Log in Get started
Legal

Data Processing Addendum

Last updated: April 2026

Overview

This Data Processing Addendum describes how Vesta OS processes customer personal data when providing the Services. It applies where Vesta OS processes personal data on behalf of a customer under applicable privacy or data protection laws.

Roles of the Parties

For customer personal data submitted to Vesta OS for the purpose of providing the Services, the customer is generally the controller or business, and Vesta OS is generally the processor or service provider.

Scope of Processing

Vesta OS processes customer personal data only as necessary to provide, maintain, secure, support, and improve the Services; comply with customer instructions; fulfill contractual obligations; and comply with applicable law.

Categories of Data

Customer personal data may include user account information, guest contact information, reservation details, guest communications, property information, vendor and task assignment information, photos, QA records, pricing, settlement, support, operational records, system logs, and usage data.

Categories of Data Subjects

Data subjects may include customer personnel, authorized users, guests, prospective guests, property owners, vendors, cleaners, maintenance providers, contractors, and support contacts.

Processing Activities

Processing activities may include hosting, storage, transmission, retrieval, analysis, classification, automation, AI-assisted generation, workflow routing, quality assurance, support, security monitoring, reporting, and deletion.

Customer Instructions

Vesta OS will process customer personal data in accordance with the customer’s documented instructions, including the agreement, product settings, integration configurations, and written instructions.

Security Measures

Vesta OS will maintain reasonable technical and organizational measures designed to protect customer personal data against unauthorized access, accidental loss, destruction, alteration, or disclosure.

Subprocessors

Vesta OS may engage subprocessors to provide infrastructure, hosting, analytics, communication, support, AI, security, payment, and other services necessary to operate Vesta OS.

Data Return and Deletion

Upon termination of the Services, Vesta OS will delete or return customer personal data in accordance with the agreement, product functionality, and applicable law, unless retention is required for legal, security, backup, or legitimate business purposes.

Contact

For questions about this Data Processing Addendum, please contact us through the contact information provided on our website.

This page is provided for general information and does not constitute legal advice.