Privacy Policy

1. Information we collect and how we use it

In the future, we may offer services that do not require you to register for an account or provide any personal information to us, such as a search or reporting service. Currently, for our flagship service, we require users to register. In order to provide our full range of services, we may collect the following types of information:

2. Choices for personal information

Information you provide

When you sign up for Epiqhost service or promotion that requires registration, we ask you for personal information (such as your name, email address and an account password).  We will use your email address to send you communications, including but not limited to account updates, newsletters, promotional offers, and information about new features or services. You may opt out of these communications at any time using the unsubscribe button at the bottom of the message. We also request credit card or other payment account information which we may maintain in encrypted form on secure servers. We may combine the information you submit under your account with information from other Epiqhost services or third parties in order to provide you with a better experience and to improve the quality of our services. For certain services, we may give you the opportunity to opt out of combining such information. 

Epiqhost cookies

When you visit Epiqhost, we send one or more cookies - a small file containing a string of characters - to your computer that uniquely identifies your browser. We use cookies to improve the quality of our service by storing user preferences and tracking user trends, such as how people search. Most browsers are initially set up to accept cookies, but you can reset your browser to refuse all cookies or to indicate when a cookie is being sent. However, some Epiqhost features and services may not function properly if your cookies are disabled.

Log information

When you use Epiqhost services, our servers automatically record information that your browser sends whenever you visit a website. These server logs may include information such as your web request, Internet Protocol address, browser type, browser language, the date and time of your request and one or more cookies that may uniquely identify your browse.

User communications

When you send email or other communication to Epiqhost, we may retain those communications in order to process your inquiries, respond to your requests and improve our services.

Affiliated sites

We may offer services in connection with other web sites. Personal information that you provide to those sites may be sent to Epiqhost in order to deliver the service. We process such information in accordance with this Policy. The affiliated sites may have different privacy practices and we encourage you to read their privacy policies.

Links

Epiqhost may present links in a format that enables us to keep track of whether these links have been followed. We use this information to improve the quality of our services. For more information about links and redirected URLs, please see our FAQs.

Other sites

This Privacy Policy applies to web sites and services that are owned and operated by Epiqhost. We do not exercise control over the sites displayed as search results or links from within our various services. These other sites may place their own cookies or other files on your computer, collect data or solicit personal information from you. Epiqhost only processes personal information for the purposes described in the applicable Privacy Policy and/or privacy notice for specific services. In addition to the above, such purposes include:

• Providing our products and services to users, including the display of customized content and advertising;
• Auditing, research and analysis in order to maintain, protect and improve our services;
• Ensuring the technical functioning of our network; and
• Developing new services.

You can find more information about how we process personal information by referring to the privacy notices for particular services. Epiqhost processes personal information on our servers in the United States of America and in other countries. In some cases, we may process personal information on a server outside your own country. We may process personal information to provide our own services. In some cases, we may process personal information on behalf of and according to the instructions of a third party, such as our advertising partners.

Choices for personal information:
When you sign up for a particular service that requires registration, we ask you to provide personal information. If we use this information in a manner different than the purpose for which it was collected, then we will ask for your consent prior to such use.

If we propose to use personal information for any purposes other than those described in this Policy and/or in the specific service notices, we will offer you an effective way to opt out of the use of personal information for those other purposes. We will not collect or use sensitive information for purposes other than those described in this Policy and/or in the specific service notices, unless we have obtained your prior consent.

You can decline to submit personal information to any of our services, in which case Epiqhost may not be able to provide those services to you.

3. Information sharing

Information sharing

Epiqhost does not share personal information (such as phone numbers, email addresses, names, or any other identifiable information) with other companies or individuals outside of Epiqhost, except in the following limited circumstances:

• With your consent. We require opt-in consent for sharing of any personally identifiable information. Consent may be provided explicitly in writing, by checking a box on an online consent form, or by connecting a third-party integration to your account.
• When disclosure of such information is reasonably necessary to:
• satisfy any applicable law, regulation, legal process, or enforceable governmental request,
• enforce applicable Terms of Service, including investigating potential violations,
• detect, prevent, or address fraud, security, or technical issues, or
• protect against imminent harm to the rights, property, or safety of Epiqhost, its users, or the public as required or permitted by law.

Aggregated, non-personally identifiable information may be shared with our partners for purposes such as advertising or negotiating better rates for our customers. Such information does not identify you individually. Please contact us at the address below for any additional questions about the management or use of personal data.

4. Information security

Information security

We take appropriate security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data. These include internal reviews of our data collection, storage and processing practices and security measures, as well as physical security measures to guard against unauthorized access to systems where we store personal data. We restrict access to personal information to Epiqhost employees, contractors and agents who need to know that information in order to operate, develop or improve our services. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.

5. Data integrity

Data integrity

Epiqhost processes personal information only for the purposes for which it was collected and in accordance with this Policy or any applicable service-specific privacy notice. We review our data collection, storage and processing practices to ensure that we only collect, store and process the personal information needed to provide or improve our services. We take reasonable steps to ensure that the personal information we process is accurate, complete, and current, but we depend on our users to update or correct their personal information whenever necessary.

6. Accessing and updating personal information

Accessing and updating personal information

When you use Epiqhost's services, we make good faith efforts to provide you with access to your personal information and either to correct this data if it is inaccurate or to delete such data at your request if it is not otherwise required to be retained by law or for legitimate business purposes. We ask individual users to identify themselves and the information requested to be accessed, corrected or removed before processing such requests, and we may decline to process requests that are unreasonably repetitive or systematic, require disproportionate technical effort, jeopardize the privacy of others, or would be extremely impractical (for instance, requests concerning information residing on backup tapes), or for which access is not otherwise required. In any case where we provide information access and correction, we perform this service free of charge, except if doing so would require a disproportionate effort. Some of our services have different procedures to access, correct or delete users' personal information. We provide the details for these procedures in the specific privacy notices or FAQs for these services.

7. Enforcement

Enforcement
Epiqhost regularly reviews its compliance with this Policy. Please feel free to direct any questions or concerns regarding this Policy or Epiqhost's treatment of personal information by contacting us through this website or by writing to us at Privacy Matters, c/o Epiqhost, 1603 Capitol Ave Suite 415 #81829, Cheyenne, WY 82001. When we receive formal written complaints at this address, Epiqhost's policy is to contact the complaining user regarding his or her concerns. We will cooperate with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of personal data that cannot be resolved between Epiqhost and an individual.

8. Changes to this policy

Changes to this policy
Please note that this Privacy Policy may change from time to time. We will not . . reduce your rights under this Policy without your explicit consent, and we expect most such changes will be minor. Regardless, we will post any Policy changes on this page and, if the changes are significant, we will provide a more prominent notice (including, for certain services, email notification of Policy changes). Each version of this Policy will be identified at the top of the page by its effective date, and we will also keep prior versions of this Privacy Policy in an archive for your review. If you have any additional questions or concerns about this Policy, please feel free to contact us any time through this web site or at Privacy Matters, c/o Epiqhost, 1603 Capitol Ave Suite 415 #81829, Cheyenne, WY 82001.

9. Epiqhost and GDPR

Epiqhost and GDPR
The General Data Protection Regulation (GDPR) is a European Union regulation governing the privacy of consumer data.
Epiqhost, Inc. is a US-based company, with no subsidiaries or legally-registered operations in the European Union. As such, we are not directly subject to European regulations.
However, our European clients are. As such, Epiqhost has been designed to be compliant with the requirements of the GDPR.

First, to resolve one common misunderstanding - the GDPR doesn't require a consent checkbox for the use of personally identifiable information (PII). A consent checkbox is one way, perhaps the most common one, to bypass all other GDPR restrictions and do whatever you want with the data -- track them with cookies and Google Analytics, add them to mailing lists etc. (as the data subject has given consent to that).
But, the GDPR allows the use of PII for necessary operations without a checkbox. Consent is only required for unnecessary data collection, and we carefully only collect necessary data from your guests during the booking process. Our booking widgets, and the overall Epiqhost booking process, is built with good data-handling requirements and best practices in mind. We designed the flow years ago before GDPR was even an idea, but because we are a company that values privacy, it follows the same principles as the GDPR of minimum data usage and progressive collection of data as more is needed to complete an operation:

1. A guest can come to the widget and enter just dates, or dates and guest counts, and get a quote without providing any PII at all.
2. If after seeing the quote, the guest chooses to continue the booking process, either by sending inquiry or starting an instant book, the name, phone, and email are collected so that the guest can receive the quote and be communicated with during the booking process. The guest has clearly communicated their intent to send an inquiry or book the property at that point by entering their email address and clicking the button labeled "Send Inquiry" or "Book Now". You can't respond to an inquiry without an email address, neither can you book without an email address, so that's a required bit of information to collect - which is allowed by the . GDPR.
3. During the reservation process, no other information is sent to Epiqhost until after the guest has signed the renter agreement and pressed the final "confirm" button at the end of the process to run the booking. The signed rental agreement, just as with a common checkbox, provides you all necessary legal authority to receive and use the guest's PII under GDPR rules. Any additional information that the guest enters during the booking process is not saved by Epiqhost until they press that "confirm" button in the final step. You can verify this by creating a quote with yourself as a guest and walking through the process.

The acceptances are kept on record with dates in the form of the inquiry/quote/ booking/signed-agreement records for the guest in Epiqhost. Upon receipt of a data removal request, it is straightforward for you to pull up Epiqhost, search for the guest by name or email and remove any PII from their record. Epiqhost is not designed as a bulk email marketing program, and cannot be used for that purpose. It is of course possible for you to export data collected through Epiqhost and then to use that in any other marketing system you prefer, but in that case, you are responsible for following all applicable regulations in your local jurisdiction. This is not an Epiqhost function. At the least, you should be getting separate consent for the use of their data in a mailing list, and provide a clear, effective means for them to unsubscribe. Most major email marketing systems (e.g. Constant Contact, MailChimp, etc.) provide these functions and are themselves compliant with GDPR requirements.

Messaging Policy



Everyone expects that the messages they want to receive will reach them unhindered by filtering or other blockers. An important step that Epiqhost customers can take to make that expectation a reality is to prevent and eliminate unwanted messages. Towards that end, we desire to work with our customers so that messages are sent with the consent of the message recipient and that those messages comply with applicable laws, communications industry guidelines or standards, and measures of fairness and decency. Beyond desires and good intentions, Epiqhost is contractually and legally obligated to operate within certain requirements by our messaging partners and carriers. This Messaging Policy strives to clarify those requirements so our customers operate under the same guidelines. Epiqhost treats all messaging transmitted via Epiqhost's platform - regardless of medium (e.g., email or SMS), delivery method, use case, or type (e.g., personal or business) - as Application-to-Person (A2P) messaging. All A2P messages originating from Epiqhost are subject to this Messaging Policy, which covers rules and prohibitions regarding:

• Consent ("opt-in")
• Revocation of Consent ("opt-out")
• Sender Identification
• Messaging Usage
• Filtering Evasion
• Fines & Enforcement

This policy applies to all customers who use Epiqhost's messaging channels and all forms of messaging, including:

• Email
• SMS
• Airbnb platform
• Vrbo platform
• Booking.com platform

 If you provide your guests or clients with the ability to send messages through Epiqhost or use integrated services (e.g., a partner messaging app that integrates with Epiqhost), you are responsible for the messaging activity of those integrated services. You must ensure that any messaging activity generated by your integrated services complies with Epiqhost policies.

Consent / Opt-in

Proper Consent

 Consent can't be bought, sold, or exchanged. For example, you can't obtain the consent of message recipients by purchasing an email address list or phone list from another party. Aside from two exceptions noted later in this section, you must meet each of the consent requirements listed below. If you are a third-party app or integrated partner using Epiqhost's platform for messaging, you must require your users to adhere to these same requirements when dealing with their customers, guests, and contacts.

Consent Requirements

• Prior to sending the first message, you must obtain agreement from the message recipient to communicate with them - this is referred to as "consent." You must make it clear to the individual that they agree to receive messages of the type you will send. You need to keep a record of the consent, such as a copy of the document, form the message recipient signed or a timestamp of when the customer completed a sign-up flow.
• Suppose you do not send an initial message to that individual within a reasonable period after receiving consent (or as set forth by local regulations or best practices). In that case, you must reconfirm consent in the first message you send to that recipient.
• The consent applies only to you and to the specific use, business operation, or campaign to which the recipient has consented. You can't treat it as blanket consent allowing you to send messages from other brands or companies you may own or additional messages about other marketing campaigns you may create in the future.
• Proof of opt-in consent should be retained as set forth by local regulations or best practices after the end user opts out of receiving messages.

Alternative Consent Requirements

While consent is always required, and the consent requirements noted above are generally the safest path, there are two scenarios where consent can be received differently.

Contact initiated by an individual

If an individual sends a message to you, you are free to respond in an exchange with that individual. For example, if an individual texts your phone number asking for your hours of operation, you can respond directly to that individual, relaying your open hours. In such a case, the individual's inbound message to you constitutes both consent and proof of consent. Remember that the consent is limited only to that particular conversation or business operation. Unless you obtain additional consent, don't send messages outside that business operation, such as a new marketing campaign a year later.

Informational content to an individual based on a prior relationship

You may send a message to an individual with whom you have a prior relationship, provided that individual provided their contact information (i.e., phone number, email address, etc.) to you, has taken some action to trigger the potential communication, and has not expressed a preference to not receive messages from you. Actions can include a button press, alert setup, making an appointment, sending an inquiry, requesting a quote, booking a property, etc. Examples of acceptable messages in these scenarios include appointment reminders, payment receipts, one-time passwords, inquiry responses, quote responses, booking confirmations, welcome packets, maintenance reach-outs, or hospitality staff confirming any of the above.

The message can't attempt to promote a separate service or product, advocate for a social cause, or be forwarded to third-party services.

Channel messaging exception

 It should be noted that these consent requirements are directed explicitly towards email and SMS types of communication. Channel messages (eg. messages sent and received via Airbnb, Vrbo, and Booking.com) operate on platforms that have already obtained consent from the recipient by nature of their operations. Channel platforms also notify their recipients that messaging will be shared with their hosts and PMs (ie. you) so it is assumed that in order to complete the booking operation, messages have to travel outside the channel platform. Therefore, you do not need to ask a channel recipient for consent since it is implied.

Periodic Messages and Ongoing Consent

 If you intend to send messages to a recipient on an ongoing basis or for any marketing-type purpose, you should confirm the recipient's consent by offering them a clear reminder of how to unsubscribe from those messages using standard opt-out language and options. You must also respect the message recipient's preferences in terms of frequency of contact. You also need to proactively ask individuals to reconfirm their consent as set forth by local regulations and best practices if it's been a long time since you've sent a previous message.

Revocation of Consent / Opt-out

Any messages you send to an individual need to include language telling them why they are getting the message, if not obvious, and, if marketing in nature, include unsubscribe options. An example of an obvious message is a payment receipt immediately after a guest has made a payment for their booking. Individuals must be able to revoke consent at any time by replying to you or clicking unsubscribe options. When an individual opts out, you should notify them or clarify that the messages they receive are transactional and based on business needs and operations.

Identifying Yourself as the Sender

Every message you send should clearly identify you (the party that obtained the opt-in from the recipient) as the sender, except in follow-up messages of an ongoing conversation where the replies are frequent and small in nature. Examples of ongoing conversations are SMS and email threads with a back-and-forth conversation between you and the recipient.

Clear identification means a proper name, brand name, brand logo, and/or domain name representing you as a person or business to the world. It should be simple for the recipient to find your business online or via a booking channel (e.g., Airbnb) based on the sender's identification in your messaging.

Usage Limitations

Content We Do Not Allow

The key to ensuring that messaging remains an excellent channel for communication and innovation is preventing abusive use of messaging platforms. That means we never allow some types of content on our platform, even if our customers get consent from recipients for that content.

Our Acceptable Use Policy already prohibits sending any content that is illegal, harmful, unwanted, inappropriate, objectionable, confirmed to be criminal misinformation, or otherwise poses a threat to the public, even if the content is legally permissible.

• This Messaging Policy also prohibits the following content:
• Anything illegal in the jurisdiction where the message recipient lives. Examples include, but are not limited to:
• Cannabis. Messages related to Cannabis are not allowed in the United States as federal laws prohibit its sale, even though some states have legalized it. Similarly, CBD-related messages are not permissible in the United States, as certain states prohibit its sale. Epiqhost defines a cannabis message as any message that relates to the marketing or sale of a cannabis product, regardless of whether or not those messages explicitly contain cannabis terms, images, or links to cannabis websites. Prescription Medication. Offers for prescription medication that cannot legally be sold over-the-counter are prohibited in the United States
• Hate speech, harassment, exploitative, abusive, or any communication that originates from a hate group
• Fraudulent messages
• Malicious content, such as malware or viruses
• Any Forbidden SMS Message Categories
• Any content that is designed to evade filters (see below) intentionally

Please note that some of the above restrictions (e.g., Cannabis) were created by the telecommunication carriers that deliver our messages and are not restrictions created by Epiqhost. However, because we use their networks, we are required to follow them. You may disagree with these restrictions - but we cannot change them. Objections to these policies do not absolve you of the requirement to comply.

 Country-Specific Rules

 All messages should comply with the rules applicable to the country in which the message recipient lives.

Age and Geographic Gating

If you are sending messages in any way related to alcohol, firearms, gambling, tobacco, or other adult content, then more restrictions apply. In addition to obtaining consent from every message recipient, you must ensure that no message recipient is younger than the legal age of consent based on where the recipient is located. You also must ensure that the message content complies with all applicable laws of the jurisdiction in which the message recipient is located or applicable communications industry guidelines or standards. You need to be able to provide proof that you have in place measures to ensure compliance with these restrictions. Otherwise, it is also best to avoid sending this type of message content.

Violation Detection and Prevention Evasion

Customers may not use Epiqhost's messaging platform to evade unwanted messaging detection and prevention mechanisms on Epiqhost or one of Epiqhost's channel or telecommunications partners. Subject to the Epiqhost Privacy Policy, Epiqhost collects and monitors all messages transmitted via Epiqhost's platform to detect spam, fraudulent activity, and violations of our Acceptable Use Policy

Examples of prohibited practices include:

• Content designed to evade detection. As noted above, we do not allow content specifically designed to evade detection by unwanted messaging detection and prevention mechanisms. This includes intentionally misspelled words or non-standard opt-out phrases that have been specifically created with the intent to evade these mechanisms.
• Snowshoeing. We do not permit snowshoeing, which is defined as spreading similar or identical messages across many phone numbers with the intent or effect of evading unwanted messaging detection and prevention mechanisms.
• Simulated social engineering attacks. You are prohibited from transmitting messages that are used for security testing, including simulated phishing and other activities that may resemble social engineering or similar attacks.
• Other practices identified and prohibited by this policy and our Acceptable Use Policy

How We Handle Violations

When we identify a violation of these principles, where possible, we will work with users in good faith to get them back into compliance with this policy. However, to protect the continued ability of all our customers to use messaging for legitimate purposes freely, we reserve the right to suspend or remove access to Epiqhost's platform for users, or users' guests and partners, that we determine are not complying with the Messaging Policy, or who are not following the law in any applicable area or applicable communications industry guidelines or standards, in some instances with limited notice in the case of serious violations of this policy. U.S. telecommunications providers may assess fees for non-compliant SMS traffic, and Epiqhost will pass these fees on to you. To date, T-Mobile is the first U.S. telecommunications provider to announce non-compliance fees for violations of T Mobile's Code of Conduct. Epiqhost will update these guidelines accordingly if/ when additional U.S. telecommunications providers announce non-compliance fees.

T-Mobile non-compliance fees are as follows:

10DLC Long Code Messaging Program Evasion: A $1,000 pass-through fee if a customer program/campaign is found to be using techniques such as snowshoeing or unauthorized number replacement/recycling.

Content Violation: After a prior warning, a $10,000 pass-through fee may be imposed for each unique instance of content violating the T Mobile Code of Conduct involving the same sender/content provider. This includes SHAFT (Sex, Hate, Alcohol, Firearms, Tobacco) violations, spam, phishing, and messaging that meets the Severity 0 violation as defined in the CTIA Short Code Monitoring Handbook. Any fines or fees assessed to Epiqhost for a particular user's activity will be passed along to that user for immediate payment. That user's messaging may be locked or suspended. This includes other telecommunication carriers that may assess fines or fees, even if they are not explicitly enumerated in this Messaging Policy.