Privacy Policy

Account Data

When you register for Hotelary.ai, we collect your name, email address, phone number, hotel name, and business details. This information is necessary to create and manage your account.

Hotel Operational Data

As you use our platform, we process data related to your hotel operations including guest bookings, room inventory, point-of-sale transactions, housekeeping records, staff schedules, and financial records. This data is stored securely and is owned entirely by you.

Usage Analytics

We collect anonymized usage data to understand how our platform is used and to improve our services. This includes page views, feature usage patterns, session duration, and device information.

Cookies

We use cookies and similar technologies to maintain your session, remember your preferences, and improve your experience. See Section 7 for details on our cookie usage.

Service Delivery

We use your data to provide, maintain, and improve Hotelary.ai services including property management, WhatsApp automation, POS operations, inventory tracking, CRM, and analytics.

Improvement

Anonymized usage data helps us understand feature adoption, identify bugs, and prioritize product development. We never use your guest data for this purpose.

Communication

We may send you product updates, security alerts, and support communications. Marketing communications are opt-in only and you can unsubscribe at any time.

Legal Compliance

We may process your data to comply with applicable laws, regulations, legal processes, or enforceable government requests.

Your data is stored on Supabase infrastructure with enterprise-grade security. We implement the following measures to protect your information:

• Encryption: All data is encrypted at rest (AES-256) and in transit (TLS 1.3).
• Access Controls: Role-based access control ensures only authorized personnel can access your data.
• Row Level Security: Database-level tenant isolation ensures your data is completely separated from other hotels.
• Regular Backups: Automated daily backups with point-in-time recovery.

We use the following third-party services to deliver our platform. Each provider has their own privacy policy and meets our data protection standards:

• Supabase — Database hosting and authentication
• WhatsApp Business API (Meta) — Guest messaging and automation
• Payment Processors (Stripe / Razorpay) — Payment processing (we do not store card details)
• Analytics — Anonymized usage analytics to improve our product

• Active Account: Your data is retained for as long as your account is active and as needed to provide you services.
• Deleted Account: Upon account deletion, we retain your data for 90 days in case of accidental deletion. After 90 days, all data is permanently purged from our systems.
• Legal Obligations: We may retain certain data longer if required by applicable law (e.g., financial records for tax compliance).

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: Request a copy of all personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data, subject to legal retention requirements.
• Data Portability: Request your data in a structured, machine-readable format for transfer to another provider.
• Withdraw Consent: Withdraw your consent for data processing at any time, where consent is the legal basis.

To exercise any of these rights, please contact us at privacy@hotelary.ai.

We use the following categories of cookies:

• Essential Cookies: Required for the platform to function. These include authentication tokens and session identifiers.
• Analytics Cookies: Help us understand how visitors interact with our website. All data is anonymized.
• Preference Cookies: Remember your settings and preferences for a better experience.

We do not use advertising or tracking cookies. We do not participate in ad networks or sell data to advertisers.

• GDPR (EU Users): We comply with the General Data Protection Regulation for users in the European Economic Area. Our legal basis for processing is contractual necessity and legitimate interest.
• IT Act 2000 (India): We comply with the Information Technology Act, 2000 and the IT (Reasonable Security Practices and Procedures) Rules, 2011.
• DPDP Act 2023 (India): We comply with the Digital Personal Data Protection Act, 2023, including data principal rights and consent requirements.

Hotelary.ai is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a minor, please contact us immediately and we will take steps to delete it.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you at least 30 days in advance via email or an in-app notification. Your continued use of Hotelary.ai after the effective date of the revised policy constitutes your acceptance of the changes.

If you have questions about this Privacy Policy or our data practices, please contact us:

• Privacy Inquiries: privacy@hotelary.ai
• Data Protection Officer: dpo@hotelary.ai
• Mailing Address: Geeks and Beasts Consulting Pvt Ltd, Noida, Uttar Pradesh, India