VeriStayBack

Privacy Policy

Last updated: 2026-04-18

Who we are

VeriStay is a short-term-rental verification tool operated by Barrera Edmonds AI. It lets property owners verify guests and cleaners before handing over access. Contact: privacy@veristay.host.

What we collect

  • Identity document — a photograph of your government-issued ID (driver's licence, passport, etc.) captured through the app or web portal. We extract your name, date of birth, and document expiry via OCR.
  • Face images — a live photo captured during the liveness check (blink/head-turn + smile) and a frame taken during selfie capture. Used only to confirm you are the person on the ID.
  • Face match score — a numerical similarity score between your ID photo and your selfie. We do not retain face biometric templates.
  • Contact details — name, email, and phone number supplied by the property owner when inviting you.
  • Visit records — check-in and check-out timestamps, entry/exit condition photos, and messages exchanged with the property owner.
  • Diagnostic data — aggregate metrics about verification attempts (timings, image quality scores, device type). Used to improve the verification flow. No raw photos are included in diagnostics.

How we use it

  • To verify your identity before granting property access.
  • To give property owners a record of who has been in their property and when.
  • To detect fraudulent or failed verifications.
  • To improve verification accuracy through anonymised diagnostic analysis.

We do not sell your data. We do not use it for advertising.

Third parties

We share the minimum necessary data with these service providers:

  • Google Cloud Vision — optical character recognition on your ID photo. The image is transmitted to Google for OCR and is not retained by Google for their own purposes (data policy).
  • Firebase Cloud Messaging (Google) — push notifications when a verification is approved or a message arrives.
  • Stripe — billing the property owner (no guest payment data collected).
  • Amazon Web Services — our hosting provider. Data is stored in AWS Sydney (ap-southeast-2).

How long we keep it

  • ID photos and face images: retained for the duration of the property owner's account, or until you request deletion, whichever is sooner.
  • Visit records and messages: retained for 3 years for dispute-resolution purposes, then deleted.
  • Diagnostic metrics: retained for 12 months in anonymised form.

Your rights

You can ask us to:

  • Show you a copy of the data we hold about you.
  • Correct any inaccurate data.
  • Delete your verification records.
  • Withdraw consent for future verification.

Email privacy@veristay.host and we will respond within 30 days.

Security

Data in transit is encrypted with TLS. Data at rest is stored in encrypted databases. ID photos and selfies are stored on disk with filesystem permissions restricted to the application process. We use randomly-generated verification codes and server-issued bearer tokens — no passwords are stored for guest or cleaner accounts.

Children

VeriStay is not intended for use by anyone under 18. If you believe a minor has submitted verification data, contact us and we will delete it.

Changes

We will update this page when our practices change. The "Last updated" date at the top reflects the most recent revision.