Privacy Policy
Last updated: April 28, 2026
๐ Short version: We see only the hotel pages you actively click "Compare" on. We never track your general browsing. Your email is stored only to send price-drop alerts โ nothing else.
๐ฐ Affiliate disclosure: HotelDrop earns a commission when you click a "Book now" link inside the extension and complete a hotel booking. The price you pay does not change. Full details in ยง8 below.
1. What HotelDrop Does
HotelDrop is a Chrome browser extension. When you visit a supported hotel booking page (Booking.com, Hotels.com, Expedia, Agoda, and others), it fetches prices from competing booking sites and displays them in an overlay panel. You can optionally save a hotel "watch" and provide your email address to receive a price-drop alert.
2. Data We Collect
We collect the minimum necessary to run the product:
- Install ID โ a randomly generated identifier (e.g.
iid_a3f7b12โฆ) created on first install. Not linked to your identity. Used to deduplicate API requests and enforce rate limits.
- Hotel watch data โ when you click "Watch this hotel," we store: hotel name, hotel ID on the source booking site, check-in/check-out dates, guest count, your email address, and the current price at the time of the watch. Stored server-side solely to run price checks and send you alerts.
- Email address โ collected only when you set a price-drop alert. Used exclusively to send you alerts for that specific hotel watch. Never used for marketing without your separate opt-in.
- Affiliate click data โ when you click a "Book now" button inside the HotelDrop panel, we log: the destination site, the watch ID (if applicable), a timestamp, and your install ID. Used to measure which affiliate links result in bookings and to attribute commissions.
- Anonymous usage events โ things like "comparison triggered," "watch added," "alert sent." These contain no personal data beyond install ID. Used only for product improvement.
3. Data We Do NOT Collect
- Your general browsing history โ we only activate on the 11 supported booking sites
- Your actual booking details, payment information, or booking confirmation
- Your name, location, or any demographic data
- Chat content, searches you perform on booking sites, or any content outside hotel comparison pages
- Any data from sites other than the 11 supported booking sites listed in our manifest
4. Chrome Permissions Explained
HotelDrop requests the following Chrome permissions:
- storage โ to save your local watch list and install ID in the browser.
- activeTab โ to read the hotel ID and dates from the current booking page when you open the panel. We read URL parameters and a small number of DOM elements (hotel name, dates, displayed price) โ never full page content.
- notifications โ to optionally show a Chrome notification when a price-drop alert fires while your browser is open.
- host_permissions (11 booking sites) โ to inject the comparison overlay on those specific sites only. We do not request broad host permissions (<all_urls>).
5. How We Use Your Data
- Price comparison โ your hotel ID and dates are sent to our API, which queries the Travelpayouts hotel price aggregator and returns competing prices. No personal data is included in this query.
- Price-drop alerts โ if you set a watch, our backend checks the price every 6 hours. If it drops โฅ5%, we send one email to the address you provided with the new price and a booking link.
- Affiliate attribution โ click data is used to claim commissions from booking sites. We do not sell this data to third parties.
- Product improvement โ anonymous event counts help us understand which booking sites produce the most useful comparisons.
6. Data Retention
- Hotel watches โ retained until your check-in date has passed, then deleted automatically within 7 days.
- Email addresses โ deleted when you unsubscribe or when all your watches expire. You can request deletion at any time (see ยง10).
- Affiliate click logs โ retained for 90 days for commission reconciliation, then deleted.
- Anonymous event logs โ retained for 12 months, then deleted.
7. Third-Party Services
- Travelpayouts / Hotellook โ hotel price aggregation API. Queries include hotel ID, dates, and guest count. No personal data is sent. Travelpayouts Privacy Policy.
- Resend โ transactional email service for price-drop alerts. Receives your email address only. Resend Privacy Policy.
- Neon (Postgres) โ database hosting for watch data. Data is encrypted at rest. Neon Privacy Policy.
- Vercel โ hosts our API serverless functions. Processes only the data described in ยง2. Vercel Privacy Policy.
8. Affiliate Disclosure (Required by FTC and CWS Policies)
HotelDrop is funded entirely by affiliate commissions. When you click a "Book now" button inside the HotelDrop panel and complete a hotel booking on the destination site, HotelDrop receives a commission from that booking site โ typically 2โ5% of the room rate.
This commission does not change the price you pay. You pay exactly the same amount whether you go through HotelDrop or visit the booking site directly.
HotelDrop does not inject affiliate codes into any other shopping, does not modify prices, and does not suppress cheaper options to favour higher-commission ones. Prices are always sorted cheapest-first.
This disclosure satisfies the requirements of: FTC's Guides Concerning the Use of Endorsements and Testimonials (16 CFR ยง255), the Chrome Web Store Developer Program Policies (ยง4.4 โ Affiliate Programs), and the EU's Digital Services Act transparency obligations.
9. Your Rights (GDPR / CCPA)
If you are located in the EU, UK, or California, you have the following rights:
- Access โ request a copy of the personal data we hold about you
- Correction โ request correction of inaccurate data
- Deletion โ request deletion of your personal data (email + watches)
- Portability โ receive your data in a machine-readable format
- Objection โ object to processing for legitimate interest purposes
To exercise any of these rights, email [email protected]. We will respond within 30 days.
10. Unsubscribe and Data Deletion
Every price-drop email we send includes an unsubscribe link. Clicking it immediately stops all alerts for that watch and marks the email for deletion within 7 days.
To delete all your data (email address + all watches), email [email protected] with subject "Data deletion request." We will confirm deletion within 30 days.
11. Children
HotelDrop is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has provided us data, please contact [email protected].
12. Changes to This Policy
If we make material changes, we will update the "Last updated" date above. For changes that affect how we use email addresses, we will send a notification to affected addresses before the change takes effect.
13. Contact
Privacy questions: [email protected]
For CWS reviewer questions about this policy, the extension's data practices are summarised in the Chrome Web Store listing under "Privacy practices."