Privacy Policy

Last updated: February 3, 2026

GuestBot ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered guest concierge service.

1. Information We Collect

1.1 Information You Provide

Account Information: Email address, name, and password when you create an account
Property Information: Property details, addresses, WiFi credentials, access codes, house rules, and local recommendations
Booking Information: Guest names, phone numbers, check-in/check-out dates
Communication Data: Messages sent through our contact form

1.2 Information Collected Automatically

Usage Data: How you interact with our service, features used, and actions taken
Device Information: Browser type, operating system, device identifiers
Log Data: IP addresses, access times, pages viewed

1.3 Guest Information

Verification Data: Last 4 digits of phone number (used only for verification, not stored long-term)
Chat Data: Questions asked to the AI concierge

If you are located in the European Economic Area (EEA), you have certain data protection rights under the General Data Protection Regulation (GDPR).

        Your Rights Under GDPR
        Right to Access: Request copies of your personal data
Right to Rectification: Request correction of inaccurate data
Right to Erasure: Request deletion of your personal data
Right to Restrict Processing: Request limitation of data processing
Right to Data Portability: Request transfer of your data
Right to Object: Object to processing of your personal data
Right to Withdraw Consent: Withdraw consent at any time

      

Legal Basis for Processing

Contract Performance: Processing necessary to provide our services
Legitimate Interests: Improving our service, security, fraud prevention
Consent: Where you have given explicit consent
Legal Obligation: Compliance with applicable laws

3. CCPA Compliance (California Users)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights regarding your personal information.

        Your Rights Under CCPA
        Right to Know: Request disclosure of personal information collected
Right to Delete: Request deletion of personal information

            Right to Opt-Out: Opt-out of sale of personal information (we do not sell personal
            information)
          
Right to Non-Discrimination: Not be discriminated against for exercising your rights

      

We do not sell personal information. We do not share personal information for cross-context behavioral advertising.

4. How We Use Your Information

Provide and maintain our AI concierge service
Process and verify guest bookings
Generate AI-powered responses to guest questions
Improve and personalize user experience
Communicate with you about your account and service updates
Ensure security and prevent fraud
Comply with legal obligations

5. Data Sharing and Disclosure

We do not sell your personal information. We may share information with:

Service Providers: Third-party vendors who help us operate our service (e.g., cloud hosting, AI processing)
Legal Requirements: When required by law or to protect our rights
Business Transfers: In connection with a merger, acquisition, or sale of assets

6. Data Security

We implement appropriate technical and organizational measures to protect your data:

Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)
Access Controls: Strict access controls and authentication
Infrastructure: Hosted on Google Cloud Platform with enterprise-grade security
Monitoring: Continuous security monitoring and incident response

7. Data Retention

Account Data: Retained while your account is active
Property Data: Retained until you delete your property or account
Booking Data: Retained for 90 days after checkout
Guest Chat Data: Automatically deleted 7 days after checkout
Verification Data: Not stored beyond the verification session

8. Cookies and Tracking

We use minimal cookies necessary for the service to function. Below is a detailed breakdown of the cookies we use:

Cookie Name	Type	Duration	Purpose
__session	Essential	Session	Maintains your login session and authentication state
firebase-auth	Essential	Persistent	Firebase authentication token for secure access
guestbot_verified	Functional	24 hours	Stores guest verification status to avoid repeated verification
theme_preference	Functional	1 year	Remembers your display theme preference

Cookie Categories

Essential Cookies: Required for the service to function. Cannot be disabled.
Functional Cookies: Enhance your experience by remembering preferences.

        What We Don't Use
        Analytics Cookies: We do not use Google Analytics or similar tracking
Advertising Cookies: We do not serve ads or track for advertising
Third-Party Tracking: We do not share data with advertising networks
Cross-Site Tracking: We do not track your activity across other websites

      

Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies will prevent you from using GuestBot. Most browsers allow you to:

View and delete cookies
Block third-party cookies
Block all cookies from specific sites
Clear all cookies when you close the browser

9. International Data Transfers

Your data may be processed in the United States. We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses where required.

10. Children's Privacy

Our service is not directed to children under 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

Email: privacy@guestbot.io
Address: GuestBot, Miami, Florida, USA

Data Protection Officer

For GDPR-related inquiries, you may contact our Data Protection Officer at: dpo@guestbot.io

13. Supervisory Authority

If you are in the EEA and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority.