OutReserve

Privacy Policy

Effective Date: March 20, 2026

Last Updated: March 20, 2026

PRIVACY SUMMARY

What We Do

OutReserve LLC operates a travel booking platform connecting guests with unique outdoor accommodations through our website and upcoming mobile applications.

Information We Collect

We collect information you provide (name, email, phone, payment details), information collected automatically (approximate location via IP address, device information, usage data), and information from third parties (payment processors, advertising partners).

How We Use It

We use your information to process bookings, facilitate communication between guests and hosts, prevent fraud, improve our services, and provide targeted advertising.

How We Share It

We share your booking information with hosts/operators you book with. We share data with service providers, advertising partners, and as required by law. Hosts may use your information for their own marketing purposes.

Your Rights

You can access, correct, delete, or request a copy of your personal information. You can opt out of targeted advertising and data sales. You can request we limit use of sensitive personal information.

Cookies & Tracking

We use cookies and similar technologies for analytics, advertising, and site functionality. You can control cookies through your browser settings. We plan to add a preference center for enhanced control.

Children

Our services are not intended for children under 13. For users 13-17, we require parental consent for data processing.

Contact Us

  • Email: support@outreserve.com

  • Web Form: https://outreserve.com/contact

I. INFORMATION WE COLLECT

A. Information You Provide to Us

Account Information: When you create an account, we collect your name, email address, phone number, and password. You may optionally provide a profile photo.

Booking Information: When you make a reservation, we collect booking dates, party size, special requests, and any additional information you provide about your stay preferences.

Payment Information: We collect billing information including name, billing address, and payment method details. Full credit card numbers are processed and stored by our payment processor Stripe; we only store tokenized payment information.

Host/Operator Information: If you list properties on our platform, we collect business information, property details, availability calendars, pricing information, payout account details, tax identification numbers, and any marketing materials you provide.

Communications: We collect information when you contact us through email, phone, SMS, or other communication channels, including the content of your messages and any attachments.

Identity Verification (Future): We plan to implement identity verification and background check services. When available, we will collect government-issued identification and other verification documents through third-party processors.

B. Information Collected Automatically

Device and Usage Information: We automatically collect information about your device, browser, operating system, IP address, and how you interact with our services, including pages viewed, features used, and time spent on our platform.

Location Information: We collect approximate location information based on your IP address. We do not collect precise GPS location data.

Cookies and Tracking Technologies: We use cookies, web beacons, pixels, and similar technologies to collect information about your browsing behavior and preferences. See our Cookie Policy for detailed information.

Log Information: Our servers automatically record information including IP addresses, browser types, referring/exit pages, operating systems, date/time stamps, and clickstream data.

Fraud Prevention Data: We collect device fingerprints, behavioral patterns, and other signals to detect and prevent fraudulent activity and enhance account security.

C. Information from Third Parties

Payment Processors: We receive transaction information and payment status updates from Stripe and other payment service providers.

Advertising Partners: We receive information from advertising platforms including Google, Meta, TikTok, and other partners about ad performance and user interactions with our advertisements.

Service Providers: We receive information from third-party service providers including email delivery status, SMS delivery confirmations, and analytics data.

Public Sources: We may collect information from publicly available sources to verify business information for hosts/operators.

Future Integrations: We plan to integrate with property management systems and channel management platforms, which may provide property inventory data and reservation information.

D. Data Categories, Examples, Sources, and Purposes

Personal Identifiers

  • Examples: Name, email address, phone number, IP address, device identifiers

  • Source: Provided by you, collected automatically

  • Purpose: Account management, communication, fraud prevention, service delivery

Commercial Information

  • Examples: Booking history, payment information, property preferences, transaction records

  • Source: Provided by you, payment processors

  • Purpose: Processing reservations, payment processing, customer service, analytics

Internet Activity

  • Examples: Browsing history, search queries, page views, click patterns

  • Source: Collected automatically, third-party analytics

  • Purpose: Service improvement, personalization, targeted advertising, fraud prevention

Geolocation Data

  • Examples: Approximate location based on IP address

  • Source: Collected automatically

  • Purpose: Content localization, fraud prevention, service customization

Audio/Visual Information

  • Examples: Profile photos, property images, customer service call recordings

  • Source: Provided by you

  • Purpose: Account verification, property listings, customer service quality

Professional Information

  • Examples: Business details for hosts/operators, tax information

  • Source: Provided by you

  • Purpose: Host verification, payment processing, tax compliance

Inferences

  • Examples: Preferences, interests, travel patterns, risk assessments

  • Source: Derived from other information

  • Purpose: Personalization, fraud prevention, targeted advertising, service improvement

II. HOW WE USE YOUR INFORMATION

We use the information we collect for the following purposes:

Service Delivery and Operations

  • Processing and managing bookings and reservations

  • Facilitating communication between guests and hosts/operators

  • Processing payments, refunds, and chargebacks

  • Providing customer support and responding to inquiries

  • Managing user accounts and authentication

Safety and Security

  • Detecting, preventing, and investigating fraud and security threats

  • Verifying user identity and conducting background checks (when implemented)

  • Monitoring for violations of our terms of service

  • Protecting the safety of our users and the integrity of our platform

Communication and Marketing

  • Sending booking confirmations, updates, and service-related communications

  • Providing customer support through various channels

  • Sending promotional materials and marketing communications (with consent)

  • Conducting surveys and collecting feedback

Analytics and Improvement

  • Analyzing usage patterns and user behavior to improve our services

  • Conducting research and development for new features and services

  • Generating analytics and business intelligence reports

  • Personalizing user experience and content

Advertising and Marketing

  • Delivering targeted advertisements on our platform and third-party sites

  • Measuring advertising effectiveness and campaign performance

  • Creating custom audiences and lookalike audiences for advertising

  • Retargeting users who have visited our platform

Legal and Compliance

  • Complying with applicable laws, regulations, and legal processes

  • Responding to lawful requests from government authorities

  • Enforcing our terms of service and other agreements

  • Protecting our legal rights and interests

Future Services

  • Implementing messaging functionality between users

  • Providing identity verification and background check services

  • Integrating with property management systems and channel partners

  • Developing new features and service offerings

III. HOW WE SHARE YOUR INFORMATION

A. Service Providers

We share information with third-party service providers who perform services on our behalf, including:

Technology Infrastructure: Google Cloud Platform for hosting and data storage, content delivery networks, and other technical service providers.

Payment Processing: Stripe for payment processing, fraud detection, and payout management to hosts/operators.

Communications: SendGrid for email delivery, Twilio for SMS communications, and other communication service providers.

Analytics and Advertising: Google Analytics, Google Tag Manager, Meta, TikTok, and other advertising and analytics platforms for measuring performance and delivering targeted advertising.

Customer Support: Third-party customer service platforms and tools to provide support services.

Security and Fraud Prevention: Fraud prevention vendors and other security service providers for fraud detection, prevention, and account security.

B. Host/Operator Data Sharing

Booking Information Sharing: When you make a booking, we share your name, email address, phone number, and party size with the host/operator of the property you book. This enables them to contact you directly regarding your reservation.

Host Marketing Use: Hosts and operators are permitted to use your contact information for their own marketing purposes, including sending promotional materials about their properties and services. You may opt out of such marketing communications directly with the host/operator or by contacting us at support@outreserve.com.

Independent Privacy Policies: Many hosts and operators have their own privacy policies governing how they collect, use, and protect your information. We encourage you to review their privacy policies, which may be available on their property listings or websites.

Host Communication: Hosts may contact you immediately after booking through the contact information you provide. We are not responsible for how hosts use or protect your information once shared.

C. Advertising Partners

Targeted Advertising: We share information with advertising partners including Google, Meta, TikTok, and other platforms to deliver targeted advertisements and measure advertising effectiveness.

Server-Side Conversions: We plan to implement server-side conversion tracking (such as Meta’s Conversions API and similar technologies) which may involve sharing hashed or pseudonymized information with advertising platforms.

Custom Audiences: We may share hashed email addresses and other identifiers with advertising platforms to create custom audiences and lookalike audiences for advertising purposes.

Ad Performance Data: We share aggregated and anonymized information about ad performance and user interactions with our advertising partners.

D. Legal and Safety Disclosures

We may disclose your information when we believe in good faith that disclosure is necessary to:

Legal Compliance: Comply with applicable laws, regulations, legal processes, or governmental requests.

Safety Protection: Protect the safety, rights, or property of OutReserve, our users, or the public.

Legal Proceedings: Respond to claims, legal proceedings, or enforce our agreements and policies.

Business Transfers: In connection with any merger, acquisition, asset sale, or other business transaction involving OutReserve.

Consent: With your explicit consent for specific disclosures not covered by this policy.

E. Sharing Recipients, Data Shared, Purposes, and User Controls

Service Providers (Technology)

  • Data Shared: All categories of personal information as necessary for service delivery

  • Purpose: Platform operation, hosting, analytics, customer support

  • User Control: Cannot opt out while using services; can delete account

Payment Processors

  • Data Shared: Payment information, transaction details, identity verification data

  • Purpose: Payment processing, fraud prevention, regulatory compliance

  • User Control: Cannot opt out for active bookings; can delete account after transaction completion

Hosts/Operators

  • Data Shared: Name, email, phone, party size, booking details

  • Purpose: Reservation management, guest communication, property marketing

  • User Control: Can opt out of marketing communications; cannot opt out of booking-related sharing

Advertising Partners

  • Data Shared: Identifiers, usage data, conversion events, demographic information

  • Purpose: Targeted advertising, campaign measurement, audience creation

  • User Control: Can opt out via “Do Not Sell or Share” request; browser/device controls available

Analytics Providers

  • Data Shared: Usage data, device information, interaction patterns

  • Purpose: Service improvement, user experience optimization, business intelligence

  • User Control: Can opt out via browser settings; can request data deletion

Communication Providers

  • Data Shared: Contact information, message content, delivery preferences

  • Purpose: Email/SMS delivery, customer support, communication management

  • User Control: Can unsubscribe from marketing; cannot opt out of service communications

Security/Fraud Prevention

  • Data Shared: Device data, behavioral patterns, transaction information

  • Purpose: Fraud detection, account security, risk assessment

  • User Control: Cannot opt out while using services; essential for platform security

IV. YOUR PRIVACY RIGHTS

A. Delaware and Multi-State Privacy Rights

Under the Delaware Personal Data Privacy Act and other applicable state privacy laws, you have the following rights regarding your personal information:

Right to Know/Access: You have the right to request information about the categories and specific pieces of personal information we collect, use, disclose, and sell about you, as well as the categories of sources from which we collect personal information.

Right to Correct: You have the right to request that we correct inaccurate personal information that we maintain about you, taking into account the nature of the personal information and the purposes for which we process it.

Right to Delete: You have the right to request that we delete personal information we have collected from you, subject to certain exceptions including legal obligations, fraud prevention, and legitimate business purposes.

Right to Data Portability: You have the right to receive a copy of your personal information in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another entity without hindrance.

Right to Opt Out of Sales and Sharing: You have the right to opt out of the sale or sharing of your personal information. We treat our advertising technology partnerships conservatively as potential “sharing” under applicable privacy laws.

Right to Opt Out of Targeted Advertising: You have the right to opt out of targeted advertising, including cross-context behavioral advertising and profiling for advertising purposes.

Right to Limit Sensitive Personal Information: If we process sensitive personal information, you have the right to request that we limit our use and disclosure of such information to specific permitted purposes.

Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights, including by denying goods or services, charging different prices, or providing different levels of service quality.

B. Universal Opt-Out Signal Recognition

Implementation Timeline: Beginning January 1, 2026, we will recognize and process universal opt-out signals transmitted by your browser or device as valid requests to opt out of the sale or sharing of personal information and targeted advertising.

Signal Processing: When we detect a valid universal opt-out signal from your browser or device, we will automatically apply your opt-out preferences to your interactions with our services without requiring additional action from you.

Enhancement Plans: We plan to enhance our universal opt-out signal functionality over time to provide more granular control and better user experience while maintaining full compliance with applicable requirements.

Current Alternatives: Until universal opt-out signal recognition is implemented, you can exercise your opt-out rights through the methods described in the “How to Exercise Your Rights” section below.

C. How to Exercise Your Rights

Email Requests: You may submit privacy rights requests by emailing us at support@outreserve.com. Please include your full name, email address associated with your account, and a detailed description of your request.

Web Form: You may submit requests through our online privacy request form at https://outreserve.com/contact. This form will guide you through the request process and help ensure we have all necessary information.

Identity Verification: To protect your privacy and security, we may need to verify your identity before processing your request. This may include requesting additional information or documentation to confirm you are authorized to make the request.

Response Timeline: We will respond to your request within forty-five (45) days of receipt. If we need additional time, we will notify you and may extend our response time by an additional forty-five (45) days.

Request Processing: We will process your request free of charge unless it is excessive, repetitive, or manifestly unfounded. In such cases, we may charge a reasonable fee or decline to process the request.

Authorized Agents: You may designate an authorized agent to submit requests on your behalf. The agent must provide proof of authorization, and we may require you to verify your identity and confirm the agent’s authority.

D. Non-Discrimination

We will not discriminate against you for exercising your privacy rights by:

  • Denying you goods or services

  • Charging you different prices or rates for goods or services

  • Providing you a different level or quality of goods or services

  • Suggesting that you may receive a different price, rate, level, or quality of goods or services

  • We may offer financial incentives or different prices, rates, levels, or quality of goods or services if the difference is reasonably related to the value of your personal information. Any such programs will be voluntary, and we will provide clear terms and conditions.

V. CHILDREN’S PRIVACY

A. Age Restrictions and COPPA Compliance

Minimum Age: Our services are not intended for children under thirteen (13) years of age. We do not knowingly collect personal information from children under 13 without verifiable parental consent as required by the Children’s Online Privacy Protection Act (COPPA).

Enhanced COPPA Requirements: In compliance with updated COPPA requirements effective April 22, 2026, we implement enhanced protections for children’s personal information, including expanded definitions of personal information that encompass biometric identifiers and other sensitive data categories.

Parental Consent for Teens: For users between thirteen (13) and seventeen (17) years of age, we require verifiable parental consent before collecting, using, or disclosing any personal information, including for account creation, booking services, and any data processing activities.

B. Parental Consent Process

Consent Methods: We obtain verifiable parental consent through methods that reasonably ensure the person providing consent is the child’s parent or guardian, including credit card verification, digital signature, or other reliable verification methods.

Consent Scope: Parental consent covers all data collection, use, and disclosure activities related to the minor’s use of our services, including account creation, booking activities, communication, and any marketing or advertising activities.

Consent Withdrawal: Parents may withdraw consent at any time by contacting us at support@outreserve.com. Upon withdrawal of consent, we will cease collecting, using, or disclosing the child’s personal information and will delete existing information unless retention is required by law.

C. Parental Rights and Controls

Access and Review: Parents have the right to review the personal information we have collected from their child and to request that we delete such information.

Disclosure Limitations: We will not disclose children’s personal information to third parties except as necessary for service delivery, safety purposes, or as required by law.

Marketing Restrictions: We do not engage in targeted advertising or marketing to users under 18 years of age, and we do not sell or share personal information of minors for advertising purposes.

D. Detection and Response

Age Detection: If we learn that we have collected personal information from a child under 13 without verifiable parental consent, or from a teen without required parental consent, we will take steps to delete such information as quickly as possible.

Reporting Mechanism: If you believe we have collected information from a child in violation of this policy, please contact us immediately at support@outreserve.com so we can investigate and take appropriate action.

VI. DATA SECURITY AND RETENTION

A. Security Measures

Technical Safeguards: We implement industry-standard technical safeguards to protect your personal information, including encryption in transit and at rest, secure data storage systems, access controls, and regular security monitoring.

Administrative Safeguards: We maintain administrative safeguards including employee training, background checks for personnel with access to personal information, confidentiality agreements, and incident response procedures.

Physical Safeguards: Our service providers implement physical safeguards including secure data centers, restricted access controls, and environmental protections for servers and storage systems.

Payment Security: Payment information is processed and stored by PCI DSS compliant payment processors. We do not store full credit card numbers and only retain tokenized payment information necessary for transaction processing.

Ongoing Monitoring: We continuously monitor our systems for security threats, conduct regular security assessments, and update our security measures to address evolving risks and threats.

B. Data Protection Assessments

High-Risk Processing: We conduct comprehensive data protection assessments for all high-risk processing activities, including targeted advertising, data sales or sharing, and any processing that presents heightened privacy risks to consumers.

Assessment Scope: Our data protection assessments evaluate the benefits and risks of processing activities, consider safeguards and mitigation measures, and ensure compliance with applicable privacy law requirements.

Regular Review: We regularly review and update our data protection assessments to reflect changes in our processing activities, technology implementations, and applicable legal requirements.

C. Data Retention Periods

Transaction and Booking Data: We retain booking information, payment records, and payout data for five (5) to seven (7) years to comply with financial recordkeeping requirements, tax obligations, and dispute resolution needs.

Support and Communication Records: We retain customer support tickets, communication logs, and service interaction records for twelve (12) to twenty-four (24) months to provide ongoing support and resolve service issues.

Security and Fraud Prevention Data: We retain fraud prevention logs, security incident records, and risk assessment data for twelve (12) to thirty-six (36) months to maintain platform security and prevent fraudulent activity.

Analytics and Advertising Data: We retain analytics data, advertising performance metrics, and user interaction logs for twelve (12) to fourteen (14) months to measure service performance and optimize user experience.

Identity Verification Records (Future): When implemented, we will retain identity verification results and background check outcomes for twelve (12) to sixty (60) months as required for ongoing verification and compliance purposes.

Messaging Data (Future): When messaging functionality is implemented, we will retain message content and communication records for twelve (12) to twenty-four (24) months to facilitate ongoing conversations and resolve disputes.

D. Account Deletion and Data Anonymization

Account Deletion Process: When you request account deletion, we will delete or anonymize your personal information where technically feasible, while retaining records necessary for legal compliance, tax obligations, fraud prevention, and dispute resolution.

Required Record Retention: We may retain certain information after account deletion as required by law, including transaction records for tax and financial reporting, fraud prevention data for security purposes, and dispute-related information for legal protection.

Review Anonymization: Public reviews you have posted will be anonymized by removing identifying information while preserving the review content for the benefit of future users, unless you specifically request complete removal.

Data Anonymization Standards: We implement technical and administrative measures to ensure that anonymized data cannot reasonably be used to identify you, including removal of direct identifiers and implementation of aggregation techniques.

VII. INTERNATIONAL DATA TRANSFERS

A. Data Processing Location

Primary Processing: Your personal information is primarily processed and stored in the United States using infrastructure and service providers located within the United States.

Service Provider Locations: Some of our service providers may process your information in other countries as part of their global operations, subject to appropriate safeguards and data protection measures.

Future International Expansion: As we expand our services internationally, we may process personal information in additional countries while maintaining appropriate data protection standards.

B. Transfer Safeguards

Adequacy Determinations: When transferring personal information to countries with adequacy determinations, we rely on such determinations as the legal basis for transfer.

Standard Contractual Clauses: For transfers to countries without adequacy determinations, we implement standard contractual clauses or other approved transfer mechanisms to ensure appropriate data protection.

Additional Safeguards: We may implement additional technical, administrative, and legal safeguards to protect personal information during international transfers, including encryption, access controls, and contractual protections.

C. Cross-Border Data Sharing

Host/Operator Transfers: When you book accommodations with hosts or operators located in other countries, your booking information may be transferred to and processed in those countries subject to local data protection laws.

Service Provider Networks: Our service providers may operate global networks that involve cross-border data transfers as part of their service delivery, subject to appropriate contractual protections.

Legal Compliance: International data transfers may be necessary to comply with legal obligations, respond to legal processes, or protect safety and security across jurisdictions.

VIII. PUBLIC CONTENT AND USER-GENERATED CONTENT

A. Public Reviews and Ratings

Public Nature: Reviews and ratings you submit about properties and hosts are public and may be viewed by other users, search engines, and the general public.

Anonymity Options: You may choose to post reviews anonymously by selecting the anonymous option when submitting your review. Anonymous reviews will not display your name or profile information.

Content Responsibility: You are responsible for the content of your reviews and should not include sensitive personal information, private details about your stay, or information that could identify other guests.

Review Retention: Reviews remain public even after account deletion unless you specifically request removal. We may anonymize reviews by removing identifying information while preserving the review content.

B. User-Generated Images and Content

Image Uploads: You may upload images related to your bookings or property listings. These images may be displayed publicly on our platform and associated with your account or listing.

Content Moderation: We do not pre-screen user-generated content but reserve the right to remove content that violates our terms of service or applicable laws. We may implement automated or manual content moderation in the future.

Intellectual Property: By uploading content, you grant us a license to use, display, and distribute such content in connection with our services. You represent that you have the right to upload and share such content.

Privacy Warnings: We strongly advise against including sensitive personal information, private details, or identifying information about other individuals in any public content you post.

C. Content Removal and Management

Removal Requests: You may request removal of your public content by contacting us at support@outreserve.com We will consider removal requests while balancing user rights with the interests of other users and platform integrity.

Legal Removal: We may remove content in response to legal requirements, court orders, or to comply with applicable laws and regulations.

Platform Integrity: We reserve the right to remove content that threatens platform integrity, user safety, or violates our community standards, regardless of privacy implications.

IX. CONTACT INFORMATION

A. Privacy Inquiries and Requests

Primary Contact: For all privacy-related inquiries, rights requests, and concerns, please contact us at:

  • Email: support@outreserve.com

  • Web Form: https://outreserve.com/contact

  • Business Hours: 9 AM PST- 6 PM PST

Mailing Address:

OutReadyLLC 57 Meadow View Rd Orinda, California, 94563 United States of America

B. Regulatory Contacts

Delaware Department of Justice: For Delaware residents, you may also contact the Delaware Department of Justice regarding privacy matters at privacy@delaware.gov.

State-Specific Contacts: Residents of other states may have additional regulatory contacts available. Please see our US State Privacy Addendum for state-specific contact information.

C. Response Commitments

Response Timeline: We will acknowledge receipt of your inquiry within two (2) business days and provide a substantive response within forty-five (45) days, with possible extension as permitted by applicable law.

Escalation Process: If you are not satisfied with our response to your privacy inquiry, you may request escalation to our privacy officer or legal team by clearly marking your communication as an escalated privacy matter.

X. CHANGES TO THIS POLICY

A. Policy Updates

Notification of Changes: We may update this Privacy Policy from time to time to reflect changes in our practices, services, legal requirements, or other factors. We will notify you of material changes through email, platform notifications, or other appropriate means.

Effective Date: Changes to this Privacy Policy will become effective on the date specified in the updated policy. Your continued use of our services after the effective date constitutes acceptance of the updated policy.

Material Changes: For material changes that significantly affect your privacy rights or our data practices, we may seek your explicit consent or provide additional notice as required by applicable law.

B. Version Control

Policy Versioning: We maintain version control for our Privacy Policy and will make previous versions available upon request for your reference and comparison.

Change Documentation: We document the nature and scope of policy changes to ensure transparency and compliance with applicable notice requirements.

C. Ongoing Compliance

Legal Updates: We monitor changes in applicable privacy laws and regulations and update our Privacy Policy as necessary to maintain compliance with evolving legal requirements.

Best Practices: We regularly review and update our privacy practices to align with industry best practices and emerging privacy standards.

US STATE PRIVACY ADDENDUM

Effective Date: March 20, 2026

Last Updated: March 20, 2026

I. STATE-SPECIFIC RIGHTS AND DISCLOSURES

A. Applicable State Laws

This addendum provides additional information and rights for residents of states with comprehensive privacy laws, including but not limited to:

  • California (California Consumer Privacy Act/California Privacy Rights Act)

  • Delaware (Delaware Personal Data Privacy Act)

  • Virginia (Virginia Consumer Data Protection Act)

  • Colorado (Colorado Privacy Act)

  • Connecticut (Connecticut Data Privacy Act)

  • Utah (Utah Consumer Privacy Act)

  • Iowa (Iowa Consumer Data Protection Act)

  • Indiana (Indiana Consumer Data Protection Act)

  • Tennessee (Tennessee Information Protection Act)

  • Montana (Montana Consumer Data Privacy Act)

  • Texas (Texas Data Privacy and Security Act)

  • Oregon (Oregon Consumer Privacy Act)

  • Florida (Florida Digital Bill of Rights)

  • New Hampshire (New Hampshire Privacy Act)

  • Nebraska (Nebraska Data Privacy Act)

  • Maryland (Maryland Online Data Privacy Act)

  • Minnesota (Minnesota Consumer Data Privacy Act)

  • New Jersey (New Jersey Privacy Rights Act)

  • Illinois (Illinois Personal Information Protection Act)

  • Alaska (Alaska Personal Information Protection Act)

B. Universal Consumer Rights

Right to Know: You have the right to know what personal information we collect, use, disclose, and sell about you.

Right to Access: You have the right to request access to the specific pieces of personal information we have collected about you.

Right to Correct: You have the right to request correction of inaccurate personal information we maintain about you.

Right to Delete: You have the right to request deletion of personal information we have collected from you, subject to certain exceptions.

Right to Data Portability: You have the right to receive your personal information in a portable format.

Right to Opt Out of Sales and Sharing: You have the right to opt out of the sale or sharing of your personal information.

Right to Opt Out of Targeted Advertising: You have the right to opt out of targeted advertising.

Right to Limit Sensitive Personal Information: You have the right to limit the use and disclosure of sensitive personal information.

Right to Non-Discrimination: You have the right not to be discriminated against for exercising your privacy rights.

II. DELAWARE-SPECIFIC PROVISIONS

A. Delaware Personal Data Privacy Act (DPDPA) Rights

Enhanced Consumer Rights: Delaware residents have comprehensive privacy rights under the Delaware Personal Data Privacy Act, including all universal rights listed above with specific Delaware protections.

Data Minimization: We process personal data in accordance with Delaware’s data minimization requirements, collecting only information that is adequate, relevant, and reasonably necessary for disclosed purposes.

Sensitive Data Protections: We provide enhanced protections for sensitive personal data as defined under Delaware law, including biometric data, precise geolocation data, and personal data revealing racial or ethnic origin, religious beliefs, or sexual orientation.

Controller Obligations: As a data controller under Delaware law, we maintain appropriate technical and organizational measures to ensure data security and comply with all DPDPA requirements.

B. Delaware-Specific Disclosures

Processing Purposes: We process personal data for the specific, explicit, and legitimate purposes disclosed in our Privacy Policy, in accordance with Delaware’s purpose limitation requirements.

Data Retention: We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by law, consistent with Delaware’s storage limitation principles.

Third-Party Processing: We ensure that third-party processors provide sufficient guarantees regarding implementation of appropriate technical and organizational measures to meet Delaware law requirements.

C. Delaware Enforcement and Compliance

Delaware Department of Justice: The Delaware Department of Justice has exclusive authority to enforce the DPDPA. Delaware residents may contact the Delaware DOJ at privacy@delaware.gov regarding privacy concerns.

Cure Period: Until December 31, 2025, Delaware provides a 60-day cure period for DPDPA violations. After this date, violations may result in immediate enforcement action.

Consumer Fraud Act: Violations of the DPDPA constitute violations of Delaware’s Consumer Fraud Act, providing additional consumer protections and remedies.

D. Delaware Contact Information

Delaware-Specific Inquiries:

  • Email: support@outreserve.com (Subject: Delaware Privacy Rights)

  • Delaware DOJ: privacy@delaware.gov

  • Web Form: https://outreserve.com/contact

III. CALIFORNIA-SPECIFIC PROVISIONS

A. California Consumer Privacy Act (CCPA/CPRA) Rights

Comprehensive Rights Framework: California residents have extensive privacy rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act, including enhanced rights regarding sensitive personal information.

Sensitive Personal Information: We provide specific protections for sensitive personal information as defined under California law, including Social Security numbers, driver’s license numbers, financial account information, precise geolocation data, and biometric information.

Automated Decision-Making: If we engage in automated decision-making that produces legal or similarly significant effects, California residents have the right to request information about the logic involved and to contest such decisions.

B. California-Specific Disclosures

Categories of Personal Information: We collect and process the following categories of personal information as defined under California law:

  • Identifiers (names, email addresses, IP addresses)

  • Commercial information (booking history, preferences)

  • Internet or network activity (browsing behavior, interactions)

  • Geolocation data (approximate location via IP address)

  • Audio, electronic, visual, or similar information (profile photos, property images)

  • Professional or employment-related information (for hosts/operators)

  • Inferences drawn from personal information

Business Purposes: We use personal information for business purposes including service delivery, fraud prevention, security, analytics, and advertising as detailed in our main Privacy Policy.

Commercial Purposes: We may use personal information for commercial purposes including marketing, advertising, and business development activities.

C. California Consumer Rights Exercise

Verification Process: We implement reasonable verification procedures for California consumer rights requests, which may include requesting additional information to confirm identity.

Authorized Agents: California residents may designate authorized agents to submit requests on their behalf, subject to verification of the agent’s authority.

Response Timeline: We respond to verified California consumer requests within 45 days, with possible extension of an additional 45 days for complex requests.

D. California Contact Information

California-Specific Inquiries:

  • Email: support@outreserve.com (Subject: California Privacy Rights)

  • Web Form: https://outreserve.com/contact

IV. MULTI-STATE COMPLIANCE FRAMEWORK

A. Harmonized Rights Implementation

Consistent Standards: We implement privacy rights consistently across all applicable state jurisdictions, generally applying the most protective standards where laws differ.

Universal Opt-Out Recognition: Beginning January 1, 2026, we will recognize universal opt-out signals in all states that require such recognition, including California, Colorado, Delaware, Maryland, Minnesota, Montana, New Jersey, New Hampshire, Texas, Connecticut, and Oregon.

Data Protection Assessments: We conduct comprehensive data protection assessments for high-risk processing activities as required by applicable state laws, including processing that presents heightened risk of harm to consumers.

B. State-Specific Variations

Age-Related Protections: Some states provide enhanced protections for minors. We comply with the most restrictive applicable requirements for users under 18 years of age.

Sensitive Data Categories: Different states define sensitive personal information differently. We apply protective measures that meet or exceed requirements across all applicable jurisdictions.

Enforcement Mechanisms: Each state has different enforcement mechanisms and penalties. We maintain compliance programs designed to meet requirements across all applicable jurisdictions.

C. Ongoing Compliance Monitoring

Legal Updates: We continuously monitor changes in state privacy laws and update our practices to maintain compliance with evolving requirements.

Multi-State Coordination: We coordinate our privacy compliance efforts across all applicable state jurisdictions to ensure consistent protection for all users.

Best Practices Implementation: We implement privacy best practices that often exceed minimum legal requirements to provide enhanced protection for all users.

V. STATE-SPECIFIC CONTACT INFORMATION

A. General Privacy Inquiries

Primary Contact for All States:

  • Email: support@outreserve.com

  • Web Form: https://outreserve.com/contact

  • Business Hours: 9 AM PST - 6PM PST

Mailing Address:

OutReserve LLC 57 Meadow View Rd Orinda, California, 94563

B. Regulatory Contacts by State

  • Delaware: Delaware Department of Justice - privacy@delaware.gov

  • California: California Privacy Protection Agency - contact information available at cppa.ca.gov

  • Virginia: Virginia Attorney General’s Office - consumer protection division contact information available at oag.state.va.us

  • Colorado: Colorado Attorney General’s Office - consumer protection information available at coag.gov

  • Connecticut: Connecticut Attorney General’s Office - consumer protection information available at ct.gov/ag

  • Other States: Contact information for additional state regulatory authorities is available upon request and through state government websites.

C. Escalation and Dispute Resolution

Internal Escalation: If you are not satisfied with our response to your privacy inquiry, you may request escalation by clearly marking your communication as “Privacy Rights Escalation.”

Regulatory Complaints: You have the right to file complaints with applicable state regulatory authorities regarding our privacy practices.

Alternative Dispute Resolution: We may offer alternative dispute resolution mechanisms for privacy-related disputes as permitted by applicable law.