← HostPayout

Security

Plain-English notes on how HostPayout handles account and transaction data.

No platform credentials required

We never ask for your Airbnb, Vrbo, or Booking.com username or password. You export CSVs yourself and upload them manually.

Encryption in transit and at rest

Traffic to the app uses HTTPS, and application data is stored in managed infrastructure designed for encrypted transport and encrypted storage.

Row-level access controls

Application data is stored behind row-level security rules so each signed-in account can access only its own records.

CSV imports power the product

The product is intentionally simple: upload CSVs, standardize transactions, review categories and assignments, and see profit. It is not a PMS and it is not bookkeeping software.

Amounts stay deterministic

Income, fees, expenses, and net profit come from CSV parsing and user-reviewed edits. LLMs, if introduced later, must never compute, infer, transform, or alter payout, fee, expense, currency, or profit amounts.

Suggestions stay reviewable

HostPayout may suggest property or category mappings from saved rules and confirmed corrections, but users can review, override, and correct those suggestions.

Account deletion is user-controlled

You can delete your account from Settings. That removes your working app data, while some imported file content may be retained in anonymized form for parser reliability.

Found a security issue? Report it to security@hostpayout.com.