Privacy Policy

Effective Date: July 17, 2025
Last Updated: September 7, 2025

Who we are: Oak & Ember Group LLC (“Oak & Ember,” “we,” “us,” or “our”) operates a short-term vacation rental brand featuring cabins in the Smoky Mountains and this website (the “Site”). This Smoky Mountain cabin privacy policy explains how we collect, use, share, and protect personal information when you visit our Site, inquire, book, stay with us, or otherwise interact with our services (collectively, the “Services”).

If you book via a third-party platform (e.g., Airbnb, Vrbo), that platform’s privacy policy also applies to your booking and communications conducted there.

1) Information We Collect

a) You provide directly

  • Identity & contact data: name, email, phone, postal address.

  • Booking details: stay dates, property name, number of guests, special requests.

  • Payment data: payment method, last 4 digits, transaction amount, billing zip. (Processed by our payment gateway; we do not store full card numbers.)

  • Communications: emails, forms, SMS (if used), guest service messages, reviews.

  • Marketing preferences: newsletter sign-ups, opt-in/opt-out choices.

b) Automatic data we collect

  • Device/usage data: IP address, browser, device type, pages viewed, referring/exit pages, time stamps.

  • Cookies & similar tech: analytics (e.g., Google Analytics), performance, basic personalization, and (if enabled) advertising/retargeting pixels. See Cookies & Tracking below.

c) From third parties

  • Booking platforms & PMS: If you book on a marketplace (e.g., Airbnb/Vrbo) or through our Property Management System (PMS), we receive booking and contact details necessary to confirm and service your reservation.

  • Payment processors: We receive limited transaction information to reconcile payments (not full card numbers).

  • Vendors/partners: Contact or service details as needed for cleaning, maintenance, insurance, or guest services.

d) Smart property devices (only where installed)

  • Keyless entry, smart thermostats, Wi-Fi: device access events and limited technical logs (e.g., successful keycode use) to enable secure, contactless check-in and basic property operations.

  • Noise monitoring (if ever used): decibel levels only—no audio recording.

  • Cameras: If present, they are outdoor-only and disclosed in the listing; there are no cameras inside the property.

2) How We Use Information

  • To provide Services: process inquiries and bookings; send confirmations, pre-arrival messages, directions, access codes, and support.

  • To operate, secure, and improve: troubleshooting, analytics, site performance, quality assurance.

  • To personalize & market: send service updates, stay reminders, promotions, and local tips (with opt-out options).

  • To comply with law & prevent fraud: accounting, taxes, legal requests, and reasonable security measures.

  • Legal bases (GDPR/UK GDPR) where applicable: performance of a contract, legitimate interests (e.g., service improvements, fraud prevention), legal obligations (e.g., tax), and consent (e.g., email marketing, non-essential cookies).

3) Cookies & Tracking

We use cookies and similar technologies to:

  • Make the site work (strictly necessary),

  • Measure performance (analytics),

  • Improve experience (preferences),

  • Provide ads/retargeting (if used).

You can manage cookies via your browser settings and our on-site Cookie Preferences link (when available). If you are in jurisdictions with cookie consent requirements, we’ll present a consent banner.

Global Privacy Control (GPC): Where required by law, we treat a valid GPC signal as a request to opt-out of sale/sharing of personal information for cross-context behavioral advertising.

Do Not Track: Industry standards for DNT are not uniform; we currently do not respond to DNT signals, but we do respect GPC as described above.

4) Payment Security

Payments are processed by our PCI-DSS compliant payment gateway. We do not store full credit card numbers on our servers. Merchants who process or transmit cardholder data must follow the PCI Data Security Standard.

5) How We Share Information

We do not sell your personal information. We share limited data only as needed to provide the Services and for the purposes described above:

  • Service providers & processors: PMS, payment gateways, ID verification (if used), email/SMS tools, analytics, web hosting, marketing platforms.

  • Operational partners: cleaning/maintenance vendors (only what’s necessary to service the stay).

  • Legal & safety: to comply with law, enforce policies, or protect rights, property, or safety.

  • Business transfers: in a merger, acquisition, or asset sale, data may transfer consistent with this Policy.

When you book on a marketplace, that platform is an independent controller of your data—please review their privacy policies directly.

6) Data Retention

We keep personal information only as long as needed to provide Services and comply with legal obligations (e.g., tax and accounting). Afterwards, we delete or de-identify data in a commercially reasonable timeframe.

7) Your Privacy Rights

a) United States (including CA, CO, CT, UT, VA and similar state laws)

Depending on your state, you may have rights to:

  • Know/access the categories/pieces of personal information we collected and sources/purposes,

  • Correct inaccuracies,

  • Delete personal information (subject to lawful exceptions),

  • Opt-out of sale or sharing for cross-context behavioral advertising (if any),

  • Limit use of sensitive personal information (if applicable),

  • Non-discrimination for exercising these rights,

  • Appeal our decision on your request.

How to exercise: email us at info@oakandembergroup.com with the subject “Privacy Request,”. We will verify your identity (e.g., by matching name, email, and recent booking details). Authorized agents may submit requests with proof of authorization. California rights are described by the California Attorney General/CPPA guidance.

b) GDPR/UK GDPR (EEA/UK residents)

You may have the right to access, rectify, erase, restrict, object, port your data, and withdraw consent at any time (without affecting prior lawful processing). You can also lodge a complaint with your local supervisory authority. We will respond without undue delay as required by law.

8) Children’s Privacy

Our Services are not directed to children under 13, and we do not knowingly collect personal information from them. If you believe a child under 13 provided personal information to us, contact info@oakandembergroup.com so we can delete it as required by law. For more on COPPA, see the FTC’s resources.

9) Security

We employ administrative, technical, and physical safeguards appropriate to the sensitivity of the data we process. No method of transmission or storage is 100% secure, but we continually work to protect your information, including encrypting data in transit, access controls, and vendor due diligence.

10) International Data Transfers

If you access our Services from outside the United States, your information may be processed in the U.S. We implement appropriate safeguards (e.g., contractual clauses) where required by law.

11) Third-Party Links & Integrations

Our Site may link to attractions, partners, social networks, mapping, or booking platforms we don’t control. Their privacy practices govern data collected on those sites and tools. Review their policies before submitting information.

12) Automated Decision-Making

We do not use automated decision-making that produces legal or similarly significant effects about you (e.g., no automated denial of service).

13) Your Options & Controls

  • Email marketing: Click “unsubscribe” in our emails or write us at info@oakandembergroup.com.

  • Cookies/ads: Use our Cookie Preferences link (when available), your browser settings, and (in supported locations) your GPC signal.

14) State-Specific Disclosures (Summary)

  • California (CCPA/CPRA): Additional rights include the right to opt-out of sale/sharing, correct inaccuracies, and limit use of sensitive personal information. We do not sell personal information in the traditional sense; where our use of advertising cookies constitutes “sharing,” you may opt out via Your Privacy Choices or GPC.

  • Other U.S. states: Many states have enacted comprehensive privacy laws with similar rights (access, delete, correct, opt-out). We honor requests as required by applicable law and provide an appeals process by emailing info@oakandembergroup.com with “Privacy Appeal” in the subject line.

15) Contact Us

Oak & Ember Group LLC
Email: info@oakandembergroup.com (general inquiries & privacy requests)
Phone:  (865) 224-6717

16) Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes to our practices, technologies, or laws. When we post changes, we’ll revise the “Effective Date” above. Significant changes may be highlighted on the Site.

Cookie & Tracking Disclosures (Detailed)

  • Analytics: We use analytics to understand traffic and improve the Site (e.g., page performance, popular content).

  • Advertising (if enabled): We may use advertising cookies/pixels to show relevant ads and measure performance; you can opt out via Your Privacy Choices or GPC where applicable.

  • Managing cookies: Most browsers let you refuse or delete cookies; note some features may not function without certain cookies.

Payment & Security Disclosures (Detailed)

  • Card data handling: Our processor tokenizes your card; we see only limited fields (e.g., last 4 digits).

  • PCI DSS: Our payment processing relies on providers obligated to meet PCI-DSS standards for storing, processing, and transmitting cardholder data.