When a tourist checks in at a parloh business, we collect their first name, WhatsApp number (stored as a one-way hash — we cannot reverse it), email address, and their stated length of stay in the city. We also collect a device identifier we use to prevent discount abuse.
We do not collect passport numbers, payment information, or any identity documents.
The business you checked into can see your first name, an encrypted link to message you on WhatsApp, your email, and your length of stay. They cannot see your actual phone number — only a secure link to initiate a WhatsApp conversation.
Other businesses on the parloh platform can see anonymised loyalty data (your tier level) to provide appropriate discounts. They cannot see your personal information.
Check-in data is retained for 12 months from the date of check-in. Email addresses are deleted on request. To request deletion of your data, contact us at the address below.
You have the right to access, correct, and request deletion of any personal data we hold about you. Contact us at privacy@parloh.app and we will respond within 30 days.
Phone numbers are stored as SHA-256 hashes — we cannot reverse them. Email addresses are stored in encrypted form. All data is held on servers in the EU (Hetzner, Germany). Access is restricted to authorised parloh staff only.