Guides · Guest experience
Online check-in for vacation rentals: what to collect and why
June 15, 2026 · 8 min read
Online check-in is the difference between a guest arriving as a stranger and arriving as someone you’re ready for. Done well, it collects the few things you genuinely need — arrival time, who’s coming, anything legally required — before the stay, so handover is calm and your evening stays your own.
Done badly, it’s an intrusive form that scares guests off and quietly turns you into the custodian of a pile of passport scans you never needed. This guide covers exactly what to ask for, what to leave out, and how to handle the data side without losing sleep.
What online check-in actually is
Online check-in is a short form your guest fills in from their phone before arrival, usually opened from a link — no app to download. It replaces the “what time are you arriving?” back-and-forth and the clipboard at the door.
For a vacation rental it does three jobs at once: it gives you the practical details you need to prepare (arrival time, number of guests), it satisfies any local guest-registration law, and it’s your first chance to make the stay feel personal — before the guest has even packed.
What to collect — and what to skip
The golden rule: ask for what changes how you host or what the law requires, and nothing else. Every extra field lowers completion and raises your data-protection burden. A good default set:
- Estimated arrival time — the single most useful field. It drives your turnover timing and whether you need to be there.
- Number and names of guests — confirms the booking matches who’s actually coming, and many countries legally require a guest register.
- Lead guest contact (phone) — so you can reach them on the day; you likely already have it from the channel, but confirm it.
- Anything legally mandated where your property is — in much of the EU (Spain, Italy, Portugal, France, and others) you must register guests and sometimes report ID to the authorities. Check your local rule; it overrides everything below.
- Optional, only if you act on it: special requests, dietary notes, what they’re visiting for. Useful for a personal touch — skip if you won’t read it.
The part hosts forget: you’re now a data controller
The moment you collect a guest’s name, contact details or ID, you’re processing personal data — and under the GDPR (and similar laws), that comes with responsibilities. This isn’t scary, but it isn’t optional either. The good news is that doing it properly mostly means collecting less.
Four principles cover the vast majority of what a small host needs:
- Data minimisation — collect only what you need for a stated purpose. “Might be handy” is not a purpose.
- Purpose and lawful basis — be clear why you’re asking. Legal guest-registration is one basis; preparing the stay (contract) is another. Marketing consent is separate and must be opt-in.
- Retention — don’t keep it forever. Delete check-in data once the stay (and any legal retention period) is over. Local registration laws sometimes set a minimum keep-time — follow it, then delete.
- Security — don’t email passport photos around or keep them in a shared Drive folder. They should live in one access-controlled place and be deleted on schedule.
ID and passports: collect carefully, or not at all
ID is the highest-risk thing you can ask for, so treat it as a special case. First question: does your local law actually require it? In some countries you must register guests with the police or a tourism authority; in others you have no business holding an ID document at all.
If you do need it: collect it through a secure channel (not WhatsApp or plain email), capture only the fields the law requires rather than a full scan when possible, and delete it on a fixed schedule once the obligation lapses. If you don’t need it: don’t ask. A passport scan you’re not legally required to hold is pure liability — if it leaks, it’s on you.
When to send the check-in request
Timing matters more than hosts expect. Too early and the guest hasn’t thought about logistics; too late and you’ve lost the planning value.
A reliable rhythm: send the check-in link 3–5 days before arrival, with a friendly nudge the day before if it’s still incomplete. Tie it to a clear payoff for the guest — “complete check-in to get your door code and arrival instructions” — so finishing the form unlocks something they want.
Turn check-in data into a better stay
The details you collect are only worth collecting if they change something. Arrival time lets you plan the turnover and decide whether to greet in person. Party size confirms the linen and welcome setup. And if you ask what guests are visiting for — hiking, a quiet week, a family trip — you can point them at the right local recommendations the moment they arrive.
This is where check-in stops being admin and becomes hospitality: the guest fills in one short form, and the stay quietly reshapes itself around them.
Doing this without a spreadsheet (where hejGuide fits)
You can run online check-in with a form tool and a spreadsheet — plenty of hosts do. It works until you’re juggling retention dates by hand and copying arrival times between tabs. A guest-experience tool ties it together: the check-in link is part of the same guest portal as the guidebook, the data sits in one place tied to the booking, and completing check-in can unlock the door code and arrival instructions automatically.
In hejGuide, online check-in is a short branded wizard the guest opens from their booking — it skips steps that don’t apply, captures arrival time, guests and anything you’ve configured, and feeds straight into the same inbox and guidebook your guest already uses. No separate form, no spreadsheet, no stray passport scans in your email.
How online check-in works in hejGuideFrequently asked questions
Is online check-in legally required?
Online check-in itself isn’t — but guest registration often is. Many countries (Spain, Italy, Portugal, France and others) require you to register guests and sometimes report ID to the authorities. Online check-in is simply a convenient way to collect what the law already asks for. Check the rule where your property is.
Do I have to collect guests’ ID?
Only where local law requires it. If it doesn’t, don’t — an ID document you’re not obliged to hold is a liability if it ever leaks. Where you must collect it, use a secure channel and delete it on a fixed schedule once the obligation ends.
How long can I keep guest check-in data?
Only as long as you need it for the stay, plus any minimum period your local registration law sets. After that, delete it. “Keeping it just in case” isn’t a lawful reason under the GDPR.
What if a guest refuses to check in online?
Keep a simple fallback — collect the legally required details another way at arrival. Online check-in should make the common case effortless, not lock out the guest who’d rather do it in person.
Online check-in that feels like hospitality
A short, branded check-in your guests finish from their phone — arrival time, guests and the essentials, tied to the booking and the guidebook. Free to try.
Free plan available · No credit card · Set up in minutes