STR ProTerms of Service

Privacy Policy

Last updated: February 2026

1. Overview

Wellstone Software (“we”, “us”, “our”) operates STR Pro. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

2. Data We Collect

Account Information

When you create an account via Clerk, we receive your email address, name, and a unique identifier. Authentication is handled by Clerk — we store only what is necessary to identify your account in our database.

Financial and Property Data

You may enter property details, financial transactions, reservations, activity logs, and related data. This data is stored in our database and is associated with your account. It is used solely to provide the Service to you.

Bank Account Data (Plaid)

If you connect a bank account, the connection is made through Plaid, Inc. We store an encrypted access token provided by Plaid — we never see or store your bank username, password, or full account numbers. Transaction data retrieved via Plaid is stored in our database to power the bank sync feature. You can disconnect your bank account at any time in Settings.

Channel Manager Data (Hospitable)

If you connect Hospitable, we store an encrypted OAuth access token and sync reservation, guest, and financial data from your connected channel manager accounts. You can disconnect Hospitable in Settings at any time.

Payment Information

Payments are processed by Stripe. We do not store credit card numbers or payment details. We store your Stripe customer ID and subscription status to manage your plan.

Usage Data

We may collect standard server logs including IP addresses, request timestamps, and feature usage patterns. This data is used to maintain service reliability and improve the product.

3. How We Use Your Data

  • To provide and operate the Service
  • To send transactional emails (account activity, tax reminders, weekly digests) — you can opt out in Settings
  • To process payments and manage your subscription
  • To improve the Service and diagnose technical issues
  • To comply with legal obligations

We do not sell your personal data to third parties. We do not use your financial or property data for advertising purposes.

4. Third-Party Service Providers

We use the following third-party providers to operate the Service:

  • Clerk — authentication and user management
  • Stripe — payment processing and subscription billing
  • Plaid — bank account connectivity
  • Hospitable — channel manager data sync
  • Resend — transactional email delivery
  • Neon — PostgreSQL database hosting
  • Vercel — application hosting and serverless functions
  • Anthropic — AI-powered transaction categorization (data is not used to train models)

Each provider has its own privacy policy and data processing terms. We only share the minimum data necessary with each provider to deliver the relevant feature.

5. Data Security

Sensitive credentials (bank access tokens, channel manager tokens) are encrypted at rest using AES-256-GCM before storage. All data in transit is encrypted via TLS. We follow industry-standard security practices and conduct periodic security reviews.

No system is perfectly secure. If you believe your account has been compromised, contact us immediately at hello@wellstonelabs.io

6. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete your personal data and associated records within 30 days, except where we are required to retain it for legal or compliance purposes.

To delete your account and all associated data, go to Settings → Account → Delete Account. Alternatively, email hello@wellstonelabs.io. All data is permanently deleted within 30 days. Any connected Plaid bank accounts are revoked immediately upon deletion.

7. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your account and associated data
  • Opt out of non-essential email communications (via Settings)
  • Disconnect third-party integrations (Plaid, Hospitable) at any time via Settings

To exercise these rights, email us at hello@wellstonelabs.io

8. Children's Privacy

The Service is intended for adults (18+) and is not directed to children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or in-app notice. Continued use of the Service after changes take effect constitutes acceptance of the revised policy.

10. Contact

Questions or requests about this Privacy Policy? hello@wellstonelabs.io