GuestAI← Back to Home

Privacy Policy

Last updated: March 14, 2026

1. Introduction

GuestAI ("we", "our", "us") operates the guestai.chat website and the GuestAI platform (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

The data controller responsible for your personal data is:

GuestAI

Thessaloniki, Greece

Email: privacy@mg.guestai.chat

3. Information We Collect

3.1 Information You Provide

  • Account Data: Name, email address, and authentication credentials when you create an account.
  • Property Data: Property details, addresses, WiFi credentials, check-in instructions, photos, and documents you upload to the knowledge base.
  • Guest Data: Guest names, phone numbers, email addresses, booking dates, and language preferences that you (as a host) provide.
  • Payment Data: Billing information processed securely through our payment provider (Stripe). We do not store credit card numbers on our servers.
  • Communications: Messages exchanged between guests and the AI assistant, and between hosts and our support team.
  • Waitlist Data: Email address and language preference when you sign up for the waitlist.

3.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, and interaction patterns within the platform.
  • Device Data: Browser type, operating system, IP address, and device identifiers.
  • Cookies: Authentication tokens and session identifiers necessary for the Service to function.

3.3 Information from Third Parties

  • Booking Platforms: Guest reservation data imported from Airbnb, Booking.com, or VRBO via iCal feeds or API integrations that you authorize.
  • Authentication Providers: Profile information from Google or Facebook when you use social login.
  • Messaging Platforms: Messages received via WhatsApp (through Twilio) or email (through Mailgun).

4. How We Use Your Information

We use your information for the following purposes:

  • Service Delivery: To operate the AI guest communication platform, process messages, and deliver automated responses.
  • AI Processing: To generate contextual responses using AI language models (OpenAI, Google). Property knowledge and guest messages are sent to these providers for processing. No data is used to train third-party AI models.
  • Message Delivery: To send and receive messages via WhatsApp (Twilio) and email (Mailgun).
  • Account Management: To manage your account, process payments, and provide customer support.
  • Automation: To execute scheduled messages and automation rules you configure.
  • Analytics: To understand usage patterns and improve the Service (aggregated, non-personal data).
  • Legal Compliance: To comply with applicable laws and respond to legal requests.

5. Legal Basis for Processing (GDPR)

  • Contract Performance: Processing necessary to provide the Service you subscribed to (Art. 6(1)(b) GDPR).
  • Legitimate Interest: Analytics and service improvement, fraud prevention, and platform security (Art. 6(1)(f) GDPR).
  • Consent: Waitlist signup, marketing communications, and optional cookies (Art. 6(1)(a) GDPR).
  • Legal Obligation: Tax records, invoicing, and compliance with applicable laws (Art. 6(1)(c) GDPR).

6. Data Sharing & Third-Party Processors

We do not sell your personal data. We share data only with the following categories of processors, strictly for Service delivery:

ProviderPurposeData SharedRegion
SupabaseDatabase & AuthAll platform dataEU
OpenAIAI chat responsesMessages, property knowledgeUS
Google (Gemini)Welcome messagesProperty contextUS
TwilioWhatsApp messagingPhone numbers, messagesUS/EU
MailgunEmail deliveryEmail addresses, contentEU
StripePaymentsBilling dataUS/EU

All processors are bound by data processing agreements (DPAs) and are required to protect your data in accordance with GDPR standards.

7. Data Retention

  • Account Data: Retained for the duration of your account. Deleted within 30 days of account closure.
  • Guest Conversations: Retained for 12 months after the guest's checkout date, then automatically deleted.
  • Property Knowledge: Retained while your account is active. Deleted with account closure.
  • Payment Records: Retained for 7 years as required by tax regulations.
  • Waitlist Data: Retained until you unsubscribe or the waitlist is closed.
  • AI Usage Logs: Retained for 12 months for billing and debugging purposes, then anonymized.

8. Your Rights (GDPR)

Under GDPR, you have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data ("right to be forgotten").
  • Restriction: Request restriction of processing in certain circumstances.
  • Portability: Receive your data in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interests.
  • Withdraw Consent: Withdraw consent at any time (where processing is based on consent).

To exercise any of these rights, contact us at privacy@mg.guestai.chat. We will respond within 30 days.

9. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption in transit (TLS/HTTPS) and at rest (AES-256)
  • PII encryption for sensitive fields (WiFi passwords, phone numbers)
  • Row-level security (RLS) in the database
  • JWT-based authentication with secure session management
  • Rate limiting and CAPTCHA protection on public endpoints
  • Regular security audits and vulnerability assessments

10. International Data Transfers

Some of our processors (OpenAI, Twilio, Stripe) are based in the United States. These transfers are protected by Standard Contractual Clauses (SCCs) approved by the European Commission and the EU-US Data Privacy Framework where applicable.

11. Cookies

We use only essential cookies required for the Service to function (authentication tokens, session management). We do not use tracking cookies, advertising cookies, or analytics cookies that require consent.

12. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us to have it removed.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights:

Email: privacy@mg.guestai.chat

You also have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA) at www.dpa.gr.