Privacy Policy

BetterBooking.ai is a Chrome browser extension that helps you get lower prices on Airbnb listings using artificial intelligence. When you find a listing you like and click “Get BetterBooking”, our AI crafts and sends a polite negotiation message to the host on your behalf — helping you secure a better rate automatically.

By using BetterBooking, you expressly authorize us to send AI-generated negotiation messages to hosts each time you initiate a negotiation. You may review your full message history at any time within the extension.

BetterBooking requires read access to airbnb.com in order to retrieve listing information visible on the page — such as price, property details, and host information. This access is strictly:

• User-initiated only: The extension reads page data exclusively when you click “Get BetterBooking.” It never passively monitors, scans, or transmits page content in the background without your direct action.
• Narrowly scoped: Only data relevant to the specific listing you are actively viewing is accessed. We do not read unrelated pages, your browser history, inbox, or any personal messages outside the negotiation context.
• Purpose-bound: Listing data is used exclusively to generate your negotiation message. It is never repurposed for advertising, profiling, or any secondary use.

Information you provide:

• Email address (for account creation and service notifications)
• Subscription and billing details (processed by Stripe — we never store your card number)
• Your negotiation preferences (target price, reservation price) when you enter them

Listing data read when you actively initiate a negotiation:

• Property details: title, location, room type, amenities, description
• Pricing: listed price, fees, discounts
• Host information: name, response rate, rating, review count
• Booking parameters: dates, number of guests

Data generated through our service:

• AI-generated negotiation messages sent on your behalf
• Conversation history between the negotiation agent and hosts
• Negotiation status and outcomes

Technical and usage data:

• Timestamps of feature usage
• Session and request identifiers (for debugging and support)
• Aggregated, anonymized success metrics

We do NOT collect:

• Your passwords or login credentials
• Authentication cookies or session tokens
• Payment methods stored in your booking accounts
• Personal messages unrelated to BetterBooking negotiations
• Your browsing history outside of active Airbnb listing pages
• Location data beyond what appears in listing details

When you initiate a price negotiation, BetterBooking uses a user-authorized, ephemeral browser session managed through our Kernel infrastructure partner to deliver your AI-crafted message to the host. The following principles govern every session:

• Strictly user-initiated: The session activates only when you explicitly click “Get BetterBooking.” No action is taken passively, automatically, or without your direct instruction.
• Credentials entered directly by you: Any credentials required to access the booking platform are entered by you directly into the platform's own native login interface. BetterBooking does not intercept, capture, store, or transmit those credentials at any point.
• No token or cookie harvesting: BetterBooking does not extract, retain, or transmit authentication cookies, session tokens, OAuth tokens, or any other credential artifacts. These remain solely within your browser session and are never accessible to our servers.
• Ephemeral and self-terminating: Remote sessions automatically terminate upon task completion or after 15 minutes of inactivity. No session state, credential, or token is persisted after termination.
• Authorized scope only: The agent performs exclusively the messaging action you requested — sending your negotiation message and returning the host's response. It takes no other action on your account.

This architecture ensures BetterBooking operates solely as your explicitly authorized agent, with no ability to access your accounts beyond the specific task you initiate.

We use the information described above solely for the following purposes:

• To generate and send AI-powered negotiation messages on your behalf
• To manage your BetterBooking account, subscription, and billing
• To notify you when hosts respond to your negotiations
• To provide customer support
• To improve our AI and service quality using anonymized, aggregated data only

We do NOT:

• Sell your data to third parties, data brokers, or advertisers
• Use your data for advertising, ad targeting, or behavioral profiling
• Share your negotiation data with any unauthorized party
• Make bookings or financial commitments on your behalf
• Transfer user data for purposes inconsistent with this Privacy Policy

We share limited, purpose-specific data with the following infrastructure providers. These are operational subprocessors — not data buyers or advertisers — and each is bound by a data processing agreement:

• Supabase — Secure database hosting. Receives: account information, listing data, conversation history. Does not receive: payment information.
• Anthropic (Claude API) — AI negotiation engine. Receives: listing details and conversation context required to generate your message. Does not receive: your email address or payment information.
• Kernel — Ephemeral remote browser infrastructure. Receives: listing URLs and negotiation task instructions. Does not receive or store: credentials, authentication tokens, or personal account data of any kind.
• Stripe — Payment processing. Receives: billing and subscription information. Does not receive: negotiation data or listing information. Stripe processes payments as an independent data controller under its own privacy policy.

Optional diagnostic services (can be disabled on request):

• Langfuse — LLM performance monitoring, using anonymized, non-personal data only
• Grafana Loki — Error logging, using anonymized diagnostic data only

We do not sell, rent, or trade your personal information to any third party. No user data is shared with advertising networks or data brokers.

Technical measures:

• All data transmitted over HTTPS with TLS 1.3 encryption
• Database-level encryption at rest
• Row-level security preventing cross-user data access
• Token-based authentication (JWT)
• API rate limiting to prevent abuse

Operational measures:

• Remote browser sessions expire after 15 minutes of inactivity and leave no stored state
• No long-term storage of credentials or authentication tokens
• Employee access to production data is logged, audited, and access-controlled
• Quarterly security reviews of infrastructure and code

In the event of a data breach likely to affect your rights or freedoms, we will notify affected users within 72 hours by email and report to relevant authorities as required by applicable law.

• Active negotiations: Retained until resolved, cancelled, or you request deletion
• Account information: Retained for the duration of your account and deleted upon your verified request
• Remote browser sessions: Terminated immediately after task completion; no session data is retained
• Billing records: 7 years (legal and tax compliance, held by Stripe under its own retention policy)

Following account deletion, we may retain anonymized, aggregated data with no connection to you personally for service improvement purposes.

You may at any time:

• Request access to the personal data we hold about you
• Request correction of inaccurate or incomplete data
• Request deletion of your account and associated data
• Opt out of marketing emails at any time using the unsubscribe link in any email we send

EU / UK users (GDPR): You additionally have the right to data portability, the right to object to or restrict processing, and the right to lodge a complaint with your local data protection authority. We rely on Standard Contractual Clauses (SCCs) for transfers of personal data from the EU/UK to the United States.

California users (CCPA): You have the right to know what personal information we collect and how it is used, the right to request deletion, and the right to non-discrimination for exercising these rights. We do not sell personal information.

To exercise any of the above rights, contact us at support@betterbooking.ai. We will respond within 30 days.

BetterBooking.ai is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top of this page. For material changes, we will notify active users and newsletter subscribers by email. We encourage you to review this policy periodically.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: