Privacy Policy

Updated:5 November, 2025

The protection of your personal data is very important to us. This Privacy Policy explains how blankbase ('we,' 'us,' or 'our') collects, uses, and protects your personal data in accordance with the EU General Data Protection Regulation.

1. Who We Are

The data controller responsible for the processing of your personal data is

blankbase GmbH
Selma-Steinmetz-Gasse 6/22
1210 Wien
AUSTRIA

For any questions regarding this Privacy Policy or your rights, please contact us at:

Email: privacy@blankbase.io
Website: www.blankbase.io

2. The Data We Collect and Why We Collect It

We process personal data to provide our online booking platform for digital nomads, which helps you find or rent homes with workspaces and reliable internet for up to 6 months. The data we collect depends on your interaction with our services.

The following are the key processing activities:

a) User Account & Profile Management

We process your personal data to enable you to register for a user account, log in, maintain your profile, and utilize our platform's services. The personal data collected for this purpose includes your name, email, phone number, date of birth, profile photo, password, nationality, preferred currency, and username. This information is provided directly by you, but we may also collect data automatically from your device to enhance the functionality and security of your account. The legal basis for this processing is the performance of a contract, as per GDPR Art. 6(1)(b).

b) Booking & Reservation Management

To facilitate the booking process between guests and hosts, we process personal data related to reservations, communication, and payments. This includes the names of guests, contact details, payment information, booking dates, and other details provided during the booking process. We also process personal data to manage reservation details and to send transactional emails and notifications to you regarding your booking. This data includes your name, email address, phone number, and any additional details you provide during the booking process. All this processing is necessary for the performance of the contract between us and our users, in accordance with GDPR Art. 6(1)(b).

c) Listing Creation & Management for Hosts:

To enable hosts to create, publish, and manage their property listings, we process the personal data required for a complete and accurate listing. This includes the property address, property description, photos, amenities, availability, pricing, and house rules. This processing is necessary for the performance of the contract between us and our users, as per GDPR Art. 6(1)(b).

d) Payment Processing

To process payments from guests and payouts to hosts, we collect and process financial data. This includes guest payment information (credit card number, full name, billing address, security code, payment token) and host payout data (bank details, full name, billing address). This processing is necessary for the performance of the contract between us and our users, as per GDPR Art. 6(1)(b).

e) Marketing & Communications

We process your personal data for marketing and communications purposes. This includes sending you newsletters, promotional materials, and platform updates. We also allow you to manage your marketing and transactional communication preferences, including email, SMS, and push notifications. The personal data we collect for these purposes includes your name, email address, phone number, and notification settings. We also process information about your interests (based on your searches, bookings, and platform activity) and platform usage data (such as clicks and session duration) to tailor our communications to you. This processing is based on your explicit consent, as per GDPR Art. 6(1)(a). You have the right to withdraw your consent at any time.

f) Analytics, Research and Development

To analyze user behavior, understand trends, develop new features, and improve the platform’s functionality and user experience, we process data such as user IDs, interaction data (clicks, session duration, features used), and other non-identifiable usage metrics. This processing is based on our legitimate interests in improving our services, as per GDPR Art. 6(1)(f). When user-identifiable data is used for specific research, A/B testing with a significant impact, or user interviews, we do so based on your consent as per GDPR Art. 6(1)(a).

g) Customer Service & Dispute Resolution

We process your personal data to provide customer support, resolve disputes between guests and hosts, and address any inquiries or issues you may have. The personal data collected for these purposes includes your name, email address, booking details, and communication logs related to your inquiry. The legal basis for this processing is a combination of the performance of a contract, as per GDPR Art. 6(1)(b), when related to a specific booking, and our legitimate interests in providing quality service and resolving conflicts, as per GDPR Art. 6(1)(f).

h) Legal Purposes

We process your personal data to comply with legal obligations, which include maintaining records for tax and accounting purposes, preventing fraud, and responding to lawful requests from authorities. The specific data processed for these purposes includes financial and transaction data, seller identification data, property information, booking data, and communication logs (as required by law). The personal data processed for this purpose is limited to what is necessary to meet these legal requirements. Our legal basis for this processing is compliance with a legal obligation, as per GDPR Art. 6(1)(c)

i) Financial Management & Operations

To manage our internal finances, comply with accounting standards, and prepare financial statements, we process personal data such as transaction records, payout records, service fees, and tax-related information. Our legal basis for this processing is to comply with our legal obligations, as required by GDPR Art. 6(1)(c).

3. How We Share Your Data

The use of our website is possible without providing personal data, but certain core services, like creating an account or making a booking, require it.

When you provide personal data for a specific purpose (e.g., subscribing to a newsletter), we may pass on the necessary information to companies that process data on our behalf. We only commission third-party companies that are subject to and compliant with the GDPR.

We may share your personal data with the following categories of recipients:

Cloud Hosting Provider: We use a cloud hosting provider to store and manage your data. The hosting provider is headquartered in the USA, but we use EU server locations for data protection compliance.
Other Users: We share necessary booking and contact information between guests and hosts to facilitate the booking process.
For Legal Compliance: We may be required to share your data with government authorities, tax officials, or law enforcement agencies to comply with legal obligations or to protect our rights and the rights of others.
Third-party Service Providers: We use various third-party providers to help us operate our business, such as payment processors, cloud hosting providers, and email marketing services. These providers only process your data on our behalf and in accordance with our instructions.

4. International Data Transfers

Your data may be transferred to a third country, specifically the USA, for cloud hosting services. We ensure that such transfers are protected by appropriate safeguards in accordance with the GDPR, such as Standard Contractual Clauses (SCCs).

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for legal, accounting, or reporting requirements.

Core Account Data: Retained for 7 years after account closure or last activity, for legal defense, tax, fraud prevention, and regulatory compliance.
Profile Photos & Non-essential details: May be deleted sooner, upon your request.
Booking Data: Retained as long as necessary to facilitate the service and for legal purposes.
Marketing Data: Retained until you withdraw your consent.
Financial Data: Retained for 7 years from the end of the relevant fiscal year to comply with statutory retention periods.
Shared Information: Information you have shared with others, such as reviews and public profile details, may remain publicly visible on the platform even after your account is canceled.

6. Your Data Protection Rights

Under GDPR, you have the following rights:

The right to access: You have the right to request copies of your personal data.
The right to rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
The right to erasure: You have the right to request that we erase your personal data, under certain conditions.
The right to restrict processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
The right to object to processing: You have the right to object to our processing of your personal data, under certain conditions.
The right to data portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
The right to withdraw consent: Where our processing is based on your consent, you have the right to withdraw that consent at any time.

To exercise any of these rights, please contact us at the address provided in Section 1.

7. How to Contact the Supervisory Authority

If you have a complaint about how we handle your data, you have the right to lodge a complaint with the data protection authority in Austria.

Austrian Data Protection Authority:

Österreichische Datenschutzbehörde
Barichgasse 40-42, 1030 Vienna
Phone: +43 1 52 152-0
Email: dsb@dsb.gv.at
www.dsb.gv.at

8. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the 'Effective Date' at the top.