Privacy Policy — Caxa Stays | Book Direct & Save

Privacy Policy
Effective Date: February 2026

Caxa Stays, operated by Eternus LLC (Wyoming LLC, EIN 93-2238177, 30 North Gould Street, Sheridan, WY 82801), is committed to protecting your privacy. This Policy explains how we collect, use, and share your personal information under applicable laws including Colombian data protection law (Ley 1581 de 2012), GDPR, and CCPA.

1. Scope
This Policy applies to all guests, visitors, and users who interact with our booking platform (book.caxastays.com), our properties in Medellín and El Retiro, Antioquia, Colombia, and our services.

2. Information We Collect
Booking & Contact: Full legal name, email, phone, address, check-in/out dates, number of guests, special requests.

Government-Required ID (SIRE/TRA): Full legal name (as on travel documents), nationality, passport or cédula number, passport issue/expiration dates, date of birth, country of origin and residence. Required by Colombian immigration and tourism law.

Payment: Credit/debit card details (processed and tokenized via Stripe — we do not store full card numbers), billing address, transaction history.

Device & Usage: IP address, device/browser type, pages visited, referral source, booking history.

Property Monitoring: Minut noise sensor readings (decibel levels and timestamps only — no audio or conversation recording), smart lock access logs, building security records.

Communications: Email correspondence, chat messages, support tickets, feedback.3. How We Use Your Information
We use your data for: processing reservations and payments; sending booking confirmations and access instructions; coordinating check-in/out; managing guest communications; complying with Colombian government reporting (SIRE & TRA — see Section 4); tax and financial reporting (DIAN, IRS); fraud prevention via Google reCAPTCHA; property security monitoring; marketing communications (opt-in only); and service improvement through anonymized analytics.

4. Government Reporting (SIRE & TRA) — Mandatory
This is a mandatory legal obligation under Colombian law, not optional.

SIRE (Sistema de Información para el Reporte de Extranjeros): All foreign guests are reported to Migración Colombia within 24 hours of check-in, including: name, nationality, passport number, date of birth, arrival/departure dates, country of origin, and accommodation address. Legal authority: Resolución 3131 de 2004, Ley 2068 de 2020.

TRA (Tarjeta de Registro de Alojamiento): All guests (Colombian and foreign) complete a registration card including: name, government ID number, country of origin/residence, dates of stay, and purpose of visit. Legal authority: Decreto 2590 de 2009, Ley 2068 de 2020.

Government reporting cannot be opted out of. You have the right to know what is reported and to request access to your data. Complaints may be filed with the SIC (Superintendencia de Industria y Comercio).5. Third-Party Data Sharing
We share information with:

Stripe: Payment processing (independent data controller; see stripe.com/privacy)
Hostaway: Property management and booking platform (data processor)
Google reCAPTCHA: Fraud prevention (processes IP and device info)
Channel partners: Airbnb, Vrbo, Booking.com for multi-channel inventory management (independent controllers)
PriceLabs: Dynamic pricing (receives only aggregated, anonymized data — no PII)
Government authorities: Migración Colombia (SIRE), DIAN (tax), SIC (data protection), and law enforcement when required by law or legal process
We do not sell your personal data. Information is shared only as described above to provide services, comply with legal obligations, or with your consent.

6. Cookies & Tracking
We use essential cookies (site functionality), analytical cookies (usage tracking via Google Analytics), and marketing cookies (with consent). You can control cookies through browser settings. For EU residents, we obtain consent before non-essential cookies. Disabling cookies may affect functionality.

7. Data Retention
Booking & contact info: Duration of stay + 7 years (accounting/disputes)
Government ID/passport data: Minimum 5 years per Colombian law (SIRE, TRA, tax)
Payment data: Per Stripe’s retention policy (typically 7 years for PCI DSS)
Communications: 2 years or until dispute resolution
Analytics/cookies: 24 months or until cleared
Marketing: Until you unsubscribe
After retention periods expire, data is securely deleted or anonymized unless legally required to retain.8. International Data Transfers
Your data is collected in Colombia but may be transferred to the United States for booking management, cloud storage, financial reporting, and payment processing. We rely on contractual protections and your consent. We ensure safeguards equivalent to Colombian data protection standards (Ley 1581 de 2012).

9. Colombian Data Protection (Habeas Data)
Under Ley 1581 de 2012, you have the Habeas Data right to: know what data we hold; access a copy; rectify inaccurate data; request deletion (subject to legal retention); and object to marketing. Complaints may be filed with the SIC (sic.gov.co).

10. GDPR Rights (EU/UK/EEA Residents)
We process data under GDPR legal bases: contract performance, legal obligation, legitimate interest, and consent. You have rights to: access, rectification, erasure, restrict processing, data portability, object to processing, and lodge complaints with your local data protection authority. Direct GDPR inquiries to caxastays@gmail.com.

11. CCPA Rights (California Residents)
Under CCPA/CPRA, you have rights to: know what data is collected; request deletion; opt out of data sale (we do not sell data); request correction; and non-discrimination for exercising rights.

12. Children’s Privacy
Our platform is not for children under 13. Minors under 18 cannot book independently. When minors stay at our properties, we collect their data (name, date of birth, passport/cédula, birth certificate) as required by Colombian law including Law 679 of 2001 (prevention of exploitation of minors in tourism) and Decreto 2590 de 2009. Parents/guardians may request access to or deletion of their child’s data at caxastays@gmail.com.13. Security
We use SSL/TLS encryption, secure storage with restricted access, authentication controls, Google reCAPTCHA fraud prevention, and regular security reviews. No online platform is completely secure; use of our services is at your own risk. In the event of a data breach, we will notify affected individuals and authorities as required by law.

14. Changes & Contact
We may update this Policy to reflect legal or business changes. Material changes will be communicated via email or website notice. Continued use constitutes acceptance.

Contact for privacy inquiries and data subject requests:

Eternus LLC d/b/a Caxa Stays
30 North Gould Street, Sheridan, WY 82801
Email: caxastays@gmail.com | Web: book.caxastays.com

To exercise your rights, email us with your name, booking reference, and type of request (access, rectification, deletion, portability). Response within 30 days (Colombian law) or 45 days (GDPR).

Complaints: SIC (sic.gov.co) for Colombia; your local DPA for EU; California AG for CCPA.

15. Bilingual Notice
This Privacy Policy is in English. A Spanish version may be requested from caxastays@gmail.com. For Colombian residents, the Spanish version prevails where required by law. For all others, English prevails.

Aviso: Esta Política de Privacidad está disponible en inglés. Para huéspedes residentes en Colombia, una versión en español puede ser solicitada a caxastays@gmail.com. En caso de conflicto entre versiones, la versión en español prevalecerá para residentes colombianos.

Last Updated: February 2026 | Eternus LLC (WY, EIN 93-2238177) | book.caxastays.com | caxastays@gmail.com

Last Updated: February 2026

Eternus LLC, operating as Caxa Stays, respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and make a booking with us.

1. Information We Collect

We collect information in the following ways:

Booking Information: Name, email address, phone number, date of birth (age verification), check-in and check-out dates, number of guests, and property preferences.
Payment Information: Credit card details and billing address. Payment processing is handled entirely by Stripe; we do not store full payment card numbers on our servers.
Communication Information: Messages sent through our booking platform, support inquiries, and preferences for marketing communications.
Technical Information: IP address, browser type, device type, pages visited, time spent on site, referring website, and cookies (see Cookie Policy below).
Location Data: We may collect general location information for fraud prevention and to customize property recommendations.
Verification Data: Information collected through Google reCAPTCHA to prevent fraud and automated abuse.

2. How We Use Your Information

We use collected information for the following purposes:

Booking Processing: To process reservations, send confirmation emails, and manage check-in/check-out procedures.
Communication: To respond to inquiries, send booking confirmations, updates, and customer support communications.
Payment Processing: To charge your payment method through Stripe and process refunds in accordance with our cancellation policy.
Legal Compliance: To comply with applicable laws, tax obligations, and government requests where legally required.
Fraud Prevention: To detect, prevent, and address fraudulent activity, security issues, and technical problems using reCAPTCHA verification.
Marketing (with consent): To send newsletters, promotional offers, and updates about new properties or special discounts—only if you have opted in.
Service Improvement: To analyze booking patterns, understand guest preferences, and improve our booking experience.
Legal Protection: To establish, exercise, or defend legal claims and protect the rights and safety of Caxa Stays, guests, and the public.

3. Third-Party Service Providers

We share your information with the following third parties to operate our booking engine:

Stripe: Payment processor. Your payment card information is processed by Stripe under their Privacy Policy. We do not store complete payment card numbers.
Hostaway: Our booking platform partner. Guest information necessary for booking management is shared with Hostaway under their data processing terms.
Google reCAPTCHA: Used to verify that you are human and prevent automated abuse. This service collects IP addresses and other data as described in Google's Privacy Policy.
Google Analytics (future implementation): We may implement analytics tools to understand user behavior. These tools do not collect personally identifiable information in their basic configuration.

We do not sell, trade, or rent your personal information to third parties for marketing purposes without your explicit consent.

4. Cookie Policy

Our website uses cookies to enhance your experience. You can control cookie settings through your browser. The types of cookies we use include:

Functional Cookies: Required for booking functionality, session management, and remember preferences (essential for operations).
Analytics Cookies: Used to understand how visitors use our site and to improve our services.
reCAPTCHA Cookies: Set by Google reCAPTCHA to prevent spam and detect abuse.
Consent Cookies: To remember your cookie consent preferences.

A cookie consent banner appears on first visit. By accepting cookies, you consent to their use as described above.

5. Colombian Data Protection (Ley 1581 de 2012 - Habeas Data)

As Eternus LLC operates properties in Colombia, we comply with Colombian data protection law, including Law 1581 of 2012 (the Habeas Data law) and Law 1266 of 2008 (Financial Information Protection). Under these laws, you have the following rights:

Right of Access: You may request to know what personal data we hold about you and how it is being used.
Right of Rectification: You may request correction of inaccurate or incomplete data.
Right of Deletion: You may request deletion of your personal data, subject to legal retention obligations.
Right to Revoke Consent: You may withdraw consent for data processing at any time by submitting a written request, though this does not affect the legality of processing before withdrawal.

The Superintendencia de Industria y Comercio (SIC) is the supervisory authority responsible for enforcing data protection rights in Colombia. If we cannot resolve your data protection concern, you may file a complaint with the SIC.

To exercise any of these rights, contact us at caxastays@gmail.com with the subject line "Data Protection Request."

6. GDPR Compliance (European Union Residents)

If you are a resident of the European Union, United Kingdom, or other GDPR-applicable jurisdiction, the following additional terms apply:

Legal Basis for Processing: We process your data based on: (a) performance of a contract with you; (b) your explicit consent; or (c) our legitimate interests in providing and improving our services.
Data Subject Rights: You have the right to access, rectify, erase, restrict processing, data portability, and object to processing. You also have the right not to be subject to automated decision-making. Contact caxastays@gmail.com to exercise these rights.
International Data Transfer: Your data may be transferred to the United States where Eternus LLC is registered. We ensure adequate safeguards under the EU Standard Contractual Clauses or other GDPR-compliant transfer mechanisms.
Data Protection Officer: Please contact us at caxastays@gmail.com for data protection inquiries.

7. CCPA Compliance (California Residents)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to Know: You may request what personal information we collect, use, share, or sell.
Right to Delete: You may request deletion of personal information we have collected (subject to legal exceptions).
Right to Opt-Out: You may opt out of any sale or sharing of your personal information for cross-context behavioral advertising.
Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To submit a CCPA request, contact us at caxastays@gmail.com with your request details. We will verify your identity and respond within 45 days.

8. Data Retention

We retain your personal information as follows:

Booking Data: Retained for at least 6 years to comply with Colombian tax obligations and transaction record requirements.
Payment Information: Retained only as long as necessary for payment processing and dispute resolution (typically 6-7 years for Colombian and US tax purposes).
Marketing Communications: Retained until you unsubscribe from our mailing list.
Technical and Analytics Data: Typically retained for 12-24 months unless otherwise required by law.
Support Communications: Retained for at least 2 years or as required by applicable law.

Even after deletion, some information may be retained in backup copies for legal compliance, but will not be actively used.

9. International Data Transfers

Eternus LLC is registered in the United States. By booking with Caxa Stays, you acknowledge that your personal information will be transferred to, stored in, and processed in the United States and other countries where our service providers operate. These countries may not have data protection laws equivalent to Colombian or EU laws. We implement appropriate safeguards, including Standard Contractual Clauses, to protect your data during transfer.

10. Children's Privacy

Our booking services are not directed to persons under 18 years of age. You must be at least 18 years old to make a booking and enter into our rental agreement. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will delete such information promptly.

11. Security

We implement industry-standard security measures, including encryption and secure servers, to protect your personal information. However, no method of transmission over the internet is completely secure. While we strive to use commercially reasonable means to protect your information, we cannot guarantee absolute security.

12. Amendments to This Policy

We reserve the right to update this Privacy Policy at any time. Changes will be effective immediately upon posting to our website with an updated "Last Updated" date. Continued use of our booking platform after changes constitutes your acceptance of the updated policy. We recommend reviewing this policy periodically for updates.

Note: If Eternus LLC establishes a Colombian operating entity in the future, this Privacy Policy will be updated to reflect local entity branding and may be supplemented with additional localized compliance measures.

13. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about our privacy practices, please contact us:

Email: caxastays@gmail.com
Company: Eternus LLC d/b/a Caxa Stays
Properties Location: Medellín and El Retiro, Antioquia, Colombia
Website: book.caxastays.com

We will respond to all data requests and privacy inquiries within 30 days of receipt or as required by applicable law.