Data Protection

1. The Threat We Designed Against

Before writing a single line of code, we ran our own analysis of how competing rental sites expose owner data. We found four techniques used by scrapers:

• Plain HTML scraping — crawlers read tel: and mailto: links directly from page source. No JavaScript needed.
• Headless browsers — tools like Playwright execute JavaScript and decode client-side obfuscation (including base64-encoded contact details) in milliseconds.
• Unauthenticated APIs — many platforms expose owner PII via public REST endpoints with no authentication, making mass collection trivial.
• Rate limit evasion — scrapers use residential proxy pools and random delays (2–8 seconds between requests) to defeat naive IP-based rate limiting.

2. What Owner Data We Collect

• Name — used on your listing and in communication with renters.
• Email address — used to deliver inquiry notifications. Never shown in page HTML.
• Phone number — displayed only for Featured and Spotlight plans, decoded client-side via JavaScript (never in raw HTML).
• Payment information — processed exclusively by Stripe. We never store card numbers.

3. How We Protect Owner Contact Info

• Email never appears in HTML — owner email addresses are used server-side only (to deliver inquiry notifications via Resend). They are never included in any HTTP response, even encoded.
• Phone gated by plan — phone numbers are only surfaced for Featured and Spotlight subscribers, and only decoded client-side via JavaScript. Plain-HTML scrapers see nothing.
• Name truncation on lower plans — Basic and Owner plan listings show “First L.” format instead of full name, making scraped data less useful for cross-referencing.
• Address precision control — you choose: Hidden (nothing shown), General (“The Villages, FL”), or Exact (full street address). Default is General.
• No public owner API — there is no unauthenticated endpoint that returns owner contact data. The owner profile API requires a valid session.
• PII scoped at query time — for plans that don’t qualify for phone or email display, our database queries return null for those fields. The data never reaches the render layer.

For Property Owners

As a property owner on Stay The Villages, you have direct control over what renters can see. Here’s what you can manage per-listing:

• Address precision — choose Hidden (nothing shown), General (village name only — default), or Exact (full street address). This applies to both the map embed and Google structured data.
• Phone display per listing — Featured and Spotlight plan owners can suppress phone display on individual listings even when their plan includes it. Renters can still contact you through the inquiry form.
• Email is always private — your email address is never shown publicly, regardless of plan. All contact routes through our secure inquiry form.

Manage these settings in your property editor under Policies → Privacy & Visibility.

4. How We Protect Renter Info

• Inquiry details (name, email, phone, message) are shared only with the owner of the specific property you inquired about.
• We never sell, trade, or share renter contact information with third parties.
• Inquiry data is retained for up to 2 years and can be deleted on request.

5. Our Technical Safeguards

• Server-side rate limiting — all public mutation endpoints (inquiry forms, newsletter signup, login, registration) enforce per-IP request limits enforced in our database, independent of JavaScript.
• Cloudflare Turnstile CAPTCHA — challenge verification on all public forms, in addition to rate limiting.
• Honeypot fields — invisible fields on inquiry and contact forms that automated tools fill in, triggering silent discard of the submission.
• HTTPS everywhere — all traffic is encrypted in transit via Cloudflare.
• bcrypt password hashing — owner passwords are hashed with bcrypt before storage. We cannot recover them.
• JWT auth on all owner routes — owner portal and admin routes require a valid signed session token stored in an httpOnly cookie.
• Docker-isolated deployment — the application runs in an isolated Docker container with no direct database exposure to the internet.

6. Bot Blocking Policy

We allow most crawlers — including search engines, AI assistants, and SEO tools we use for our own performance tracking (Ahrefs, Data for SEO). We block scrapers that are primarily used to harvest contact data for resale or competitor intelligence:

• SemrushBot
• MJ12bot
• DotBot
• PetalBot
• serpstatbot
• Bytespider

These are disallowed via robots.txt. Compliant crawlers will honor this. Combined with rate limiting and honeypots, this creates meaningful friction for non-compliant scrapers.

7. Report a Concern

If you believe your contact information has been harvested from this platform, or if you discover a security vulnerability, please email us at [email protected]. We commit to responding within 48 hours.