation and cancellation screens.
Lawful basis: Consent — you installed the extension and agreed to the Terms of Service.
1.4 Browser session token (Chrome Extension)
When you install the extension, it reads your Perkd·it session from your browser's local
storage (on the perkdit.com tab, if open) and stores it in chrome.storage.sync.
This token is used to authenticate your booking data with our server. It is only ever read
from perkdit.com — we do not access local storage on any other website.
1.5 Hotel partner data
If you register as a hotel partner, we additionally collect hotel name, contact email, the perk inventory you configure on your dashboard, and payment method details via Stripe (for commission holds — not yet active in Phase 1).
1.6 Unsubscribe requests
If you unsubscribe from emails, we store your email address in a suppression list to ensure we don't email you again. This is necessary to reliably honour your request.
2. How we use your data
| Purpose | Data used |
|---|---|
| Detect overlapping hotel bookings | Booking data from the extension |
| Trigger hotels to compete for your stay | Booking dates and hotel names |
| Personalise local activity recommendations | Interests selected at sign-up, city from booking |
| Send transactional emails | Email address (booking alerts, perk offers, post-stay prompts, waitlist confirmation) |
| Authenticate your account | Session token, email |
| Process hotel commission holds | Stripe payment method (hotel partners only) |
| Prevent duplicate emails | Email suppression list |
We never sell your data to anyone. We do not use it for advertising, third-party profiling, or any automated decision-making that has a legal or significant effect on you.
3. What we share and with whom
We share data only with the services below, and only what each service needs to function.
Supabase — database and authentication
All account data, booking data, and platform state is stored in Supabase (EU region — Frankfurt). supabase.com/privacy
Resend — transactional email
We use Resend to deliver emails (waitlist confirmation, booking alerts, perk notifications, post-stay prompts). Your email address is passed to Resend only to deliver these messages. resend.com/legal/privacy-policy
Viator — activity recommendations
When we detect a booking in a supported city, we call Viator's API to fetch relevant local activity suggestions based on your interests. We pass the city and interest categories only — no name or email is sent to Viator. Affiliate links may generate commission for Perkd·it. viator.com/legal/privacy
Stripe — payments
Stripe handles payment method storage and processing for hotel partner commission holds. Perkd·it does not store card numbers. Commission holds are not yet active in Phase 1. stripe.com/gb/privacy
Google Places API — hotel contact lookup
When a booking is detected from an unregistered hotel, we query Google Places to look up a contact email. We pass only the hotel name and city — no customer data is sent via this integration. policies.google.com/privacy
4. Chrome Extension — permissions explained
| Permission | Why we need it |
|---|---|
| Read page content on OTA sites | To extract booking details from confirmation and cancellation pages only |
| chrome.storage.sync | To store your auth token so the extension can authenticate with our server |
| Notifications | To show a notification when a booking is successfully detected |
| Access to perkdit.com | To read your session token at install time, so you don't have to paste it manually |
The extension is dormant on all other websites. It only activates on confirmation and cancellation pages of: Booking.com, Expedia, Hotels.com, Agoda, and Trip.com.
5. Data storage and security
- All data is stored in Supabase (EU — Frankfurt)
- Passwords are hashed by Supabase Auth — we never store or see them in plain text
- All API communication uses HTTPS
- Session tokens are stored in
chrome.storage.sync, sandboxed to the extension - We do not store payment card details — Stripe handles this directly
6. How long we keep your data
| Data | Retention |
|---|---|
| Waitlist email | Until you ask us to remove it, or 12 months after launch if you never signed up |
| Account data | Until you request deletion |
| Booking data | Until you request deletion |
| Email suppression list | Indefinitely — to ensure we don't email you after you've unsubscribed |
| Hotel partner data | Until the hotel account is closed or deletion is requested |
7. Your rights (UK GDPR)
You have the right to:
- Access — ask us what personal data we hold about you
- Correct — ask us to fix inaccurate data
- Delete — ask us to erase your data ("right to be forgotten")
- Restrict — ask us to pause processing in certain circumstances
- Portability — ask for a copy of your data in a machine-readable format
- Object — object to us processing your data for a particular purpose
- Withdraw consent — at any time, where processing is based on consent
To exercise any of these rights, email hello@perkdit.com. We'll respond within 30 days.
You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk if you believe we've handled your data unlawfully.
8. Emails and unsubscribing
Every marketing or notification email includes an unsubscribe link at the bottom. Clicking it immediately adds your email to our suppression list. Transactional emails (booking confirmations, password resets) may still be sent as they are necessary for the service to function.
To stop all emails, contact hello@perkdit.com.
9. Children
Perkd·it is not intended for anyone under 18. If you believe a child has submitted data to us, email hello@perkdit.com and we will delete it promptly.
10. Changes to this policy
If we make significant changes, we'll notify waitlist subscribers and registered users by email. The date at the top of this page will always reflect when it was last updated.
Questions?
Email us at hello@perkdit.com — we'll reply promptly.
Perkd·it · perkdit.com · England & Wales