1. Introduction

This Privacy Policy describes how [Your Company Name] ("we," "us," or "our") collects, uses, and discloses information in connection with your use of our GiGi AI service (the "Service").

This policy is directed at the hotel, resort, or property management company ("you," "Hotel," or "Client") that subscribes to our Service. It covers two types of data:

1. Hotel Data: Information we collect from you to manage your account.

2. Guest Data: Information we process on your behalf as part of providing the Service.

This policy is incorporated into our Terms of Service. By using GiGi AI, you agree to the practices described in this policy.

2. Our Role as a Data Processor

This is a critical distinction for legal compliance (e.g., GDPR):

• You (the Hotel) are the "Data Controller." You own all the data related to your guests ("Guest Data"). You determine the purposes and means of processing this data (e.g., you decide to use GiGi AI to contact guests for pre-arrival checks).

• We (GiGi AI) are the "Data Processor." We only process Guest Data on your behalf and in accordance with your instructions (which you provide by subscribing to and configuring the Service).

For "Hotel Data" (e.g., your billing information, admin contact email), we act as the Data Controller.

3. Information We Process

A. Hotel Data (We are the Controller)

We collect information necessary to create and maintain your account, provide support, and manage billing:

• Account Information: Company name, administrator name, business email, phone number.

• Billing Information: Billing address, credit card information, or other payment details, which are processed by our third-party payment processor.

• Support & Communication: Any information you provide when you contact us for support or other communications.

B. Guest Data (We are the Processor)

On your behalf, GiGi AI processes data from your Apaleo PMS and other systems to function. This includes:

• Guest Personal Information: Guest name, phone number.

• Reservation Information: Room number, reservation ID, arrival/departure dates, rate plan.

• Folio & Financial Information: Folio ID and specific charges that GiGi is instructed to post (e.g., minibar items, late check-out fees).

• Voice & Audio Data: Audio recordings and subsequent transcripts of conversations between your guests (or staff) and the GiGi AI.

• Operational Data: Room cleaning status ("Dirty," "Clean"), maintenance ticket details (e.g., "Broken light room 315"), guest feedback (e.g., "5/5 score").

4. How We Use Information

A. Hotel Data

We use your Hotel Data for our legitimate business interests:

• To provide, maintain, and improve the Service.

• To process payments and manage your subscription.

• To send you technical notices, security alerts, and support messages.

• To respond to your comments and questions.

• To send you marketing communications (in accordance with your preferences).

B. Guest Data

We use Guest Data only as instructed by you to provide the features of the Service. Our purposes for processing are:

• To Fulfill Staff Commands: To process a housekeeper's voice command to update a room's status in Apaleo.

• To Fulfill Guest Requests: To process a guest's voice request for more towels and route it to the correct department.

• To Perform Automated Actions: To identify an upcoming reservation in Apaleo and execute a pre-arrival confirmation call.

• To Post Financial Data: To post a charge for a minibar item or a late check-out fee to the correct guest folio in Apaleo.

• To Conduct BI & Reporting: To query Apaleo reports and provide answers to authorized managers (e.g., "What is occupancy tonight?").

We will never use your Guest Data to market to your guests, sell this data to third parties, or use it for any purpose other than providing and improving the GiGi AI service as agreed.

5. Data Sharing & Sub-processors

GiGi AI is an integration platform. To function, we must share data with key third-party services ("Sub-processors") that provide our core infrastructure. We have data processing agreements with these sub-processors to ensure they protect your data.

Our essential sub-processors are:

1. Vapi.ai: Processes all audio streams and performs speech-to-text transcription for the voice conversations.

2. Make.com: Serves as the automation and workflow platform (the "brain") that executes the business logic, connecting Vapi.ai and Apaleo.

3. Apaleo PMS: GiGi AI connects to your Apaleo instance to read and write data as instructed by you (the Hotel).

We may also share information in the following circumstances:

• With your consent or at your direction.

• To comply with a legal obligation, court order, or government request.

• To protect our rights, property, or safety, or that of our users or the public.

• In connection with a merger, sale, or acquisition of our business.

6. Data Security

We take the security of your data seriously. We use appropriate technical and organizational measures to protect the information we process from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. These measures include encryption in transit (SSL/TLS), access controls, and secure infrastructure.

However, no internet-based service is 100% secure, and we cannot guarantee absolute security.

7. Data Retention

• Hotel Data: We retain your Hotel Data for as long as your account is active and for a reasonable period thereafter as necessary to comply with our legal and financial obligations.

• Guest Data: Our retention policy is to store Guest Data for the minimum time necessary to provide the Service.

  • Audio Recordings: Voice recordings are deleted immediately after transcription by our sub-processor (Vapi.ai).

  • Transcripts & Logs: Conversation transcripts and processing logs (held in Make.com) are retained for a limited period (e.g., [specify, e.g., 30 days]) for troubleshooting and support, after which they are permanently deleted.

  • Apaleo Data: All data written back to Apaleo (e.g., charges, room status, notes) is retained according to your hotel's data retention policies.

8. Your (The Hotel's) Responsibilities

As the Data Controller, you are responsible for:

• Ensuring you have a legal basis (e.g., guest consent, legitimate interest) to use the GiGi AI service, especially for proactive outbound calls (e.g., Pre-Arrival and Post-Stay calls).

• Informing your guests (e.g., in your own privacy policy) that you use third-party services like GiGi AI to process their data, including voice interactions.

• Managing and responding to data rights requests from your guests (e.g., right to access, right to deletion).

9. Guest Data Rights

Your guests must come to you (the Hotel) to exercise their data rights. We are committed to supporting you in fulfilling these requests. If we receive a data rights request directly from a guest, we will forward it to you to manage. We will assist you as needed, within the scope of our Service, to access, amend, or delete Guest Data.

10. International Data Transfers

Our sub-processors may store and process information in locations outside of your home country (including the United States). When we do this, we ensure that appropriate safeguards (such as Standard Contractual Clauses) are in place to protect your data in accordance with applicable laws.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email (sent to the address specified in your account) or by means of a notice within the Service before the change becomes effective.

12. Contact Us

If you have any questions about this Privacy Policy, please contact us at: