Guides
Free SignupLogin to DashboardCustomer Support

Data Protection & Privacy

LiteAPI is committed to protecting the confidentiality, integrity, and availability of data processed through its platform. This page describes how LiteAPI handles personal data and other sensitive information in accordance with applicable data protection regulations, including the EU General Data Protection Regulation (GDPR).

Types of Data Processed

LiteAPI processes data strictly necessary to provide travel search, booking, and related API services. Depending on the API and use case, this may include:

  • Business contact information
    (e.g. customer account details, API credentials, technical contacts)

  • Booking-related data
    (e.g. guest names, stay dates, hotel identifiers, nationality, pricing details)

  • Technical and operational data
    (e.g. IP addresses, request metadata, logs, timestamps)

LiteAPI does not intentionally collect special categories of personal data as defined under GDPR (such as health, biometric, or political data).

Roles and Responsibilities

Under GDPR and similar data protection frameworks:

  • Customers act as the Data Controller, determining the purpose and lawful basis for processing personal data.
  • LiteAPI acts as a Data Processor, processing data solely on documented instructions from the customer and only for the purpose of providing the services.

LiteAPI does not use customer data for advertising, profiling, or resale.

Lawful Processing & Data Minimization

LiteAPI applies the principle of data minimization by:

  • Processing only data required for API functionality
  • Avoiding unnecessary storage of personal data
  • Limiting internal access to data on a need-to-know basis

Customers are responsible for ensuring that any personal data sent to LiteAPI is lawfully collected and shared.

Data Retention

LiteAPI retains data only for as long as necessary to:

  • Provide the contracted services
  • Meet legal, accounting, and regulatory obligations
  • Support operational security, fraud prevention, and dispute resolution

Retention periods vary by data type and purpose. Personal data is deleted or anonymized when it is no longer required, in accordance with internal retention policies.

Sub-Processors

LiteAPI may engage carefully selected third-party service providers (sub-processors) to support infrastructure, hosting, monitoring, and operational services.

All sub-processors are subject to contractual obligations regarding data protection, confidentiality, and security that are consistent with applicable data protection laws.

A list of sub-processors can be provided upon request.

Data Subject Rights

Where LiteAPI acts as a data processor, requests from data subjects (such as access, rectification, or deletion) should be directed to the relevant customer acting as data controller.

LiteAPI supports customers in fulfilling such requests where required by law and within the scope of the services.

International Data Transfers

LiteAPI may process data in jurisdictions outside the customer’s country of operation, including within the European Union.

Where international data transfers occur, LiteAPI relies on appropriate safeguards such as Standard Contractual Clauses or equivalent legal mechanisms, in accordance with applicable regulations.

Data Protection Agreements

LiteAPI offers a Data Processing Agreement (DPA) aligned with GDPR requirements. The DPA defines the roles, responsibilities, and security measures applicable to the processing of personal data.

Customers may request a DPA through their account or support contact.

Updated about 21 hours ago

What’s Next