How we handle your data

Compliant with Brazil's LGPD. In plain language.

Last updated: 20 April 2026

Who processes your data

Dália Stays is the brand operated by IMPÉRIO DDS LTDA, Brazilian tax ID 59.577.438/0001-80, based in Rio de Janeiro. This policy describes how we collect, use, and protect your personal data under Brazil's General Data Protection Law (Law 13.709/2018, LGPD).

Data we collect

We collect only what is necessary to operate short-term rental management and respond to your contact:

• Full name, email, phone or WhatsApp
• City and address of the property (for owners)
• Accommodation preferences and cities of interest (for guests)
• Booking data: dates, amount, property, source platform
• Information you provide via form or conversation

Legal basis (LGPD art. 7)

• Consent: when you check the authorization box on a form.
• Contract performance: when processing is necessary to operate a reservation or management contract.
• Legitimate interest: aggregate statistical analysis and service improvement, always balanced against your rights.
• Legal obligation: fiscal retention for 5 years under Brazilian tax law.

Purposes

• Assess the property's revenue potential
• Reach out about accommodation or management
• Operate reservations and stay communication
• Issue fiscal documents
• Send editorial communications (Diário Dália) with opt-in

Your rights (LGPD art. 18)

At any time, you may request: confirmation of processing, access to your data, correction, anonymization, blocking, deletion, portability, withdrawal of consent.

To exercise: submit via remove my data or email daniel@daliastays.com. We respond within 15 days.

Retention

We retain data for the period necessary to the stated purpose. Unconverted lead data: 12 months. Fiscal data from contracts and reservations: 5 years (Brazilian tax law). After that, data is anonymized or deleted.

Sharing

We do not sell your data. It is shared only with technical processors under data protection agreements:

• Supabase (database, US servers, legal basis: adequacy plus consent)
• Vercel (site hosting, US servers)
• Resend (transactional email, US servers)
• Stays.net, Airbnb, Booking (when necessary to operate a reservation)
• Public authorities when legally required

International transfer

Part of the data travels via servers outside Brazil (US, EU). Those processors operate under standard contractual clauses and adequacy mechanisms provided by LGPD (art. 33).

Cookies

We use strictly necessary cookies for site operation and analytics cookies (Plausible) to understand aggregate use. You may refuse via the cookie banner at the site footer or configure your browser. See cookies policy.

Security

We store data in environments with access control, encryption in transit (HTTPS/TLS) and at rest. We apply least-privilege policies, two-factor authentication on critical systems, and audit logs.

Data Protection Officer

Daniel Dias is the Data Protection Officer. Contact: daniel@daliastays.com.

Changes

This policy may be updated. Material changes will be flagged on the site. The last revision date is at the top of this document.