Wolodge Global Holdings LLC ("we," "us," or "our") values the privacy, data integrity, and operational security of our enterprise clients, property tenants, and end-consumers. This Privacy Policy delineates our frameworks regarding the collection, processing, cross-border transfer, and safeguarding of information captured across our global technology ecosystem, including the wolodge.com website, ASPIXR OS, and the ValueLodge network.
1. Corporate data controller status
For the purposes of international data protection regulations, Wolodge Global Holdings LLC, organized under the laws of the State of Wyoming, USA, operates as the primary Data Controller for administrative and infrastructure account data. When processing guest bookings, OTA data synchronization payloads, and walk-in terminal card transactions on behalf of our local property partners, the Platform acts strictly as a Data Processor under the direction of the Tenant.
2. Categories of data processed
To ensure seamless multi-currency financial settlements and software execution, we process data across the following matrix:
| Data category | Specific elements collected | Processing legal basis |
|---|---|---|
| Tenant identity data | Corporate registration names, tax identification certificates, beneficial ownership details, and verification files. | Compliance with global Anti-Money Laundering (AML) mandates. |
| Financial infrastructure data | Bank accounts, swift/routing parameters, platform ledger split keys, and currency wallet transaction volumes (USD, SGD, MYR, THB). | Contractual performance and execution of payouts. |
| Guest transactional data | Guest name, passport/ID numbers for PMS check-in logs, booking references, and tokenized payment details. | Transaction fulfillment and fraud mitigation. |
| System telemetry data | IP addresses, browser configurations, hardware identifiers, API logs, and webhook event strings. | Security tracking and system optimizations. |
3. Tokenization & payment card security (PCI-DSS)
- No card retention: The Platform does not store raw credit card numbers, CVV codes, or magnetic stripe data on our local server arrays.
- Encrypted API streams: All walk-in payment card strings entered into the ASPIXR PMS virtual terminal, or digital wallet payloads processed via direct guest bookings, are encrypted and transmitted directly to our international merchant acquiring partners (Stripe and Airwallex). The data is tokenized immediately at the network edge, ensuring our internal systems remain entirely insulated from cardholder data risks.
4. Data retention frameworks
We retain corporate and transactional data only for as long as is strictly necessary to fulfill the operational purposes detailed in this policy, or to comply with explicit legal, audit, and regulatory requirements.
- Accounting ledgers and cross-border distribution history records are archived for a minimum statutory period of seven (7) years to satisfy US corporate tax compliance and international audit requirements.
- Guest telemetry logs and temporary PMS cache layers are automatically cleared or anonymized within ninety (90) days of reservation completion, unless flagged for security reviews or dispute claims.
5. Targeted international sub-processors
To execute high-speed cross-border infrastructure functions, we share data exclusively with verified, institutional third-party vendors under strict confidentiality agreements. Our master sub-processors include:
- Financial clearing & settlement: Stripe Inc. (USA) and Airwallex Pty Ltd (Global/Singapore/Malaysia) for multi-currency processing and domestic clearing engine payouts.
- Cloud hosting core: Amazon Web Services (AWS) and Google Cloud Platform (GCP) utilizing secure data centers located in the United States and Singapore financial corridors.
- Security & encryption: Cloudflare Inc. for edge network firewalls and DDoS mitigation.
6. Jurisdictional transfers and cross-border data flows
As an international technology holding company, information collected in regional emerging markets (including Malaysia, Thailand, and Indonesia) will be instantly transmitted to, processed in, and stored on servers centralized inside the United States.
By utilizing our Software, entering into an asset partnership, or checking into a property powered by our infrastructure, you explicitly consent to this cross-border transfer. We ensure that all cross-border data movements comply with standard contractual clauses and data shielding protocols approved by international regulatory bodies.
7. Institutional data amendments & rights
Authorized corporate tenant administrators may request the structural review, rectification, portability, or restriction of their registered business account profile data by logging into our gated institutional portal or contacting our compliance division. Because our transaction rails are tightly integrated with global banking networks, data retention requirements enforced by international anti-money laundering (AML) laws will supersede any data erasure or deletion requests.
8. Compliance privacy dispatch
For all formal compliance reviews, data inquiries, or privacy-related corporate requests, please route communications to our North American office:
Wolodge Global Holdings LLC
Attn: Data Protection & Compliance Officer
447 Sutter St, Ste 506 - 1498,
San Francisco, CA 94108,
United States
Email: privacy@wolodge.com