Skip to content

Privacy Policy

Last updated: March 5, 2026

Data Controller

This Privacy Policy is issued by TER PR LLC, a Puerto Rico limited liability company, doing business as The Estate Reserve ("TER," "The Estate Reserve," "we," "us," or "our"). TER PR LLC is the data controller responsible for the collection, use, storage, and protection of your personal information as described in this policy. Our registered address is in Puerto Rico. For all privacy-related inquiries, contact privacy@theestatereserve.com.

1. Information We Collect

We collect the following categories of personal information:

  • Identifiers: Name, email address, phone number, mailing address, and government-issued ID (at check-in).
  • Commercial Information: Booking history, payment records, property preferences, and transaction details.
  • Internet & Electronic Activity: Pages visited, time spent, browser type, device information, IP address, and referral URLs collected via cookies and analytics.
  • Geolocation Data: Approximate location derived from IP address.
  • Inferences: Preferences and interests derived from your interactions with our services.
  • Payment Information: Credit card details are processed securely through Stripe. We do not store your full card number on our servers.
  • Communications: Records of correspondence with our concierge team, including email, chat, WhatsApp messages, and SMS.
  • Messaging Data: If you interact with our WhatsApp concierge or SMS services, we collect message content, timestamps, and your phone number. Messages are processed by our AI concierge system and may be reviewed by our team for quality and safety purposes.
  • Biometric Identifiers: Facial geometry derived from government-issued ID photographs, collected solely for identity verification at check-in. Such data is collected only with your express consent.
  • AI Interaction Data: If you interact with our AI-powered concierge services, we collect conversation content, interaction patterns, and service preferences to improve our concierge quality.

2. How We Use Your Information

We use personal information for the following purposes:

  • Process and manage your bookings and payments.
  • Communicate with you about reservations, account activity, and customer support.
  • Send promotional communications (with your consent; you may opt out at any time).
  • Improve our services, website experience, and personalization.
  • Detect and prevent fraud, unauthorized access, and other illegal activities.
  • Comply with legal obligations and enforce our Terms of Service.
  • Process messages through our AI-powered concierge system, including natural language processing of WhatsApp and SMS communications, to provide personalized concierge services.
  • Verify identity using biometric comparison of check-in photographs against government-issued ID.

3. Information Sharing

The Estate Reserve has NOT sold personal information in the preceding 12 months. We do not sell your personal information. We may share your information with the following categories of recipients:

  • Property Owners & Managers: To fulfill your booking and coordinate your stay.
  • Payment Processors (Stripe): To process transactions securely. Stripe's privacy policy governs their use of your data.
  • Cloud Infrastructure (AWS): For secure data storage and hosting.
  • Analytics Providers: We may use analytics tools such as Google Analytics to understand usage patterns and improve our services. When active, analytics providers act as data processors on our behalf, and their respective privacy policies govern their processing of data collected through cookies. Analytics data is aggregated where possible. Analytics cookies are only set when you consent to non-essential cookies via our cookie consent banner.
  • Email & Communication Services: To send transactional and promotional communications.
  • Identity Verification: When required for check-in or fraud prevention.
  • Law Enforcement: When required by law, subpoena, or court order.
  • AI Service Providers: Our AI concierge system processes messages through third-party AI providers. Messages are processed in real-time for response generation and are not used for AI model training. Our AI providers are contractually prohibited from retaining or using your data beyond the immediate processing request.

4. Data Security

We implement industry-standard security measures including encryption in transit (TLS/SSL) and at rest, secure payment processing via PCI-compliant processors, access controls, and regular security assessments. However, no method of transmission over the internet or electronic storage is 100% secure.

5. Cookies & Tracking

We use cookies, local storage, and similar technologies to improve your browsing experience, remember preferences, track affiliate referral codes (with your consent), and analyze site usage. Non-essential cookies and tracking technologies are only activated after you provide consent via our cookie consent banner. For detailed information about all cookies and client-side storage we use and how to manage them, please see our Cookie Policy.

6. US State Privacy Rights

If you are a resident of California (CCPA/CPRA), Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), or another US state with consumer privacy legislation, you have the following rights:

Your Rights

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: Request deletion of your personal information, subject to certain legal exceptions.
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Opt-Out: Opt out of the sale or sharing of your personal information. Note: TER does not sell personal information.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

How to Exercise Your Rights

Submit requests to privacy@theestatereserve.com. We will verify your identity and respond within 45 days (extendable by an additional 45 days for complex requests). You may designate an authorized agent to submit requests on your behalf with proper written authorization.

Do Not Sell or Share

The Estate Reserve does not sell or share personal information as defined by the CCPA/CPRA. We recognize and honor Global Privacy Control (GPC) signals from your browser as a valid opt-out request.

7. European Economic Area, United Kingdom & Switzerland Privacy Rights

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, the following additional rights and disclosures apply under the EU General Data Protection Regulation (EU GDPR, Regulation 2016/679), the UK General Data Protection Regulation (UK GDPR, as retained under the Data Protection Act 2018), and the Swiss Federal Act on Data Protection (nFADP/DSG), respectively:

Legal Basis for Processing

We process your personal data based on: (a) contractual necessity — to fulfill your booking and provide our services; (b) legitimate interests — to improve our platform, prevent fraud, and ensure safety; (c) legal obligation — to comply with tax, anti-money laundering, and other regulatory requirements; and (d) consent — for marketing communications and non-essential cookies, which you may withdraw at any time.

Your Rights Under EU GDPR, UK GDPR & nFADP

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate personal data.
  • Right to Erasure ("Right to Be Forgotten"): Request deletion of your personal data, subject to legal retention obligations.
  • Right to Restriction: Request that we restrict the processing of your data in certain circumstances.
  • Right to Data Portability: Receive your personal data in a structured, commonly used, machine-readable format.
  • Right to Object: Object to processing based on legitimate interests, including direct marketing.
  • Right to Withdraw Consent: Withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority in your country of residence. For the UK, this is the Information Commissioner's Office (ICO). For EEA residents, this is your national data protection authority. For Switzerland, this is the Federal Data Protection and Information Commissioner (FDPIC).
  • Right Not to be Subject to Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.

International Data Transfers

Your data is transferred to and processed in the United States. For EEA transfers, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission (Implementing Decision 2021/914) as the legal mechanism for such transfers. For UK transfers, we rely on the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU SCCs approved by the ICO. For Swiss transfers, we rely on the revised SCCs recognized by the FDPIC. We conduct Transfer Impact Assessments where required. You may request a copy of the applicable transfer mechanism by contacting privacy@theestatereserve.com.

Data Protection Contact

For GDPR-related inquiries (EU, UK, or Swiss), contact our data protection point of contact at privacy@theestatereserve.com. While TER PR LLC is not currently required to appoint a formal Data Protection Officer (DPO) under Article 37 of the GDPR, we have designated a data protection point of contact who can be reached at the above email address to handle all data protection matters.

UK-Specific Provisions

For UK residents, TER processes personal data in accordance with the UK GDPR and the Data Protection Act 2018. Where references are made to the "GDPR" in this policy, for UK residents this shall mean the UK GDPR as defined in section 3(10) of the Data Protection Act 2018. The lawful bases for processing, data subject rights, and transfer mechanisms described above apply equally to UK data subjects. UK residents may lodge complaints with the Information Commissioner's Office at ico.org.uk.

8. Canadian Privacy Rights

If you are a Canadian resident, your personal information is protected under the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation (including Quebec's Act Respecting the Protection of Personal Information in the Private Sector, as amended by Bill 25). You have the right to access, correct, and request deletion of your personal information. For Quebec residents, we will obtain explicit consent before collecting, using, or disclosing your personal information, and you have the right to data portability and to be informed of automated decision-making. To exercise these rights, contact privacy@theestatereserve.com. We will respond within 30 days.

9. Brazilian Privacy Rights (LGPD)

If you are located in Brazil, the Lei Geral de Proteção de Dados (LGPD, Law No. 13,709/2018) provides you with specific rights regarding your personal data. TER PR LLC processes your data under the following legal bases as applicable: consent, contractual necessity, legitimate interest, or legal obligation. Your rights under the LGPD include:

  • Right to Confirmation and Access: Confirm whether we process your data and obtain access to it.
  • Right to Correction: Request correction of incomplete, inaccurate, or outdated data.
  • Right to Anonymization, Blocking, or Deletion: Request anonymization, blocking, or deletion of unnecessary or excessive data, or data processed in violation of the LGPD.
  • Right to Data Portability: Request portability of your data to another service provider.
  • Right to Deletion: Request deletion of personal data processed with your consent.
  • Right to Information: Obtain information about public and private entities with which we have shared your data.
  • Right to Revoke Consent: Revoke consent at any time, without affecting the lawfulness of processing carried out prior to revocation.
  • Right to Oppose: Oppose processing carried out in violation of the LGPD.
  • Right to Review Automated Decisions: Request review of decisions made solely on the basis of automated processing of personal data.

How to Exercise Your LGPD Rights

To exercise any of these rights, contact privacy@theestatereserve.com. We will respond within 15 business days. You may also file a complaint with Brazil's National Data Protection Authority (ANPD) at gov.br/anpd.

10. Mexican Privacy Rights (LFPDPPP)

If you are located in Mexico, the Federal Law on Protection of Personal Data Held by Private Parties (Ley Federal de Protección de Datos Personales en Posesión de los Particulares, LFPDPPP) and its Regulations provide you with ARCO rights (Acceso, Rectificación, Cancelación, Oposición):

  • Access (Acceso): Request access to your personal data in our possession.
  • Rectification (Rectificación): Request correction of inaccurate or incomplete personal data.
  • Cancellation (Cancelación): Request deletion of your personal data when it is no longer necessary for the purposes for which it was collected.
  • Opposition (Oposición): Oppose the processing of your personal data for specific purposes.
  • Revocation of Consent: Revoke consent previously granted for the processing of your personal data.
  • Limit Use or Disclosure: Request that we limit the use or disclosure of your personal data.

How to Exercise Your ARCO Rights

To exercise your ARCO rights, submit a request to privacy@theestatereserve.com including your full name, contact information, a clear description of the data and rights you wish to exercise, and any documents supporting your request. We will respond within 20 business days. You may also file a complaint with Mexico's National Institute for Transparency, Access to Information and Protection of Personal Data (INAI).

11. Asia-Pacific Privacy Rights

TER is committed to respecting the privacy rights of individuals in the Asia-Pacific region. The following provisions apply to residents of the listed jurisdictions:

Australia (Privacy Act 1988 & Australian Privacy Principles)

If you are an Australian resident, your personal information is protected under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). You have the right to access and correct your personal information. If you believe we have breached the APPs, you may lodge a complaint with us at privacy@theestatereserve.com and we will respond within 30 days. If unsatisfied, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au. TER will not disclose your personal information to overseas recipients without your consent or unless permitted under the APPs, and we take reasonable steps to ensure overseas recipients comply with the APPs.

Japan (Act on the Protection of Personal Information — APPI)

If you are a Japanese resident, TER processes your personal information in accordance with the Act on the Protection of Personal Information (APPI, Act No. 57 of 2003, as amended). You have the right to request disclosure, correction, cessation of use, and deletion of your retained personal data. TER will not provide your personal data to third parties without your prior consent, except as permitted by the APPI. For cross-border transfers, TER ensures that appropriate safeguards are in place as required by the APPI. To exercise your rights, contact privacy@theestatereserve.com. You may also file a complaint with the Personal Information Protection Commission (PPC) at ppc.go.jp.

Singapore (Personal Data Protection Act — PDPA)

If you are a Singapore resident, TER processes your personal data in compliance with the Personal Data Protection Act 2012 (PDPA). You have the right to access and correct your personal data, and to withdraw consent for the collection, use, or disclosure of your personal data. TER will cease processing your data within a reasonable period after receiving your withdrawal request, though this may affect our ability to provide services. To exercise your rights, contact privacy@theestatereserve.com. You may lodge a complaint with the Personal Data Protection Commission (PDPC) at pdpc.gov.sg.

South Korea (Personal Information Protection Act — PIPA)

If you are a South Korean resident, TER processes your personal information in accordance with the Personal Information Protection Act (PIPA). You have the right to access, correct, delete, and suspend processing of your personal information. TER will obtain your consent before collecting or processing your personal information, will not collect more data than is necessary, and will promptly destroy personal information once the purpose of collection has been achieved. To exercise your rights, contact privacy@theestatereserve.com.

Thailand (Personal Data Protection Act — PDPA)

If you are a Thai resident, TER processes your personal data in compliance with the Personal Data Protection Act B.E. 2562 (2019). You have the right to access, correct, delete, restrict, and port your personal data, and to object to or withdraw consent for processing. To exercise your rights, contact privacy@theestatereserve.com.

India (Digital Personal Data Protection Act — DPDP)

If you are an Indian resident, TER processes your digital personal data in compliance with the Digital Personal Data Protection Act, 2023. You have the right to obtain information about processing, correction and erasure of your personal data, grievance redressal, and the right to nominate a person to exercise your rights. TER will process your personal data only for lawful purposes with your consent or for certain legitimate uses as defined under the DPDP Act. To exercise your rights or file a grievance, contact privacy@theestatereserve.com.

12. Middle East & Africa Privacy Rights

TER respects the privacy rights of individuals in the Middle East and Africa. The following provisions apply:

United Arab Emirates (Federal Decree-Law No. 45 of 2021 — PDPL)

If you are a UAE resident, TER processes your personal data in compliance with the UAE Personal Data Protection Law (PDPL, Federal Decree-Law No. 45 of 2021). You have the right to access, correct, and request deletion of your personal data, to restrict or object to processing, to request data portability, and to withdraw consent. TER will not transfer your personal data outside the UAE except in compliance with the data transfer provisions of the PDPL. To exercise your rights, contact privacy@theestatereserve.com.

Kingdom of Saudi Arabia (Personal Data Protection Law — PDPL)

If you are a Saudi Arabian resident, TER processes your personal data in compliance with the Saudi Personal Data Protection Law (Royal Decree M/19 of 2021, as amended). You have the right to be informed about the purpose of data collection, to access your personal data, to request correction or destruction, and to withdraw consent. To exercise your rights, contact privacy@theestatereserve.com.

South Africa (Protection of Personal Information Act — POPIA)

If you are a South African resident, TER processes your personal information in compliance with the Protection of Personal Information Act 4 of 2013 (POPIA). You have the right to access, correct, and delete your personal information, to object to processing, and to submit a complaint to the Information Regulator. TER will process your personal information only with a lawful basis (consent, contractual necessity, legal obligation, or legitimate interest). To exercise your rights, contact privacy@theestatereserve.com. You may lodge a complaint with the Information Regulator at justice.gov.za/inforeg.

Nigeria (Nigeria Data Protection Act — NDPA)

If you are a Nigerian resident, TER processes your personal data in compliance with the Nigeria Data Protection Act 2023 (NDPA). You have the right to access, rectify, and request deletion of your personal data, and to object to or restrict processing. To exercise your rights, contact privacy@theestatereserve.com. You may lodge a complaint with the Nigeria Data Protection Commission (NDPC).

13. Caribbean Privacy Rights

As TER operates extensively in the Caribbean, we are committed to complying with data protection laws across the region:

  • Bahamas: TER complies with the Data Protection (Privacy of Personal Information) Act 2003. Bahamian residents have the right to access and correct personal information.
  • Barbados: TER complies with the Data Protection Act 2019. Barbadian residents have rights of access, rectification, erasure, and data portability.
  • Cayman Islands: TER complies with the Data Protection Act 2017. Cayman Islands residents have rights of access, rectification, erasure, restriction, portability, and objection.
  • Jamaica: TER complies with the Data Protection Act 2020. Jamaican residents have rights of access, correction, and deletion.
  • Trinidad and Tobago: TER complies with the Data Protection Act 2011. Residents have rights of access and correction.
  • U.S. Virgin Islands and British Virgin Islands: TER applies applicable US federal privacy standards (USVI) and UK GDPR standards (BVI) respectively.
  • For all Caribbean jurisdictions, to exercise your privacy rights, contact privacy@theestatereserve.com.

14. Do Not Track & Global Privacy Control

We recognize and respond to Global Privacy Control (GPC) browser signals. When we detect a GPC signal, we treat it as a valid opt-out of sale/sharing of personal information. We also honor Do Not Track browser signals by limiting tracking to essential, functional purposes only.

15. Data Breach Notification

In the event of a data breach affecting your personal information, we will notify affected individuals within 72 hours of discovery, in accordance with Florida Statute 501.171 and other applicable state breach notification laws. Notification will include the nature of the breach, categories of data affected, and steps you can take to protect yourself. TER will offer affected individuals complimentary credit monitoring services for a minimum of 12 months following any breach involving sensitive personal information.

16. Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete that information promptly. If you believe we have collected information from a child under 16, please contact us at privacy@theestatereserve.com.

17. International Transfers

Your personal information is primarily stored and processed in the United States (AWS us-east-2 region). If you access our services from outside the United States, your information will be transferred to and processed in the US, where data protection laws may differ from those in your jurisdiction. We implement appropriate safeguards for international data transfers in accordance with applicable laws, including Standard Contractual Clauses (SCCs) for EEA transfers, UK International Data Transfer Agreements (IDTAs) for UK transfers, and equivalent mechanisms recognized under applicable data protection frameworks in other jurisdictions. We conduct Transfer Impact Assessments (TIAs) where required to evaluate the level of data protection in recipient countries. By using our services, you acknowledge and consent to this transfer, subject to the safeguards described in this policy and in the jurisdiction-specific sections above.

18. Automated Decision-Making

The Estate Reserve does not engage in automated profiling or decision-making that produces legal effects or similarly significant effects on individuals. Any automated processing (such as fraud detection) is supplemented by human review.

19. AI & Automated Processing Transparency

TER uses artificial intelligence to power its WhatsApp and digital concierge services. Here is how our AI systems operate:

  • When you send a message to our concierge, it may be processed by an AI system before or instead of a human agent.
  • The AI system analyzes your message to understand your request and generate a helpful response.
  • AI responses are generated in real-time and are not pre-written.
  • Your messages are NOT used to train AI models. Our AI providers are contractually prohibited from using your data for model training or improvement.
  • Human team members may review AI conversations for quality assurance, accuracy verification, and safety monitoring.
  • You may request human assistance at any time by typing "HUMAN" or "AGENT" in the conversation.
  • AI-generated responses may contain inaccuracies; critical information (pricing, availability, policies) should always be confirmed with a human representative.
  • Conversation data is encrypted in transit and at rest using AES-256 encryption.

20. Puerto Rico Data Protection

For users in the Commonwealth of Puerto Rico, the following additional protections apply:

  • Puerto Rico Act 232 of 1942 (Social Security Number Protection Act) — TER does not require Social Security Numbers for bookings. If an SSN is provided for tax or verification purposes, it is encrypted, access-restricted, and never shared beyond legal requirements.
  • Puerto Rico is subject to certain provisions of HIPAA where health data is involved in wellness services. Health disclosures provided for wellness or spa experiences are treated as sensitive personal information with enhanced protections.
  • TER does not engage in profiling or automated decision-making that produces legal or similarly significant effects on Puerto Rico consumers.
  • Puerto Rico consumers may exercise their privacy rights by contacting privacy@theestatereserve.com.

21. Biometric Data Practices

In compliance with the Illinois Biometric Information Privacy Act (740 ILCS 14), the Texas Capture or Use of Biometric Identifier Act (Tex. Bus. & Com. Code Ann. § 503.001), the Washington Biometric Identifier statute (RCW 19.375), and similar state biometric privacy laws:

  • Purpose: TER collects facial geometry data solely for the purpose of verifying guest identity at check-in by comparing check-in photographs against government-issued ID.
  • Consent: Biometric data is collected only after obtaining your informed, written consent.
  • Storage: Biometric data is stored using AES-256 encryption in access-controlled environments.
  • Retention: Biometric data is retained for no more than 30 days after checkout, then permanently destroyed.
  • Destruction: Upon expiration of the retention period, biometric data is destroyed using industry-standard data sanitization methods (NIST 800-88 guidelines).
  • Disclosure: Biometric data is never sold, leased, traded, or otherwise disclosed to third parties, except as required by valid legal process.
  • Opt-Out: You may decline biometric verification; alternative identity verification methods (manual ID inspection, verification questions) will be provided at no inconvenience.
  • Written Policy: TER maintains a publicly available written policy governing the collection, retention, and destruction of biometric data, available upon request.

22. Data Retention

We retain personal information for as long as necessary to fulfill the purposes outlined in this policy, or as required by law. Booking records are retained for 7 years for tax and legal compliance. Government-issued ID collected at check-in is retained for no more than 30 days after checkout, then securely destroyed. Marketing consent records are retained for the duration of the consent plus 3 years. You may request deletion at any time, subject to legal retention requirements. AI concierge messages: retained for 90 days for service quality and safety review, then automatically and permanently deleted. Biometric identifiers: retained for no more than 30 days after checkout, then securely destroyed using industry-standard data sanitization methods. Service worker cache data: stored locally on your device and managed by your browser settings.

23. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. For material changes, we will provide notice via email or a prominent notice on our website.

24. Contact

For privacy inquiries, data access requests, or complaints, contact us at privacy@theestatereserve.com or by WhatsApp at +1 (786) 820-0234.

See also: Cookie Policy · Terms of Service · Booking Terms