Privacy Policy

Effective Date: April 1, 2026 · Last updated: April 1, 2026

1. Who We Are

StayDirectAI ("we," "us," or "our") operates the platform at staydirect-ai.com. We provide AI-powered direct booking tools for independent hotels, including B2B sales outreach automation and B2C guest journey automation. This Privacy Policy explains how we collect, use, share, and protect information when you use our website or platform.

2. Information We Collect

2.1 Information You Provide

  • Property intake form submissions (hotel name, city, room count, contact name, email, phone, PMS provider)
  • Account registration details for hotel dashboard access
  • Communications you send to us via email or chat

2.2 Information From Hotel Clients (On Behalf Of)

When a hotel subscribes to our platform, we process guest data on their behalf as a data processor. This includes guest names, email addresses, reservation details, and stay history imported from their Property Management System (PMS). We process this data solely to provide the services contracted by the hotel.

2.3 Automatically Collected Data

  • IP address, browser type, operating system, referring URLs
  • Pages visited, time spent, clicks (via server logs)
  • Cookies and local storage tokens for authentication sessions

3. How We Use Your Information

  • To respond to property intake submissions and schedule discovery calls
  • To provide, maintain, and improve the StayDirectAI platform
  • To generate AI-personalized emails on behalf of hotel clients
  • To track booking attributions and calculate commissions
  • To send transactional communications (invoices, account alerts)
  • To comply with legal obligations

We do not sell personal data to third parties. We do not use guest data from one hotel to benefit another hotel.

4. Third-Party Services

We use the following sub-processors to deliver the platform:

  • Supabase — database and authentication (PostgreSQL, hosted on AWS)
  • Anthropic / OpenAI — AI text generation (Claude and GPT-4o models). Prompts include guest data as context. Both providers contractually prohibit training on API data.
  • SendGrid — transactional email delivery for guest emails
  • Instantly.ai — B2B cold email delivery (corporate contacts only, not hotel guests)
  • Apollo.io — B2B contact enrichment (business emails of corporate contacts, not hotel guests)
  • Stripe — payment processing for commission invoices
  • Vercel — hosting and serverless compute

5. Data Retention

Guest and reservation data is retained for the duration of a hotel's subscription plus 90 days after termination, at which point it is purged. AI action logs (token counts, costs) are retained for 24 months for billing and audit purposes. You may request earlier deletion by contacting us.

6. Security

We implement industry-standard security measures including: AES-256-GCM encryption for stored API keys, HTTPS/TLS for all data in transit, Row-Level Security on all database tables, and least-privilege access controls. No system is perfectly secure — we will notify you of any confirmed data breach within 72 hours as required by applicable law.

7. Your Rights (GDPR / CCPA)

Depending on your location, you may have rights to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data ("right to be forgotten")
  • Object to processing or withdraw consent
  • Data portability (receive your data in a machine-readable format)

Hotel clients may submit erasure requests on behalf of their guests. To exercise your rights, contact us at privacy@staydirect-ai.com.

8. B2B Cold Email Compliance

All B2B cold emails generated and sent via our platform comply with the CAN-SPAM Act and GDPR Recital 47 (legitimate interest for business-to-business communication). Every email includes a physical mailing address and a one-click unsubscribe mechanism. Unsubscribes are honored within 10 business days and contacts are permanently suppressed.

9. Cookies

We use strictly necessary cookies for authentication sessions and security. We do not use advertising or cross-site tracking cookies. You may disable cookies in your browser settings, though this may affect platform functionality.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to hotel clients via email at least 14 days before they take effect. The "Last updated" date at the top of this page will always reflect the most recent revision.

11. Contact

For privacy inquiries: privacy@staydirect-ai.com
For general inquiries: hello@staydirect-ai.com