Privacy Policy

1. Introduction

This Privacy Policy explains how Restlytics ("we," "us," or "our") collects, uses, stores, and protects your personal information when you use our hotel demand intelligence platform.

By using Restlytics, you agree to the collection and use of information in accordance with this policy. This policy is effective as of March 1, 2026.

2. Information We Collect

Account Information

When you create an account, we collect:

• Full name and email address
• Password (stored as a cryptographic hash)
• Company or hotel name
• Job title or role
• Billing information (processed securely by Stripe — we do not store credit card numbers)

Property Data You Upload

To provide forecasting and analytics, we collect property data you voluntarily upload:

• Historical occupancy, Average Daily Rate (ADR), and Revenue Per Available Room (RevPAR)
• Booking records and pace data
• Rate plans and pricing configurations
• Room type definitions and inventory
• Property location and market segment

Data We Generate

Based on your data and our algorithms, we generate:

• Demand forecasts and occupancy predictions
• Rate recommendations and pricing guidance
• AI-generated insights and morning briefings
• Platform usage analytics (features used, pages visited, time spent)
• AI interaction logs (prompts sent to AI models and responses received)

Data from Third Parties

We receive data from trusted third-party providers:

• PredictHQ: Event data including concerts, conferences, sports events, and festivals
• Makcorps: Competitor rate shopping data from publicly available sources
• Stripe: Payment transaction data and billing history

Automatically Collected Information

When you access Restlytics, we automatically collect:

• IP address and approximate geographic location
• Browser type, version, and language preferences
• Device type and operating system
• Cookies and session identifiers
• Pages visited, features used, and navigation patterns
• Timestamps of actions taken within the platform

3. How We Use Your Information

We use your information to:

• Provide and operate the Restlytics platform
• Generate demand forecasts, rate recommendations, and AI-powered insights
• Process billing and manage subscriptions
• Send transactional emails including morning briefings, daily digests, alerts, and team invitations
• Improve the platform based on usage patterns and feedback
• Generate anonymized, aggregated benchmarking data (with opt-in consent only)
• Provide customer support and respond to inquiries
• Detect and prevent fraud, abuse, or security incidents
• Comply with legal obligations and enforce our Terms of Service

4. Data Sharing and Disclosure

We do NOT sell your personal or property data to third parties.

We share data with trusted service providers who help us operate the platform:

• Supabase: Database hosting and authentication
• Vercel: Application hosting and infrastructure
• Stripe: Payment processing
• Resend: Transactional email delivery
• Anthropic: AI-powered features (Claude API)

We may share anonymized, aggregated data for benchmarking purposes, but we never share individual property data without your explicit consent.

We may disclose your information if required by law, court order, or to protect our legal rights and the safety of our users.

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity. We will notify you before your information becomes subject to a different privacy policy.

5. AI Data Processing

When you use AI-powered features, your property data is sent to Anthropic's Claude API to generate insights, briefings, and recommendations.

We send structured data including occupancy statistics, pricing information, and event context. We do not send raw personal information such as guest names or contact details.

Anthropic processes this data in accordance with their usage policy and does not use customer data to train AI models. AI interaction logs (prompts and responses) are stored in our database for:

• Usage tracking and cost monitoring
• Quality assurance and improving AI outputs
• Debugging and support purposes

You can view your AI usage history in your account dashboard.

6. Data Storage and Security

Your data is stored on Supabase, a secure PostgreSQL database platform, with the following protections:

• Encryption in transit: All data transmitted between your browser and our servers uses TLS/HTTPS encryption
• Encryption at rest: All stored data is encrypted on disk
• Row-level security: Database policies ensure users can only access their own tenant's data
• Tenant isolation: Multi-tenant architecture prevents cross-tenant data access
• Authentication: Passwords are hashed using industry-standard algorithms
• Monitoring: Regular security audits and real-time threat detection

Our infrastructure is hosted in the United States with geographically distributed backups for disaster recovery.

7. Data Retention

We retain your data according to the following schedule:

• Active accounts: Data is retained for the duration of your subscription
• Cancelled accounts: Data is retained for 30 days to allow for account recovery
• After 30 days: Account data is permanently deleted
• Anonymized benchmark data: May be retained indefinitely
• AI interaction logs: Retained for 12 months
• Payment records: Retained as required by law (typically 7 years for tax compliance)

You may request immediate deletion of your data by contacting us at hello@restlytics.io.

8. Your Rights

You have the following rights regarding your personal data:

• Access: Request a copy of all data we hold about you
• Correction: Update inaccurate information through your account settings
• Deletion: Request deletion of your account and all associated data
• Export: Download your property data in CSV format
• Opt-out: Decline participation in anonymized benchmarking
• Unsubscribe: Manage email notification preferences in your account settings

To exercise these rights, contact us at hello@restlytics.io or use the data export and deletion tools in your account settings.

9. Cookies and Tracking

We use cookies and similar technologies for:

• Essential cookies: Authentication, session management, and security (required for the platform to function)
• Analytics cookies: Understanding platform usage patterns using PostHog (optional)

We do not use advertising cookies or third-party tracking pixels. You can disable non-essential cookies through your browser settings, though this may affect platform functionality.

10. Children's Privacy

Restlytics is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from minors. If we become aware that a user is under 18, we will promptly delete their account and data.

11. International Data Transfers

Restlytics is operated from the United States, and your data is stored and processed in the United States. By using our platform, you consent to the transfer of your data to the United States.

We comply with applicable data protection laws including GDPR and CCPA. If you are located outside the United States, your data is protected by the same security measures described in this policy.

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information we collect, use, and share
• Right to request deletion of your personal information
• Right to opt-out of the sale of personal information (note: we do not sell personal information)
• Right to non-discrimination for exercising your privacy rights

To exercise these rights, contact us at hello@restlytics.io with the subject line "CCPA Request."

13. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

• Access: Obtain a copy of your personal data
• Rectification: Correct inaccurate data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Limit how we process your data
• Portability: Receive your data in a machine-readable format
• Objection: Object to certain types of data processing

Our legal basis for processing your data is:

• Contract performance: Processing necessary to provide the Service
• Legitimate interest: Improving the platform and preventing fraud

To exercise your GDPR rights, contact us at hello@restlytics.io with the subject line "GDPR Request." You also have the right to lodge a complaint with your local data protection authority.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes via email at least 30 days before they take effect.

Continued use of Restlytics after changes become effective constitutes your acceptance of the updated policy.

15. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

Email: hello@restlytics.io

Subject line for privacy requests: "Privacy Request"

Address: Austin, TX, United States