Privacy Policy

Last updated: 1 April 2026

1. Introduction

GHM Suite ("we", "us", or "our") is committed to protecting the personal information of our users in accordance with the Protection of Personal Information Act 4 of 2013 (POPIA) of South Africa. This Privacy Policy explains what information we collect, how we use it, how long we keep it, who we share it with, and your rights in relation to it.

By using GHM Suite at ghmsuite.co.za, you agree to the collection and use of information as described in this policy.

2. Who We Are and Our Role Under POPIA

GHM Suite is a guest house management platform designed for South African guest house owners.

Under POPIA, the roles are as follows:

  • GHM Suite is the operator — we process personal information on behalf of our customers (guest house owners) under their instruction and for the purposes they direct.
  • Guest house owners (our customers) are the responsible party — they determine the purpose and means of processing personal information about their guests, and bear the primary compliance obligations under POPIA for that data.

For our customers' own account data (email address, subscription details), GHM Suite acts as the responsible party.

For details of our data processing obligations and your rights as a customer, see our Data Processing Agreement.

Contact: info@ghmsuite.co.za

3. Information We Collect

3.1 Account Information

When you register, we collect your email address and a password (stored securely in hashed form via Supabase Auth — we never store your password in plain text).

3.2 Guest Information (Processed on Your Behalf)

As part of managing your guest house, you may capture personal information about your guests, including:

  • Full name and surname
  • Email address
  • Contact (cell) number
  • ID verification status

This data is processed by GHM Suite as your operator. You are the responsible party for this data and are responsible for obtaining appropriate consent from your guests before capturing their personal information in GHM Suite.

3.3 Booking Data

We store booking records you create or import, including check-in and check-out dates, room assignments, rates, number of guests (pax), and booking source.

3.4 Calendar Sync Data

When you connect external calendars (Airbnb, Booking.com, LekkeSlaap), we import booking events from those feeds. This may include guest names, booking references, and stay dates provided by those platforms.

3.5 Payment Information

We do not store your full payment card details. Subscription payments are processed by a third-party payment provider. We only store your subscription status, amount paid (in cents), and expiry date.

3.6 Analytics & Cookies

With your explicit consent, we use Google Analytics 4 to collect anonymous usage data such as pages visited, session duration, and general navigation patterns. This helps us understand how GHM Suite is used so we can improve it.

Analytics data is only collected after you have opted in via the cookie consent banner shown when you first visit the site. You can change your preference at any time in Settings → Cookie Preferences.

We use the following storage items:

  • ghm_consent_v1 — a localStorage entry storing your cookie consent preference (necessary; never expires; contains only your opt-in/opt-out choice and the date it was set).
  • _ga, _gid, _ga_BQ59NGM17S — cookies set by Google Analytics only if you have consented. They expire after 2 years, 24 hours, and 2 years respectively. They collect anonymised data and do not identify you personally.

We do not use cookies for advertising or profiling purposes.

4. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the GHM Suite platform
  • Authenticate your account and keep it secure
  • Sync booking data from connected external calendar feeds
  • Send subscription, billing, and service notifications by email
  • Respond to support requests
  • Improve the platform using anonymised analytics (with your consent)

We do not sell, rent, or share your personal information with third parties for marketing purposes.

5. Data Storage, Hosting, and Cross-Border Transfers

5.1 Infrastructure

Your data is stored using Supabase, a managed database platform that implements row-level security (RLS). This means only your account can access your guest house data — no other GHM Suite user can view your records.

5.2 Hosting Location and Cross-Border Transfers

Supabase may host data on servers located outside South Africa, including in the European Union or United States. This constitutes a cross-border transfer of personal information under POPIA.

Supabase operates under its own Privacy Policy and Data Processing Agreement, which provides appropriate safeguards for the transfer and processing of personal data, including Standard Contractual Clauses where applicable.

By using GHM Suite, you consent to the transfer of your data to Supabase's hosting infrastructure as described above.

5.3 Encryption

We use industry-standard encryption (HTTPS/TLS) for all data in transit. Data at rest is encrypted by Supabase's infrastructure.

6. Subprocessors

GHM Suite uses the following third-party subprocessors to deliver the service. Each processes data only as necessary to provide the relevant function:

SubprocessorPurposeLocationPrivacy Policy
SupabaseDatabase, authentication, edge functionsEU / US (region varies by project)supabase.com/privacy
Payment ProcessorSubscription billingSouth Africa / InternationalProvided at checkout
Google Analytics 4Anonymous usage analytics (consent-only)USpolicies.google.com/privacy
WhatsApp (via wa.me)Message links opened in your browser — we do not send messages on your behalfN/A (browser-side only)whatsapp.com/legal

Calendar data is fetched from iCal feeds provided by Airbnb, Booking.com, and LekkeSlaap at your direction. GHM Suite does not share your data with those platforms.

7. Data Retention

We retain data as follows:

  • Active accounts: Your account data, guest records, and booking history are retained for as long as your account remains active.
  • Paused accounts (subscription lapsed): Data is retained indefinitely until you request deletion or reactivate your account. We will not delete data solely because of non-payment.
  • After account termination / deletion request: We will delete your personal information and your guests' personal information within 30 days of a confirmed deletion request, except where we are required by law to retain records for a longer period (e.g. financial records may be retained for up to 5 years for tax purposes).
  • Analytics data: Google Analytics data is retained for 14 months, as configured in our Analytics settings.
  • Support communications: Emails sent to us are retained for 12 months.

To request deletion of your account and all associated data, contact us at info@ghmsuite.co.za.

8. Data Breach Notification

In the event of a security compromise that involves personal information, we will:

  • Investigate and contain the breach as quickly as possible
  • Notify affected customers by email as soon as reasonably possible and within the timeframes required by POPIA (which requires notification without unreasonable delay where there is a real risk of harm)
  • Notify the Information Regulator of South Africa as required by section 22 of POPIA
  • Provide details of what data was affected, what steps we have taken, and what you should do to protect yourself

If you suspect a security issue with your GHM Suite account, contact us immediately at info@ghmsuite.co.za.

9. Your Rights Under POPIA

As a data subject under South African law, you have the right to:

  • Access — request a copy of the personal information we hold about you
  • Correction — request that inaccurate or outdated information be corrected
  • Deletion — request that your personal information be deleted (subject to legal retention requirements)
  • Objection — object to the processing of your personal information
  • Restriction — request that we limit how we use your information while a dispute is resolved
  • Complaint — lodge a complaint with the Information Regulator of South Africa at justice.gov.za/inforeg

To exercise any of these rights, contact us at info@ghmsuite.co.za. We will respond within 30 days of receiving your request.

10. Children's Privacy

GHM Suite is intended for use by adult business owners (18 years or older). We do not knowingly collect personal information from persons under the age of 18.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. If changes are material, we will notify you by email. Continued use of GHM Suite after any changes constitutes your acceptance of the updated policy.

12. Contact Us

If you have any questions about this Privacy Policy or how we handle your personal information, please contact us:

GHM Suite
Email: info@ghmsuite.co.za
Website: ghmsuite.co.za

← Back to Home