Eco-Credit
Sign inBook Demo

Privacy Policy

Last updated: May 21, 2026

1. Introduction

Welcome to Eco-Credit ("we", "our", or "us"). We are dedicated to respecting and protecting the privacy of our hoteliers, staff, and their guests. This Privacy Policy describes how we collect, use, store, and share information in connection with the Eco-Credit sustainable hospitality platform, including our integration with the Mews Property Management System (PMS) and our public website.

By using Eco-Credit, you agree to the collection and use of information in accordance with this policy. If you have any questions, please contact us at privacy@eco-credit.io.

2. Information We Collect

To provide our automated reward incentive engine, we process specific categories of data collected directly from partner hotels via the Mews API:

  • Hotel & Configuration Data: Hotel name, address, time zone, currency, room counts, and custom setup metrics regarding baseline housekeeping utility costs.
  • Housekeeping Status Logs: Information regarding cleanings marked as "skipped", "delayed", or "completed" corresponding to specific rooms, to calculate credit accruals.
  • Guest Reservation Identifiers: Tokenized, non-reversible guest identifiers, checkout dates, and opt-in choices for the Eco-Credit program. We minimize the handling of direct personally identifiable information (PII) to safeguard guest identity.
  • Financial & Savings Tracking: Calculated energy, water, and laundry savings totals used to generate automated credits and compile hotel-wide ESG impact reports.

3. How We Use Your Information

We use the collected information for the following core operations:

  • To automate and verify guest credit payouts through native Mews PMS voucher and ledger actions.
  • To display live sustainability achievements and performance metrics in the Eco-Credit Dashboard.
  • To measure, model, and report cumulative environmental metrics (CO2 offset, water saved, soap waste reduction).
  • To prevent fraud, secure active API webhooks, and ensure system safety.

4. Data Sharing and Transfer

We never sell, rent, or trade your personal data. We only share information under strict compliance conditions:

  • With Mews Systems: Transactions and credit allocations are synced back directly via authorized Mews API channels.
  • Infrastructure Providers: We use Supabase (built on AWS) for secure cloud database hosting and data processing. Supabase conforms to SOC2 Type II certifications.
  • Legal Mandates: Where required by law to comply with judicial processes, court orders, or administrative requests.

5. Data Security & Storage

Eco-Credit takes security seriously. All data in transit is encrypted using industry-standard TLS 1.3, and all stationary database instances utilize AES-256 transparent encryption. Access control rules are strictly enforced at the database level using Supabase Row-Level Security (RLS) to ensure that no hotel can ever access another hotel's data.

6. Cookies & Trackers

Our platform uses essential session state cookies to keep dashboard administrators logged in and manage API authorization. We do not use cross-site trackers or sell browser tracking behaviors. For detailed cookie information, please refer to our Cookie Policy.

7. Your GDPR & CCPA Rights

Depending on your location, you and your guests may have specific rights regarding personal data:

  • The right to access, update, or delete the tokenized logs stored in our databases.
  • The right to withdraw consent from housekeeping opt-ins at any stage of the guest journey.
  • The right to lodge complaints with local data protection authorities regarding data handling procedures.

8. Contact Us

For questions about our data security or processing policies, or to execute your privacy rights:

Eco-Credit Security & DPO TeamEmail: privacy@eco-credit.io