Privacy Policy
Effective from 5 April 2026
In short
ErasBook respects your privacy. We only collect data necessary to provide our services, we never sell your data to third parties, and we give you full control over your information. You can request the deletion of your account and data at any time.
Important note: ErasBook is in no way affiliated, associated, or connected with the Erasmus+ programme of the European Union or any governmental institution. ErasBook is an independent service operated by World in a Point Ltd.
1. Who we are
The data controller for your personal data is:
20 Princes Avenue, Liverpool, L8 2TB, United Kingdom
Email: privacy@erasbook.com
Website: erasbook.com
This Privacy Policy applies to all services offered by ErasBook, including but not limited to: social networking, accommodation booking, messaging, video calls, study rooms, groups, and circles.
2. What data we collect
2.1 Data you provide directly
| Data | Purpose |
|---|---|
| First name, last name | Account identification and public profile |
| Login, communications, password recovery | |
| Date of birth | Minimum age verification (16 years) and personalisation |
| Country and city | Content and language personalisation |
| Profile photo | Visual identification in the social network |
| Phone number (optional) | Account security and host communications |
| Payment data | Payment processing via Stripe (we do not store card data) |
2.2 Data generated by your use
| Data | Purpose |
|---|---|
| Published content (posts, photos, comments) | Social network functionality |
| Messages and chats | Messaging service |
| Bookings and reviews | Accommodation booking service |
| Connections (friends, groups, circles) | Social features |
| IP address and device data | Security, fraud prevention, technical analysis |
| Cookies and browsing data | Site functionality and analytics (see Cookie Policy) |
2.3 Host data
If you register as a Host, we additionally collect:
- Business name and company details
- VAT number / Tax ID
- Banking details for payments (managed via Stripe Connect)
- Property information (descriptions, photos, prices, availability)
3. How we use your data
- Service provision: registration, profile, social network, bookings, messaging, video calls, study rooms
- Payments: transaction processing via Stripe
- Communications: booking notifications, service updates, responding to enquiries
- Security: account protection, fraud prevention, content moderation
- Service improvement: aggregate analytics to improve user experience
- Legal obligations: compliance with tax and legal requirements
We do NOT use your data to:
- Sell personal information to third parties
- Automated profiling for targeted advertising (we do not display ads)
- Automated decisions producing legal effects
4. Legal basis for processing
Under the GDPR (EU Regulation 2016/679) and UK GDPR, we process your data on the basis of:
- Contract performance (Art. 6(1)(b)): to provide the services you requested
- Consent (Art. 6(1)(a)): for marketing communications, non-essential cookies
- Legitimate interest (Art. 6(1)(f)): for platform security, fraud prevention, service improvement
- Legal obligation (Art. 6(1)(c)): to comply with tax, accounting, and legal requirements
5. Who we share your data with
| Recipient | Data shared | Reason |
|---|---|---|
| Hosts (property owners) | Name, email, stay dates | Booking management |
| Stripe Inc. | Payment data | Secure payment processing |
| Law enforcement | Data required by law | Legal obligation upon authority request |
We never sell your personal data to third parties.
6. Data retention
| Data type | Period |
|---|---|
| Active account | For as long as you use the service |
| Inactive account | Deleted after 3 years of inactivity |
| Booking data | 5 years (tax obligations) |
| Payment/invoice data | 10 years (UK tax obligation - HMRC) |
| Messages | 1 year after account deletion |
| Access logs (IP) | 6 months |
| Report data | 3 years |
| After deletion request | Deleted within 30 days |
7. Your rights
Under the GDPR and UK GDPR, you have the following rights:
- Right of access (Art. 15): request a copy of all data we hold about you
- Right to rectification (Art. 16): correct inaccurate or incomplete data
- Right to erasure (Art. 17): request deletion of your account and data
- Right to portability (Art. 20): request your data in a readable format (JSON/CSV)
- Right to object (Art. 21): object to processing based on legitimate interest
- Right to restriction (Art. 18): request restriction of processing
- Right to withdraw consent: withdraw consent at any time
To exercise your rights, contact us at privacy@erasbook.com. We will respond within 30 days.
You also have the right to lodge a complaint with the relevant data protection authority:
- United Kingdom: ICO (Information Commissioner's Office) — ico.org.uk
8. Data security
- SSL/TLS encryption for all communications
- Passwords encrypted with bcrypt algorithm
- Data access limited to authorised personnel
- Encrypted daily backups
- Payments managed by Stripe (PCI DSS Level 1 certified)
- Continuous security monitoring
In the event of a data breach, we will notify the relevant authority within 72 hours and affected users without undue delay, as required by Articles 33 and 34 of the GDPR.
9. International data transfers
Your data is stored on servers located in the European Union. Where transfers outside the EEA are necessary (e.g., to Stripe Inc. in the United States), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.
10. Children
ErasBook is restricted to persons aged 16 years or older. We do not knowingly collect personal data from children under 15. If we become aware that a user is under 15, we will immediately delete the account and related data.
11. Cookies
We use cookies and similar technologies for site functionality. For detailed information, please see our Cookie Policy.
12. Changes to this Policy
We reserve the right to update this Policy. In case of substantial changes, we will inform you via email or platform notification. The date of the last update is shown at the top of this document.
13. Contact
Email: privacy@erasbook.com
Address: 20 Princes Avenue, Liverpool, L8 2TB, United Kingdom
14. Applicable legislation
- Regulation (EU) 2016/679 — General Data Protection Regulation (GDPR)
- UK General Data Protection Regulation (UK GDPR)
- Data Protection Act 2018 (United Kingdom)
- Directive 2002/58/EC (ePrivacy)
- Regulation (EU) 2022/2065 — Digital Services Act (DSA)
- Lei Geral de Proteção de Dados (LGPD) — Brazil
- UK Online Safety Act 2023