HospitalityFlow

Privacy Policy - HospitalityFlow

Your privacy matters. Learn how we collect, use, and protect your data.

Last Updated: 17 November, 2025

Hospitality Flow ("we," "us," "our") is committed to protecting the privacy and security of your data. This Privacy Policy explains what information we collect, how we use it, and your rights.

1. Information We Collect

We may collect the following types of information:

1.1. Information You Provide

  • Uploaded files (PMS reports, POS data, OTA exports, etc.)
  • Account registration details (name, email, company details)
  • Billing details (for subscription payments)
  • Communication logs (support requests, emails)

1.2. Automatically Collected Information

  • Browser type, IP address, timestamps
  • Usage metrics (workflow runs, dashboard interactions)
  • Device information for performance and security optimisation

2. How We Use Your Data

We use your data to:

  • Process workflows and generate dashboards
  • Deliver insights, notifications, or reports you request
  • Improve the performance of the Services
  • Provide customer support
  • Ensure security and prevent misuse

We never sell personal or guest data.

3. Data Storage & Deletion

Privacy-First Design

HospitalityFlow follows a Process → Deliver → Purge approach. We process your data to deliver insights, then automatically purge sensitive guest information according to your retention policies.

3.1. Default ("Lite/Pro")

For standard users, all uploaded data is processed and then deleted automatically once the workflow completes.

3.2. Dedicated/Enterprise Plans

Dedicated clients may choose to:

  • Store data securely in their own environment
  • Define custom retention periods
  • Maintain audit logs for compliance

4. Legal Basis (GDPR)

We process your data under the following legal bases:

  • Performance of a contract (delivering workflows you request)
  • Legitimate interest (preventing fraud, improving service reliability)
  • Consent (when explicitly required)

5. Data Sharing

We may share data with trusted third-party providers for:

  • Hosting (cloud infrastructure)
  • Payment processing
  • Email delivery
  • Logging and security

These partners must comply with strict data protection requirements. We do not share or sell data to advertisers or external marketing companies.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access: Request a copy of your data
  • Correction: Update inaccurate information
  • Deletion: Request deletion of your data
  • Portability: Receive your data in a structured format
  • Objection: Object to certain data processing
  • Restriction: Request limitation of processing

To exercise these rights, please contact us at privacy@hospitalityflow.ai

7. Security

We implement technical and organizational measures to protect your data, including:

  • Encryption at rest and in transit
  • Strict access controls
  • Regular audits
  • Secure development practices

8. International Transfers

Data may be processed in regions where our cloud infrastructure is located. All transfers follow GDPR-approved safeguards (e.g., SCCs - Standard Contractual Clauses).

9. Children's Privacy

HospitalityFlow is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy periodically. Updates will be posted on this page with the revised date.

11. Contact

For privacy-related questions, contact:

Email: privacy@hospitalityflow.ai

Or visit our Contact Page