Privacy Policy

Sommer Inc. ("Sommer," "we," "our," or "us") operates as the data controller for personal information processed through our vacation rental management platform. We are committed to protecting your privacy and handling your personal data in accordance with applicable data protection laws.

Company Details:
Sommer Inc.
123 Business St, Suite 100
San Francisco, CA 94105
United States

This Privacy Policy applies to all personal information collected and processed by Sommer through:

• Our web application platform (sommer.co)
• Account creation and authentication processes
• Organization and property management features
• Team collaboration and communication tools
• Customer support and communication channels
• Marketing communications (with your consent)

For privacy-related questions, requests, or concerns, please contact us:

• Privacy Team: privacy@sommer.co
• Data Protection Officer: dpo@sommer.co
• Legal Team: legal@sommer.co
• General Support: support@sommer.co

We use your personal information to provide and maintain our vacation rental management platform:

• User authentication and account management
• Organization creation and team collaboration features
• Property listing creation, editing, and management
• Photo upload and storage via UploadThing integration
• Platform functionality and feature delivery
• Customer support and technical assistance

We process data for legitimate business interests, balancing our needs with your privacy rights:

• Platform improvements and feature development
• Performance monitoring and optimization
• Security monitoring and fraud prevention
• Usage analytics and product insights (anonymized)
• Customer support quality improvement
• Business planning and strategy development

We may process your data to comply with legal requirements:

• Compliance with data protection laws (GDPR, CCPA, etc.)
• Response to legal requests, court orders, and subpoenas
• Tax and financial record keeping requirements
• Industry regulation compliance
• Law enforcement cooperation when legally required

With your explicit consent, we may use your information for:

• Product updates and feature announcements
• Educational content and best practices for vacation rental hosts
• Promotional offers and service improvements
• Industry news and platform updates
• Surveys and feedback requests

We share personal information with trusted service providers who help us operate our platform:

• UploadThing: File storage and image management services
• Neon/PostgreSQL: Database hosting and data management
• Auth.js/OAuth Providers: Authentication and identity services
• Resend: Email delivery and communication services
• Upstash Redis: Caching and rate limiting services
• Vercel: Platform hosting and content delivery
• Stripe: Payment processing (when implemented)

All service providers are bound by data processing agreements that ensure appropriate data protection standards.

Personal information may be transferred in connection with business transactions:

• Mergers, acquisitions, or sales of company assets
• Corporate restructuring or reorganization
• Bankruptcy proceedings or asset liquidation
• Due diligence processes for potential transactions

In such cases, we will ensure appropriate data protection measures are maintained by the acquiring entity.

We may disclose personal information when legally required:

• Court orders, subpoenas, and legal process
• Law enforcement investigations and requests
• Regulatory compliance and government audits
• Protection of rights, property, and safety
• Prevention of fraud and criminal activity

We implement comprehensive technical security measures:

• End-to-end encryption for data transmission (TLS/SSL)
• Encryption at rest for sensitive data storage
• Secure database configurations with access controls
• Regular security updates and vulnerability patches
• Multi-factor authentication for administrative access
• Network security monitoring and intrusion detection
• Secure development practices and code reviews

We maintain strong organizational security practices:

• Employee security training and access management
• Data processing agreements with all vendors
• Regular security audits and penetration testing
• Incident response procedures and protocols
• Business continuity and disaster recovery planning
• Privacy by design principles in development
• Compliance monitoring and documentation

In the event of a data breach, we will:

• Notify affected users within 72 hours when required by law
• Report breaches to relevant supervisory authorities
• Implement immediate containment and remediation measures
• Conduct thorough investigation and impact assessment
• Provide clear information about the breach and mitigation steps
• Review and improve security measures to prevent future incidents

For EU and EEA users, additional GDPR protections include:

• Legal basis for processing under GDPR Article 6
• Special category data protections under Article 9
• International transfer safeguards under Articles 44-49
• Data Protection Officer contact: dpo@sommer.co
• Right to lodge complaints with supervisory authorities
• EU representative contact information (if applicable)

California residents receive enhanced privacy protections:

• Detailed categories of personal information collected
• Business purposes for data collection and use
• Third parties with whom information is shared
• Non-discrimination policy for exercising rights
• Authorized agent procedures for submitting requests
• Sensitive personal information processing limitations

We comply with privacy laws in other jurisdictions where we operate:

• Canada (PIPEDA) - Personal Information Protection
• Australia (Privacy Act) - Australian Privacy Principles
• Brazil (LGPD) - Lei Geral de Proteção de Dados
• United Kingdom (UK GDPR) - Data Protection Act 2018
• Other applicable regional data protection laws