The Lindsey Hotel is operated by Zephyr Studio Inc., located in Rockland, Maine. When we say "The Lindsey Hotel," "we," "us," or "our," we mean the hotel and its management. When we say "you," we mean our guest, website visitor, or anyone else whose information we may handle.

 Questions? You can reach us at:

• Email: stay@thelindseyhotel.com

• Phone: 207.466.9015

• Snail Mail: The Lindsey Hotel, 5 Lindsey St. Rockland, Me 04841

We only collect what we actually need, through the normal course of business. Here's what that looks like:

When You Make a Reservation or Book with Us

• Your name, email address, phone number, and mailing address

• Payment information (handled securely by our payment processors — we don't store card numbers)

• Your arrival and departure dates, room preferences, and any special requests

• ID or passport information

• Loyalty or account information, if applicable

When You Stay with Us

• Check-in and check-out records

• Folio and billing records

• Requests you make during your stay (room service, housekeeping preferences, etc.)

• Incident or maintenance reports related to your room or stay, if relevant

• Video surveillance footage, in areas where cameras are present

When You Visit Our Website

• IP address, browser type, and device information (via log files — standard for all web hosting)

• Pages you visit, how long you spend on them, and how you navigate the site

• Information submitted through forms (contact requests, newsletter sign-ups, etc.)

• Cookie and tracking data — see Cookie Section below

When You Contact Us or Leave a Review

• The content of your messages, emails, or phone calls

• Any feedback or reviews you submit directly to us

From Third Parties

Sometimes we receive information about you from booking platforms (like Expedia, Booking.com, or Hotels.com), travel agents, or corporate accounts arranging stays on your behalf. We treat that data with the same care as information you give us directly.

We use your information to do the things you'd expect:

• Process and confirm your reservation

• Check you in and out, manage your room, and fulfill your requests during your stay

• Process your payment and send receipts

• Communicate with you about your booking — confirmations, pre-arrival details, and important updates

• Create a guest profile to enhance your current and future stays

• Comply with legal obligations, including tax reporting, anti-fraud measures, and ID verification

• Improve our services — we look at how guests use our website and what they ask for so we can get better

• Send you marketing communications, special offers, or news about The Lindsey Hotel — only if you've opted in or are an existing guest, and always with an easy opt-out

• Respond to your feedback, inquiries, or complaints

• Protect the safety and security of our guests, staff, and property

We do not use your information to make automated decisions that have legal or significant effects on you without a human in the loop.

We don't sell your personal information. We don't rent it. We don't trade it. Here's who we do share it with, and why:

Service Providers

We work with trusted companies that help us run the hotel and our website. They only receive what they need to do their specific job and are required to keep it confidential, per their policies. These include:

• Our reservation and property management platform, Cloudbeds (www.cloudbeds.com)

• Our website hosting platform, Squarespace.

• Our payment processors (see the Payments & Financial Information Section)

• Email and communication tools

• Online booking channels and distribution partners

• Third-party advertising partners, where applicable (see Cookie, Log Files & Website Tracking Section)

Legal Requirements

If we're required to share your information by law — for example, in response to a court order, subpoena, or government request — we'll do so. We'll also share information when necessary to protect the safety of our guests, employees, or the public, or to defend our legal rights.

Business Transfers

If The Lindsey Hotel is ever acquired, merged, or sold, your information may transfer to the new owner as part of that transaction.

With Your Consent

Other than the above, we'll only share your information if you specifically ask us to or give us permission.

If you book directly with us, we use Stripe via our property management and reservation platform, Cloudbeds:

• Stripe is PCI-DSS compliant and handles your card data securely. We never see or store your full card number. Review their policy at https://stripe.com/privacy.

• Cloudbeds uses industry-standard encryption to protect your personal and payment information. They are PCI-DSS compliant. Learn more at www.cloudbeds.com.

For reservations made through third-party booking platforms (Expedia, Booking.com, etc.), their payment terms and privacy policies apply to that transaction.

Log Files

Like all websites, ours uses log files. These automatically record information such as IP addresses, browser type, internet service provider (ISP), date and time stamps, and referring pages. This data is not linked to personally identifiable information and is used to analyze trends, administer the site, and gather general demographic information.

Cookies & Web Beacons

Our website uses cookies — small files stored on your device that help the site work and help us understand how it's being used:

• Essential Cookies: Required for the site to function (e.g., keeping your booking session active). You can't opt out of these and still use the site.

• Preference Cookies: Remember your settings so you don't have to re-enter them.

• Analytics Cookies: Help us understand how visitors use our site. Data is aggregated and anonymous.

• Marketing/Advertising Cookies: If you've opted into marketing, these help us show you relevant content. You can opt out at any time.

You can control or disable cookies through your browser settings and via the cookie settings on our website. Note that disabling certain cookies may affect your ability to use parts of our site, including the booking engine.

California residents: See State-Specific Privacy Rights Section for additional rights regarding tracking and Do Not Track.

We take security seriously. Our website is hosted on Squarespace, which provides SSL/TLS encryption and industry-standard infrastructure security. We limit access to guest data internally to only those who need it. That said, no method of transmission over the internet is 100% secure, and we can't guarantee absolute security.

We keep your information only as long as necessary to:

• Fulfill the purpose it was collected for (e.g., complete your stay, resolve any follow-up issues, maintain guest profile)

• Comply with legal and tax obligations (typically 7 years for financial records per IRS guidelines)

• Resolve disputes or enforce agreements

When we no longer need your information, we’ll securely delete or anonymize it. You can also request that we delete your guest profile at any time by emailing stay@thelindseyhotel.com.

You're in control of your information. Here's what you can do:

• Opt out of marketing emails: Every marketing email includes an unsubscribe link. You'll still receive transactional emails related to active reservations.

• Update or correct your information: Contact us and we'll fix it.

• Request a copy of your data: Ask us what personal information we hold about you.

• Request deletion: Ask us to delete your personal data. We'll do so unless we're legally required to retain it (e.g., tax records).

To exercise any of these rights, contact us at stay@thelindseyhotel.com or by calling 207.466.9015. We will respond as quickly as we can.

California Residents (CCPA / CPRA)

Under the California Consumer Privacy Act and California Privacy Rights Act, California residents have the right to:

• Know what personal information we've collected, used, disclosed, or sold

• Delete your personal information (subject to legal exceptions)

• Correct inaccurate personal information

• Opt out of the sale or sharing of your personal information — note: we do not sell personal data

• Non-discrimination for exercising your privacy rights

Submit requests to: stay@thelindseyhotel.com. We will respond within 45 days as required by law.

Regarding Do Not Track (DNT): California's Online Privacy Protection Act (CalOPPA) requires us to disclose how we respond to DNT signals. Our website, via Squarespace does not currently respond to DNT browser signals.

Colorado, Connecticut, Virginia & Other States

Residents of Colorado (CPA), Connecticut (CTDPA), Virginia (VCDPA), and other states with comprehensive privacy laws have similar rights to access, correct, delete, and obtain a copy of their personal data, as well as the right to opt out of targeted advertising. Contact us at stay@thelindseyhotel.com to exercise these rights.

If you're visiting us from outside the United States, please be aware that your information will be processed and stored in the United States, where data protection laws may differ from those in your home country. By using our website or making a reservation, you consent to this transfer.

 Guests subject to the EU General Data Protection Regulation (GDPR) or similar frameworks are entitled to the following rights:

• Right to access: Request copies of your personal data. A small fee may apply.

• Right to rectification: Request correction of inaccurate or incomplete information.

• Right to erasure: Request deletion of your personal data, under certain conditions.

• Right to restrict processing: Request that we limit how we use your data, under certain conditions.

• Right to object to processing: Object to our processing of your personal data, under certain conditions.

• Right to data portability: Request that we transfer your data to another organization or directly to you, under certain conditions.

To exercise any of these rights, contact us at stay@thelindseyhotel.com. We will respond within one month of your request.

Our website and services are not directed to children under 18, and we do not knowingly collect personal information from children under 18. We encourage parents and guardians to monitor and guide their children's online activity.

If you're a parent or guardian and believe your child has provided us with personal information, please contact us immediately at stay@thelindseyhotel.com and we will delete it promptly.

Our website may include links to third-party sites (booking platforms, local attractions, review sites, etc.). Once you leave our site, this privacy policy no longer applies. We have no control over and take no responsibility for the privacy practices of those sites. We encourage you to review each site's privacy policy before providing any personal information.

We'll update this policy from time to time as laws change or our practices evolve. When we make significant changes, we'll notify you via email (if we have it) or by posting a clear notice on our website. The "Last Updated" date on the main Privacy Policy page will always reflect the most recent version.

Continued use of our website or services after changes are posted constitutes your acceptance of the updated policy.

We'd love to hear from you — even if it's about privacy.

• Email: stay@thelindseyhotel.com

• Phone: 207.466.9015

• Snail Mail: The Lindsey Hotel, Attn: Privacy, 5 Lindsey St., Rockland, ME 04841

We'll respond to all requests within a reasonable time, and no later than required by applicable law.