Stayplot

Privacy

Last updated: July 6, 2026

Stayplot is a map of hotel award programs (Hilton, Marriott, IHG, Hyatt, Wyndham, Choice, Amex Fine Hotels + Resorts, Amex The Hotel Collection, Chase Edit, Hilton Aspire). This page explains what data we collect when you visit the site and when you choose to sign in.

What we collect

  • Account & sign-in (optional) — you can use the map fully without an account. If you choose to sign in to save hotels: with Google we receive your email address, name, and profile photo from your Google account; with an email magic link we receive your email address. We use this only to identify your account and sync your saved hotels across your devices. We never receive or store your Google password. Authentication and saved-hotel data are stored with our backend provider, Supabase (supabase.com/privacy). We don't sell your data or use it for advertising.
  • Saved hotels — when you're signed in, the hotels you save are stored against your account so your shortlist appears on any device. You can remove them anytime, or delete your account (see below) to erase them.
  • Anonymous usage analytics via PostHog — page views, source-chip clicks, filter changes, and similar interaction events. PostHog runs in cookieless mode for us; no IPs, no cross-site cookies, no personal identifiers.
  • Error tracking + session replay via Sentry — JavaScript exceptions, network errors, plus a DOM replay of ~10% of sessions and 100% of sessions where an error fires. Form inputs are masked by default. Sentry receives IP address and user-agent as part of standard error context.
  • Server request logs (Vercel default) — HTTP status, URL, response time, IP, user-agent. Retained for operational debugging only.
  • Map tiles are loaded from Mapbox; their privacy policy applies to tile requests: mapbox.com/legal/privacy.
  • Place search is powered by Photon (Komoot's hosted geocoder). When you type in the search box your query text is sent to photon.komoot.io.

What we don't collect

  • No passwords — sign-in is via Google or a one-time email link, so we never see or store one.
  • No card numbers — Plus payments are processed by Stripe; your card details go directly to Stripe and never touch our servers. We store only your subscription status and a Stripe customer reference.
  • No advertising or third-party trackers.

Email we send

If you set a price alert or add a free-night cert to your wallet, we use your account email to send you those alert and expiry-reminder messages (delivered via Resend, our email provider). No marketing lists — every email maps to something you set up, and deleting the alert or cert stops it.

Deleting your data

You can un-save any hotel from your list at any time. To delete your account and everything stored with it — saved hotels, alerts, and history (and your Plus subscription is canceled) — open the account menu, go to Account, and choose Delete account in the danger zone. It takes effect immediately and can't be undone. Prefer we do it for you? Email hello@stayplot.com.

Third-party data sources

Property locations, names, and ratings come from public sources — chain websites, TripAdvisor, and card-program listings. These are read from the public pages and stored in our own database. We don't pass any of your activity back to those sources.

Contact

Questions? Email hello@stayplot.com.