Privacy Policy

Effective Date: May 11, 2026 Last Updated: May 11, 2026

1. Introduction

Bukavilla LLC, a Texas limited liability company ("Bukavilla," "we," "us," or "our"), respects your privacy. This Privacy Policy explains what personal information we collect, how we use it, who we share it with, how long we keep it, and your rights regarding your data.

This Privacy Policy applies to bukavilla.com, its subdomains (such as auth.bukavilla.com and individual owner storefronts), the Bukavilla mobile applications, and any related services (the "Service"). It is incorporated by reference into the Bukavilla Terms of Service.

If you are in the European Union, United Kingdom, California, Indonesia, or another jurisdiction with mandatory data-protection law, additional rights apply. See Section 9 — Regional Privacy Rights.

2. Information We Collect

2.1 Information You Provide

Account Information (Owners and Guests):

Name and email address
Authentication identifiers from Google OAuth or magic-link (email OTP) sign-in. We do not receive or store your Google password.
Profile information you choose to provide (photo, bio, country)

Villa Owner Information:

Villa details (addresses, photos, descriptions, amenities, pricing, house rules, cancellation policy)
Owner brand information (display name, slug, theme, optional newsletter form)
Subscription billing details (handled by Stripe — see Section 2.4)
Stripe Connect onboarding identity, banking, and KYC information (collected and held by Stripe — see Section 2.4)
DOKU merchant credentials (where Owners enable DOKU as an alternative payment provider)
Content imported from third-party platforms (e.g., Airbnb) at your explicit request — see Section 2.3
Owner mobile-app device tokens for push notifications (FCM registration token; see Section 2.5)

Guest Information:

Booking details (check-in / check-out dates, guest count, special requests)
Guest name, email, and phone (where the Owner requires it for the Booking)
Communications with Owners through the Platform messaging surface
Reviews and ratings you submit
Saved villas list (mobile app) and trips list (mobile app), if you create an account
Marketing-consent flag captured at checkout (off by default; opt-in checkbox)

Marketing-list information (Owners' guest lists):

Owners may build a marketing list (guest_list_entries) with guest email, name, phone, booking history, and a marketing-consent timestamp. Entries originate from past Bookings (with the consent flag), Owner-side imports, or newsletter sign-ups on the Owner's brand page. Each entry has an unsubscribe token.

Waitlist sign-ups:

If you submit your email on a "notify me when villas are listed in [city]" form (interest_signups), we store your email and the location you searched. You can unsubscribe by emailing privacy@bukavilla.com.

2.2 Information Collected Automatically

Usage Data:

Pages visited, actions taken, approximate time on Service
Device information (browser, operating system, screen size, user-agent string)
IP address (collected by our hosting provider for routing, security, and abuse prevention)
Referring URLs
Approximate location derived from IP (city-level; we do not use precise GPS)

We do not currently run a third-party analytics product or behavioural-tracking pixel. If we add one, we will update this Privacy Policy and, where required, present a consent prompt.

Cookies and similar technologies:

Essential cookies set by Supabase Auth for session management and CSRF protection
Local-storage entries for preferences (theme, locale, last-viewed listings)

See Section 8 — Cookies for details.

2.3 Information from Third Parties

Authentication providers. When you sign in via Google, we receive your email address and basic profile information from Google. We do not receive your Google password. On the Bukavilla iOS app, you may instead sign in with Apple, in which case we receive the identifier and (where you authorize it) the email Apple shares — including any private-relay forwarding email Apple may issue on your behalf. Apple Sign-In is not yet available on the web or Android; we will update this Section when it ships there.

Imported Listing Content. When an Owner uses our Airbnb import feature, we retrieve publicly accessible listing content from Airbnb at the Owner's explicit request. The Owner represents and warrants under the Terms of Service (§5.4) that they have the right to use that content on Bukavilla; Bukavilla does not independently verify ownership of imported photos or descriptions.

Payment processors. Stripe and (where Owners enable it) DOKU provide us with transaction status (succeeded, failed, refunded, refund amount, processor reference IDs) and minimal payer metadata. We never receive or store full payment card numbers, CVC codes, or banking-credential secrets — those are handled entirely by Stripe and DOKU on their own infrastructure.

2.4 Payment Information — Two Distinct Flows

Bukavilla operates two separate payment flows. The data treatment is different for each.

Booking payments (Guest → Owner, via Stripe Connect Direct Charges). When a Guest pays for a Booking, the charge is created on the Owner's connected Stripe account in Stripe's "Direct Charges" mode. Stripe is the payment processor; the Owner is the merchant of record for the Guest transaction. Bukavilla never holds Booking funds and never receives or stores the Guest's full card number. The data Bukavilla persists about a Booking payment is limited to: the Stripe checkout session ID, the payment intent ID, the booking total, the currency, the discount applied (if any), the refund status, and references returned by Stripe. Card numbers, CVC codes, billing-address details entered into Stripe Checkout, and Stripe-side KYC information remain with Stripe. Where the Owner has enabled DOKU as an alternative provider for IDR payments, the same model applies: DOKU is the processor, the Owner is the merchant of record, and Bukavilla stores only the DOKU invoice number and refund references.

Subscription payments (Owner → Bukavilla, via Stripe). Owners pay a monthly Subscription fee to Bukavilla through Stripe on Bukavilla's own platform Stripe account. For this flow, Bukavilla is the merchant of record. Stripe processes the card; Bukavilla persists the Stripe customer ID, subscription ID, plan ID, current-period-end timestamp, and subscription status. Card numbers and CVC codes remain with Stripe and are never sent to or stored by Bukavilla.

This Privacy Policy is consistent with the Bukavilla Terms of Service §3.3, §5.3, §5.8, and §10.

Direct payment instructions (PayPal handle, bank transfer, cash on arrival). Some Owners publish a PayPal email or bank-transfer instructions on their Listing for Guests to pay directly. In that case Bukavilla is not in the payment chain at all and receives no payment data; the Owner and Guest transact directly outside the Platform.

2.5 Push Notification Information

If you enable push notifications, we collect:

For Owner Android devices: a Firebase Cloud Messaging (FCM) registration token, refreshed on each app launch.
For browser push notifications (Owners and Guests): a Web Push subscription endpoint, the public key (p256dh), the auth secret (auth), and the user-agent string of the browser/device that registered. We use these to deliver booking-update, host-message, and (where you have opted in) marketing notifications. You can revoke push permission at any time in your device or browser settings.

3. How We Use Information

We use personal information to:

Provide the Service:

Create and manage your account
Display listings and process bookings
Deliver subscription services to villa owners
Enable communication between owners and guests

Improve the Service:

Understand how users interact with the Service
Debug issues and improve performance
Develop new features

Communicate with You:

Respond to your support inquiries
Send account-related notifications (bookings, listing changes, billing)
Send product updates and announcements (you can opt out)

Maintain Security:

Detect and prevent fraud, abuse, and unauthorized access
Enforce our Terms of Service and Acceptable Use Policy
Protect the rights and safety of users

Legal Compliance:

Comply with legal obligations (tax, law enforcement requests)
Respond to legal process
Protect against legal claims

3.1 Legal Bases (GDPR)

If you are in the EU/UK, we process your information under the following legal bases:

Contract: To provide the Service you've signed up for
Legitimate Interests: To improve the Service, maintain security, and communicate about our products
Consent: For marketing emails and certain cookies (you can withdraw consent anytime)
Legal Obligation: To comply with applicable law

4. How We Share Information

We do not sell your personal information. We share information only as described below.

4.1 With Other Users

Public Listing Content: Villa owners' listing content (photos, descriptions, amenities) is public and visible to all visitors
Owner-Guest Communication: When you book a villa, the owner receives your booking details; when you list a villa, guests who book can see your contact information

4.2 With Service Providers

We share information with the third-party service providers listed below. Each is contractually required (under our agreements with them or under their own published data-processing terms) to protect your data and use it only for the purposes we specify.

Vercel — website and API hosting, edge runtime, server-side rendering. Receives: HTTP request data including IP address, user-agent, request paths, and any data you submit through the Service. Privacy policy: https://vercel.com/legal/privacy-policy
Supabase — managed Postgres database, file storage (listing photos, owner brand assets), and authentication (magic-link OTP and OAuth session tokens). Receives: all account, listing, booking, message, marketing-list, and notification-subscription records described in Section 2. Privacy policy: https://supabase.com/privacy
Stripe — (a) payment processor for Owner subscription fees on Bukavilla's platform Stripe account; (b) payment processor for Booking payments on each Owner's connected Stripe account (Connect, Direct Charges mode); (c) Connect onboarding including KYC and identity verification. Receives: payer name, email, billing address, payment-method details (held by Stripe, not by Bukavilla), Owner business details for Connect KYC. Privacy policy: https://stripe.com/privacy
DOKU — (Indonesia, optional per Owner) payment processor for IDR Booking payments. Receives: payer details and transaction data only when an Owner has enabled DOKU and a Guest pays via DOKU. Privacy policy: https://www.doku.com/privacy-policy
Resend — transactional email delivery (booking confirmations, owner notifications, refund updates) and Owner-driven marketing-campaign emails. Receives: recipient email, subject, message body, send/bounce status. Privacy policy: https://resend.com/legal/privacy-policy
Google (Firebase Cloud Messaging) — push-notification delivery to Owner Android devices. Receives: FCM registration token and the notification payload (title, short body, target URL). Privacy policy: https://policies.google.com/privacy
Google (OAuth Sign-In) — federated sign-in. Receives: the sign-in callback flow only; we receive your email and basic profile from Google when you choose Google sign-in. Privacy policy: https://policies.google.com/privacy
Apple (Sign in with Apple, iOS only) — federated sign-in on the Bukavilla iOS app. Receives: the Apple ID auth flow; we receive the Apple-issued identifier and the email you authorize Apple to share (which may be a private-relay forwarding address). Privacy policy: https://www.apple.com/legal/privacy/
Google (Maps Static API) — server-side rendering of cached map images on Owner brand pages. Receives: latitude/longitude tuples for placed Listings (server-to-server only; the Guest's browser does not call Google directly). Privacy policy: https://policies.google.com/privacy
Web Push (browser-based) — browser-side notifications use the standard W3C Push API. Push messages flow through the browser vendor's push service (Apple, Google, Mozilla, Microsoft) using the keys your browser issued at subscription time. Bukavilla does not select these vendors; they are determined by the browser you use.

Bukavilla does not currently use a third-party analytics product, behavioural-tracking pixel, or third-party advertising network. Bukavilla does not currently use a hosted error-monitoring service (such as Sentry); if we add one before launch, we will update this list. Bukavilla does not sell or rent your personal information to data brokers or advertisers (see Section 9.2).

4.3 For Legal Reasons

We may share information when required by law or to:

Comply with a subpoena, court order, or legal request
Respond to a government or regulatory inquiry
Investigate fraud, security, or technical issues
Protect the rights, property, or safety of Bukavilla, our users, or the public

4.4 Business Transfers

If Bukavilla is acquired, merged, or sells substantially all its assets, user information may be transferred as part of that transaction. We will notify you before such a transfer.

4.5 With Your Consent

If you opt in to a Guest marketing list at booking checkout, your booking-derived contact details (email, name, phone if provided, last-stay date, total spent on the Owner's villa) are added to that Owner's marketing list and may be used by the Owner to send marketing emails through the Bukavilla Platform. You can withdraw consent at any time using the unsubscribe link in those emails or by emailing privacy@bukavilla.com.

5. Data Retention

We retain personal information for different periods depending on its type. This schedule is aligned with Section 12 of the Bukavilla Terms of Service. If a future change creates a conflict between the two, the longer retention period controls and we will reconcile the documents at the next material update.

5.1 Active Account Data

While your account is active: Information is retained as long as your Account exists.

5.2 Account Deletion

30-day grace period. After you cancel or delete your Account, we retain Account-level data for 30 days to allow recovery from accidental deletion. (TODO before publication: confirm the 30-day window matches the codebase's actual deletion-cron behavior; if the implementation uses a different cadence, reconcile this Section and ToS §11.1 with the code before launch.)
Personal data deleted within 30 days of the end of the grace period (email, name, profile, communications), except where a longer retention period applies under Sections 5.3, 5.4, or 5.5.
Listing Content removed from public view within 7 days of Listing deletion.
Listing storage files (photos, brand assets) fully purged within 30 days of Listing deletion.

5.3 Booking, Subscription, and Financial Records

Booking records: 7 years. Stay dates, prices, refund history, and payment-processor reference IDs are retained for tax and legal-compliance purposes.
Subscription and financial records: 7 years. Subscription invoices, charge records, and refund records are retained for tax-jurisdiction reporting.
Consent records: 7 years. Marketing-consent timestamps, unsubscribe events, and similar consent-trail data are retained for compliance evidence.

5.4 Server Logs

Access logs: 90 days
Error and security logs: 180 days

5.5 Communications

Support emails: 2 years after resolution
Booking-related on-Platform messages: 2 years after Booking completion or dispute resolution

5.6 Backups

Daily backups: 30 days
Monthly archive backups: 12 months
After these periods, data in backups is permanently deleted as part of the rolling cycle.

5.7 Cookies

Session cookies: Deleted when you close your browser, or when your authenticated session expires
Preference local-storage entries: Up to 1 year, or until you clear them via your browser

6. Data Security

We implement reasonable technical and organizational measures to protect your information. The current measures include:

Encryption in transit. All data transmitted between your browser/app and the Service uses HTTPS/TLS.
Encryption at rest. Personal data stored in our managed Supabase database and storage buckets is encrypted at rest using the disk-level encryption Supabase provides as a default. Bukavilla does not currently apply additional application-level encryption to specific personal-data fields.
Authentication. Sign-in uses Google OAuth, magic-link email OTP via Supabase Auth, or — on the Bukavilla iOS app — Sign in with Apple. Bukavilla does not collect, store, or hash user passwords. Apple Sign-In on the web and Android is planned for a future release.
Access controls. Database row-level security (RLS) policies are enforced on all tables containing personal data. Access to production infrastructure (Supabase, Vercel, Stripe, Resend, Firebase) is limited to the small Bukavilla team and protected by provider-side multi-factor authentication.
Tenant isolation. Row-level security ensures Owners can only read their own Listings, Bookings, messages, and marketing data; Guests can only read their own Bookings and messages.
Payment-data minimization. Bukavilla does not receive or store full payment card numbers, CVCs, or banking-credential secrets — those are handled by Stripe and DOKU on their own infrastructure (see Section 2.4).
Incident response. We maintain an internal procedure for triaging, containing, and disclosing suspected security incidents. See Section 13.

We do not currently hold third-party security certifications (such as SOC 2, ISO 27001, HIPAA, or PCI-DSS) and we do not claim to have completed a third-party security audit. Where you see security claims in this Policy, treat them as a description of our current operational practice, not a certification.

No system is 100% secure. We cannot guarantee the absolute security of your information. Use a strong, unique authentication method, keep your devices updated, and notify us at security@bukavilla.com (or privacy@bukavilla.com) of any suspected security issues.

7. Your Rights and Choices

7.1 Access and Update

You can access and update most of your information through your account settings. For information not accessible there, contact privacy@bukavilla.com.

7.2 Account Deletion

You can delete your account at any time through your account settings. See Section 5 — Data Retention for what happens to your data.

7.3 Data Export

You can request a copy of your personal information in a portable format by emailing privacy@bukavilla.com. We will respond within 30 days.

7.4 Email Preferences

You can opt out of non-essential marketing emails by:

Clicking "unsubscribe" in any email we send
Adjusting preferences in your account settings
Contacting privacy@bukavilla.com

You cannot opt out of transactional emails necessary for the Service (e.g., booking confirmations, account security alerts, billing).

7.5 Cookies

You can manage cookies through your browser settings. See Section 8 — Cookies for details.

8. Cookies and Similar Technologies

8.1 What We Use

Essential cookies (always active). Bukavilla uses Supabase Auth, which sets cookies to maintain your sign-in session and to protect against cross-site request forgery. Without these, the Service cannot keep you signed in.

Preference local-storage entries. We use the browser's local storage (not third-party cookies) to remember preferences such as your selected theme, locale, last-viewed listings, and onboarding progress.

Analytics cookies. Bukavilla does not currently set analytics cookies and does not embed third-party analytics or behavioural-advertising trackers. If we adopt an analytics product in the future, we will update this Section and, where required by law, present a consent prompt before any non-essential cookie is set.

8.2 How to Manage

You can:

Clear cookies and local storage through your browser settings at any time. Doing so will sign you out of the Service.
Use browser-level tracking-prevention features. Bukavilla does not currently rely on or read third-party advertising trackers, so most tracking-prevention defaults will not affect the Service.

Disabling essential session cookies will prevent the Service from functioning. (TODO before public EU/UK launch: implement a cookie consent banner if Bukavilla begins setting analytics or marketing cookies, and update this Section to describe its granularity and opt-in defaults.)

9. Regional Privacy Rights

9.1 European Union and United Kingdom (GDPR)

If you are in the EU or UK, you have the following rights:

Right of Access: Request a copy of the personal data we hold about you
Right to Rectification: Correct inaccurate personal data
Right to Erasure: Request deletion of your personal data ("right to be forgotten")
Right to Restriction: Restrict certain processing
Right to Data Portability: Receive your data in a portable format
Right to Object: Object to certain processing, including direct marketing
Right to Lodge a Complaint: Contact your local data protection authority

To exercise these rights, email privacy@bukavilla.com. We respond within 30 days.

Data Transfers: Bukavilla is based in the United States. When we transfer personal data from the EU/UK to the US, we rely on appropriate safeguards (Standard Contractual Clauses or equivalent mechanisms).

9.2 California (CCPA/CPRA)

If you are a California resident, you have the right to:

Know. What personal information we collect, use, disclose, and (if applicable) sell or share.
Delete. Request deletion of your personal information, subject to the retention exceptions in Section 5.
Correct. Correct inaccurate personal information.
Opt out of sale or sharing for cross-context behavioural advertising. See below.
Limit use of sensitive personal information. Bukavilla does not use sensitive personal information for purposes outside the limited business uses CCPA permits without a right to limit.
Non-discrimination. We will not deny service, charge different prices, or provide a different level of quality because you exercised a CCPA right.

Categories of personal information we collect (CCPA categories):

Identifiers (name, email, IP address, device identifiers, push-notification tokens)
Commercial information (Bookings, Listings, subscription payments, marketing-consent records)
Internet or other electronic network activity (pages visited, features used, request logs)
Geolocation (city-level, derived from IP; precise GPS is not collected)
Professional or employment-related information (villa-business details for Owners)
Inferences drawn from the above to operate the Service (e.g., search relevance ranking)

Sale or sharing of personal information. We do not sell your personal information for money. CCPA's amended definitions of "sale" and "share" are broad and can include certain disclosures for cross-context behavioural advertising purposes. Bukavilla does not currently engage in cross-context behavioural advertising and does not currently share personal information with advertising networks. We do, however, route personal information through service providers (Section 4.2) and through marketplace flows (Section 4.1) that California regulators may scrutinize on a case-by-case basis. In particular:

When a Guest books a Listing, the Guest's contact and Booking details are made available to the Owner so the Owner can fulfil the Booking. We treat this as a business-purpose disclosure necessary to provide the Service, not a CCPA "sale" or "share."
When a Guest opts in to an Owner's marketing list at checkout, that consent-based transfer is governed by Section 4.5 and the unsubscribe mechanism described there.

If a California regulator determines that any of these flows constitutes a "sale" or "share" under CCPA, we will publish an opt-out mechanism at https://bukavilla.com/privacy and honor opt-out requests submitted to privacy@bukavilla.com.

To exercise your California rights, email privacy@bukavilla.com. We will respond within 45 days, with one 45-day extension where permitted.

9.3 Indonesia (UU PDP — Law No. 27 of 2022)

Bukavilla's primary test market is Indonesia (Bali). If you are an Indonesian data subject, you have rights under Indonesia's Personal Data Protection Law (UU No. 27 of 2022 — "UU PDP"), including the right to:

Obtain information about the personal data being processed
Access, correct, and update your personal data
Withdraw consent on which processing is based
Object to certain processing and to automated decision-making
Request erasure or destruction of your personal data, subject to retention exceptions in Section 5
Request that your personal data be transmitted to another controller in a structured form
File a complaint with Indonesia's Personal Data Protection authority

To exercise these rights, email privacy@bukavilla.com. We will respond within the time periods required by UU PDP and, in any event, no later than 30 days from receipt unless the request is complex.

Penyelenggara Sistem Elektronik Privat (PSE Privat) registration. Bukavilla is reviewing its registration obligations under Indonesia's electronic-system-provider regime (Ministry of Communication and Information Technology Regulation No. 5 of 2020, as amended). If registration is required for our level of activity in Indonesia, we will complete it before public launch. (TODO before publication: confirm PSE Privat registration status and update this paragraph.)

Local representative. If UU PDP requires the appointment of an Indonesian local representative for non-resident controllers at our scale of processing, we will appoint one and publish the contact details here. (TODO before publication: confirm whether a local representative is required at launch volumes and update accordingly.)

Cross-border transfer. Bukavilla's primary infrastructure is operated by Vercel and Supabase outside Indonesia. We rely on UU PDP's cross-border-transfer mechanisms — equivalent-protection assessment and, where required, your consent at sign-up — to permit these transfers.

9.4 Other Jurisdictions

Additional privacy rights may apply in your jurisdiction. In particular, residents of Brazil (LGPD), Canada (PIPEDA and provincial laws), Australia (Privacy Act 1988 and the Australian Privacy Principles), and other countries with mandatory data-protection regimes may have rights similar to those described above. Several US states have enacted comprehensive privacy laws (Virginia VCDPA, Colorado CPA, Connecticut CTDPA, Utah UCPA, Texas TDPSA, and others); residents of those states generally have rights of access, deletion, correction, and opt-out of sales / targeted advertising / profiling, exercisable by emailing privacy@bukavilla.com. Contact us with specific requests and we will respond consistent with the law that applies to you.

10. Children's Privacy

The Service is not intended for children under 18. We do not knowingly collect personal information from children under 18.

If we learn that we have collected personal information from a child under 18, we will delete it. Parents or guardians who believe a child has provided information should contact privacy@bukavilla.com.

11. International Users and Data Transfers

Bukavilla LLC is a Texas-formed entity based in the United States. Our hosting and database providers (Vercel, Supabase) operate infrastructure outside your country of residence. By using the Service, you understand that your information may be transferred to and processed in the United States and other countries where our service providers operate, and that data-protection laws in those countries may differ from those in your country.

For EU/UK transfers, we rely on appropriate safeguards under GDPR Chapter V (typically Standard Contractual Clauses with our processors, supplemented by transfer-impact assessments where required). For Indonesian transfers, we rely on the cross-border-transfer mechanisms in UU PDP referenced in Section 9.3. (TODO before public launch: confirm with counsel that Standard Contractual Clauses or an alternative valid transfer mechanism is in place with each non-US service provider listed in Section 4.2, and update this Section if any provider's transfer basis changes.)

12. Third-Party Links

The Service may contain links to third-party websites (e.g., Airbnb, social media, map services). We are not responsible for the privacy practices of these sites. Please review their privacy policies.

13. Data Breach Notification

If we experience a personal-data breach, we follow two distinct notification paths.

Notification to supervisory authorities. Where a breach is notifiable under applicable law — including under Article 33 of the EU/UK GDPR, which requires notification to the competent supervisory authority "without undue delay and, where feasible, not later than 72 hours after having become aware of it" — we will notify the relevant authority within the time period that law requires. Equivalent obligations apply under California, Indonesian (UU PDP), and other applicable regimes; we will comply with each.

Notification to affected users. Where the breach is likely to result in a high risk to your rights and freedoms (Article 34 GDPR) — or where notification to data subjects is otherwise required by applicable law — we will notify you directly without undue delay. The notification will:

Describe the nature of the breach in clear and plain language
Provide the contact point for further information
Describe the likely consequences
Describe the measures we have taken or propose to take to address it, including any measures to mitigate possible adverse effects
Advise on steps you can take to protect yourself

Where the breach is not likely to result in a high risk to your rights and freedoms, we may not notify you directly but will keep an internal record of the incident and our risk assessment in line with Article 33(5) GDPR and equivalent obligations.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by:

Updating the "Last Updated" date at the top
Sending email notification to registered users
Displaying a prominent notice on the Service

Your continued use of the Service after changes constitutes acceptance. If you disagree with changes, stop using the Service and request account deletion.

15. Contact Us

For questions or requests regarding this Privacy Policy or your personal information:

Bukavilla LLC — Privacy Team Email: privacy@bukavilla.com

Mailing Address: Bukavilla LLC 8321 Foothill Dr. Plano, TX 75024 USA

EU Representative (Article 27 GDPR): [TODO — to be appointed before public launch in the EU/UK if required given expected user volume; see attorney-questions document.]

Indonesian Local Representative (UU PDP): [TODO — to be appointed before public launch in Indonesia if required at our scale of processing; see attorney-questions document and Section 9.3.]

Specialized contacts:

General privacy requests: privacy@bukavilla.com
Security disclosures: security@bukavilla.com (or privacy@bukavilla.com)
DMCA / copyright notices: dmca@bukavilla.com
Legal notices: legal@bukavilla.com
Booking-payment disputes: disputes@bukavilla.com

Last Updated: May 11, 2026 Document Version: 1.1 Bukavilla LLC A Texas Limited Liability Company

이 문서는 현재 영어로 관리됩니다. 번역본은 곧 제공될 예정입니다.