Privacy Policy

This Privacy Policy explains how GuestSaga Technologies Inc. ("GuestSaga", "we", "us", "our") collects, uses, stores, and protects personal data when hotels deploy our AI concierge platform. It also explains the rights of hotel guests and hotel staff under applicable data protection law.

GuestSaga serves hotels across Canada, the United Arab Emirates, and other jurisdictions. This policy is designed to comply with the General Data Protection Regulation (GDPR), Quebec Law 25 (Act 25), Canada's PIPEDA, and the UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection (UAE PDPL).

1. Who We Are

GuestSaga Technologies Inc. is a Canadian company that builds AI-powered guest communication software for hotels. Our registered office is in Canada.

In the context of data protection law:

• The hotel is the data controller — they decide what data is collected and how guest interactions are used within their property.
• GuestSaga is the data processor — we provide the technical platform and process data only on the hotel's instructions.

For questions about how a specific hotel handles your data, contact that hotel directly. For questions about our platform's data practices, contact us using the details at the end of this page.

2. What Data We Collect

When a guest communicates with a hotel via GuestSaga (through WhatsApp or Telegram), the following data is collected and stored:

Guest data

• Phone number — used to identify the guest within the hotel's account. Never cross-referenced across hotels.
• Display name — as provided by the messaging platform (e.g. WhatsApp display name), if available.
• Message content — text and transcribed voice messages, used to respond to requests and generate staff tasks.
• Language preference — detected from messages to personalise replies.
• Stay details — room number, check-in and check-out dates, number of guests — if uploaded to GuestSaga by the hotel from their reservation system.
• Do Not Disturb status — set when a guest sends STOP or a hotel manager manually enables it. Suppresses all outbound messages.
• AI training consent status — whether the guest has consented to their anonymised conversations being used to improve GuestSaga's AI model (see Section 5).

Hotel staff and admin data

• Email address and display name — for login accounts created by the hotel manager.
• Role and department — to scope access within the admin console.
• Login activity — last login timestamp for security.

What we do NOT collect

• Credit card numbers or payment information (these are redacted before storage if detected).
• Passport numbers, national IDs, or document details (these are redacted before storage if detected).
• Health or medical information beyond what a guest voluntarily shares in a message.
• Device identifiers, cookies, or tracking pixels from guest devices.

3. How We Use the Data

We use the data collected solely to operate the GuestSaga platform for the hotel that has contracted with us. Specifically:

• Respond to guest messages in real time, in their language, 24 hours a day.
• Detect the guest's intent (room service order, spa booking request, emergency, etc.) and generate an appropriate reply.
• Create structured staff tasks routed to the correct hotel department.
• Generate proactive service offers to guests based on time of day and stay context (e.g. late-night snack suggestions) — only for guests who have already sent at least one message.
• Log upsell revenue and staff time-saving metrics for hotel management reporting.
• Improve GuestSaga's AI model using anonymised, consent-gated conversations (see Section 5).

4. Who We Share Data With

We do not sell guest data. We do not share guest data with advertisers, data brokers, or marketing platforms.

Data may be accessed by or transmitted to the following parties in the course of operating the platform:

• The hotel — hotel managers and authorised staff access guest conversations and tasks through the GuestSaga admin console. This is the primary intended use.
• Supabase — our database provider (managed PostgreSQL). All data is encrypted at rest (AES-256) and in transit (TLS). Supabase operates in the EU and US regions.
• OpenAI — guest messages are sent to OpenAI's GPT-4o-mini API for intent detection and reply generation. OpenAI's API data usage policy prohibits OpenAI from using API inputs/outputs to train its models. Guest messages sent to OpenAI are not retained by OpenAI beyond the immediate API call, under their Zero Data Retention (ZDR) policy for API customers.
• Twilio — for WhatsApp message delivery. Twilio processes the phone number and message content to send and receive WhatsApp messages.
• Telegram Bot API — for Telegram message delivery, where the hotel uses the Telegram channel.
• GuestSaga staff — our engineers may access anonymised or pseudonymised data to diagnose technical issues. Access is logged and restricted on a need-to-know basis.

We maintain Data Processing Agreements (DPAs) with all third-party processors that handle personal data.

5. AI Training Consent

GuestSaga intends to train its own proprietary AI model (GuestSaga Brain) using real hotel conversations. This will allow us to replace dependency on OpenAI entirely with a hospitality-specific model trained on real in-stay data — making the system smarter and more private over time.

What "consented" means in practice

• Conversations used for AI training are fully anonymised — phone numbers, names, room numbers, and any detected PII are removed or replaced before any training pipeline sees the data.
• The anonymised data is used only within GuestSaga's own model training infrastructure. It is not shared with OpenAI, third-party data brokers, or any other company.
• A guest's consent status and the timestamp of any change are recorded. This provides a full audit trail.

How to opt out

• Contact the hotel directly and ask a manager to withdraw your AI training consent.
• Email us at priyanka@guestsaga.com with your hotel name and phone number. We will process the request within 5 business days.
• Once opted out, your conversations are excluded from all future training. Previously anonymised data in a training run cannot be retroactively removed (as it no longer contains identifiers) but no further runs will include your conversations.

6. Your Rights

Depending on where you are located, you have the following rights over your personal data:

To exercise any of these rights, contact us using the details in Section 9. We will respond within 30 days — the deadline required by Quebec Law 25 and GDPR. For urgent erasure requests (e.g. safety-related), we aim to complete within 5 business days.

You also have the right to lodge a complaint with your local data protection authority if you believe your rights have not been respected:

• Canada (Quebec): Commission d'accès à l'information (CAI) — cai.gouv.qc.ca
• EU / UK: Your national data protection authority (e.g. ICO in the UK, CNIL in France)
• UAE: UAE Data Office — uaedataoffice.gov.ae

7. Right to Erasure — How It Works

When a guest or hotel manager submits an erasure request, GuestSaga performs the following operations:

• The guest's phone number is replaced with an anonymised token. The original number is no longer stored.
• The guest's name, room number, and stay dates are removed.
• The Do Not Disturb flag is set to true — no further messages will be sent to that number.
• The AI training consent flag is set to false.
• All message content is passed through a two-pass PII redaction pipeline: standard PII (card numbers, emails, document numbers) and hospitality-specific PII (room numbers, flight codes, arrival dates, times).
• Message metadata (direction, timestamps, language, channel) is retained to preserve the statistical integrity of the hotel's analytics — no personal data remains in these fields.
• A full audit log entry is written, including a partial hash of the original phone number for trail purposes (so we can confirm the request was completed if asked by a regulator).

8. Data Retention

Guest data is retained for as long as the hotel maintains an active account with GuestSaga, or until:

• The guest submits an erasure request (see Section 7).
• The hotel account is terminated — at which point all associated guest data is scheduled for deletion.
• The hotel submits a bulk data deletion request for departed guests.

Hotel staff admin accounts are retained until deleted by the hotel manager or when the hotel account is terminated.

Audit logs are retained for 12 months for legal and security purposes, then deleted.

9. Security

We take the security of personal data seriously. Our technical measures include:

• AES-256 encryption at rest — all data stored in our database is encrypted.
• TLS 1.2+ in transit — all data transmitted between your device, our servers, and third-party processors is encrypted in transit.
• Service role key isolation — our database uses a server-side service role key. No public-facing API key has write access to guest data.
• Hotel-scoped access control — every admin user can only access data for their own hotel. Cross-hotel data access is not possible, even for users with elevated roles.
• No RLS dependency — access control is enforced at the application layer by hotel_id scoping on every query, not solely on database-level RLS policies.

In the event of a data breach that affects personal data, we will notify the affected hotel and, where required by law, the relevant data protection authority, within 72 hours of becoming aware of the breach (GDPR Art. 33) or as soon as practicable (Quebec Law 25, UAE PDPL).

10. Contact Us

For any privacy-related questions, requests, or complaints, contact us directly:

11. Changes to This Policy

We may update this Privacy Policy as our platform evolves or as laws change. When we make material changes, we will update the "Last updated" date at the top of this page. For hotels under contract, material changes will be communicated by email at least 30 days before they take effect.

Continued use of GuestSaga's platform after changes take effect constitutes acceptance of the updated policy.