Get Paid to Book Hotels Directly

Privacy Policy

Last Updated April 29, 2025

Consumer Privacy Policy

This Privacy Policy explains how Direct+ (Roomza, Inc., "we," "our," "us") collects, uses, shares, and protects your personal information when you interact with our Platform or receive Incentive payments. By using Direct+, you agree to the practices described below.

1. Information We Collect

We do not knowingly collect data from children under 13. If we learn that we processed such data, we will delete it promptly.

2. How We Use Your Information:

3. Legal Bases for Processing (GDPR)

We rely on one or more of the following: (a) performance of our contract with the Lodging Provider; (b) your consent (e.g., marketing emails); (c) legitimate interests such as fraud prevention and service improvement; (d) legal obligations.

4. How We Share Information

We do not sell or rent your personal information for monetary consideration.

5. Cookies & Tracking Technologies

We use cookies, pixel tags, and similar technologies to:

You can disable cookies in your browser, but the Platform may not function properly.

6. Your Choices & Rights

7. Security

We implement administrative, technical, and physical safeguards (encryption in transit, ISO‑27001 cloud infrastructure, role‑based access controls) to protect your information. No system is 100 % secure, and you share data at your own risk.

8. Data Retention

We retain personal information for as long as necessary to provide services, resolve disputes, comply with legal obligations, and enforce agreements. Typical retention periods:

9. International Transfers

Your information may be transferred to and processed in the United States or other countries where we or our service providers operate. We rely on Standard Contractual Clauses or equivalent safeguards for EU data transfers.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the revised version with a new "Last updated" date. Material changes will be notified via email or prominent Platform notice.

11. Contact Us

For privacy questions, data‑subject requests, or complaints:

Rewarding stays for guests, direct relationships for travel partners.

Rewarding stays for guests, direct relationships for travel partners.

Rewarding stays for guests, direct relationships for travel partners.

Rewards processed by TREMENDOUS

© 2025 Roomza, Inc. All rights reserved. Direct+ is a trademark of Roomza, Inc. Venmo® is a trademark of PayPal, Inc. Visa® is a trademark of Visa International Service Association. A Direct+ loyalty account is automatically created with each direct booking. Perks are loyalty-based and apply only to direct stays at participating parties.

See the full Terms of Service and Privacy Policy at directplus.com/terms.

Privacy Policy

Consumer Privacy Policy

This Privacy Policy explains how Direct+ (Roomza, Inc., "we," "our," "us") collects, uses, shares, and protects your personal information when you interact with our Platform or receive Incentive payments. By using Direct+, you agree to the practices described below.

1. Information We Collect

Category

Examples

Source

Reservation Data

Guest name, email, phone, stay dates, room type, rate, confirmation number

Provided by the Lodging Provider via PMS/API

Incentive & Payout Data

Incentive amount, payout method, redemption status, KYC/Tax forms

You; Tremendous; payment rails

Support & Communications

Chat transcripts, emails, call recordings

You

Usage Data

IP address, browser type, device ID, page views, referral URLs, cookies

Your device; analytics providers

Marketing Preferences

Email opt‑in/opt‑out status, click‑through metrics

You; email service provider

We do not knowingly collect data from children under 13. If we learn that we processed such data, we will delete it promptly.

2. How We Use Your Information:

Fulfil and track Incentive payments

Send booking confirmations, payout links, and service updates

Provide 24 ⁄ 7 concierge and customer support

Detect and prevent fraud, chargebacks, or abuse

Improve and personalize the Platform (analytics, A/B testing)

Comply with legal obligations (KYC, tax reporting)

3. Legal Bases for Processing (GDPR)

We rely on one or more of the following: (a) performance of our contract with the Lodging Provider; (b) your consent (e.g., marketing emails); (c) legitimate interests such as fraud prevention and service improvement; (d) legal obligations.

4. How We Share Information

Recipient

Purpose

Notes

Lodging Provider

Reservation management, guest service

Data owner; receives full stay and Incentive details

Tremendous

Issuing payouts, fraud screening, tax reporting

Governed by Tremendous Terms & Privacy Policy

Stripe & Other Payment Processors

Balance top‑ups, refunds, chargeback handling

PCI‑compliant

Service Vendors

Cloud hosting, email/SMS, analytics, customer support tools

Contractually bound to confidentiality

Law Enforcement

Fraud investigations, legal requests

Only when required or to protect rights

Business Transfers

Merger, acquisition, or asset sale

Users will be notified of material changes

We do not sell or rent your personal information for monetary consideration.

5. Cookies & Tracking Technologies

We use cookies, pixel tags, and similar technologies to:

Keep you signed in and remember preferences

Measure email open/click rates

Analyze site traffic and usage patterns

You can disable cookies in your browser, but the Platform may not function properly.

6. Your Choices & Rights

Marketing Opt‑Out: Click "unsubscribe" in any Direct+ marketing email.

Access / Correction: Email privacy@directplus.com to request a copy of your data or correct inaccuracies.

Deletion: You may request deletion of personal data that is not required to fulfil legal or contractual obligations.

California & GDPR Rights: Where applicable, you may exercise rights to data portability, restriction, or objection to processing.

7. Security

We implement administrative, technical, and physical safeguards (encryption in transit, ISO‑27001 cloud infrastructure, role‑based access controls) to protect your information. No system is 100 % secure, and you share data at your own risk.

8. Data Retention

We retain personal information for as long as necessary to provide services, resolve disputes, comply with legal obligations, and enforce agreements. Typical retention periods:

Reservation records: 7 years

Payout records & KYC: 7 years

Support logs: 3 years

9. International Transfers

Your information may be transferred to and processed in the United States or other countries where we or our service providers operate. We rely on Standard Contractual Clauses or equivalent safeguards for EU data transfers.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the revised version with a new "Last updated" date. Material changes will be notified via email or prominent Platform notice.

11. Contact Us

For privacy questions, data‑subject requests, or complaints:

Provide 24 ⁄ 7 concierge and customer support

We implement administrative, technical, and physical safeguards (encryption in transit, ISO‑27001 cloud infrastructure, role‑based access controls) to protect your information. No system is 100 % secure, and you share data at your own risk.

Mail (NY): Direct+ Privacy, Roomza, Inc., 228 Park Ave S, 24‑446, New York, NY 10003

Mail (DE): Direct+ Privacy, Roomza, Inc., 2810 N Church St, 24‑446, Wilmington, DE 19802