logo

Introduction

This version published 30 October 2025.

This Privacy Policy explains how Hotelworld AI Limited (“we”, “us”, or “our”) collects, uses, shares, and protects personal data when providing AI agent services to business customers. We are committed to compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the EU AI Act. This policy describes your rights and our obligations regarding your information.

What Data We Collect

We may collect the following categories of personal data:

  • Identification and contact data (e.g., name, email, company)
  • Usage data (e.g., interactions with our AI agents, logs)
  • Customer-provided content (e.g., queries, uploaded documents)
  • Technical data (e.g., IP address, device information)
  • Social media data

Data Collection and Use (Microphone and Camera)

Where required in order to provide the service to our client and / or the users we may require access to a device’s microphone and camera.

  • Explicit Access Request: We will explicitly request your permission before accessing your device's microphone or camera. This permission is necessary only when you choose to use the live chat features, such as voice or video calls.
  • Purpose of Collection: We access your microphone to capture your audio and your camera to capture your video only for the purpose of facilitating a real-time, live voice or video conversation with another user or a customer support representative within the app.
  • Data Minimization: We only activate your microphone and/or camera when you are actively using a chat feature that requires it (e.g., initiating a video call). The access will cease immediately when the chat session ends or when you disable the feature.
  • No Covert Use: We strictly do not use your device's microphone or camera to record or monitor your conversations or surroundings without your knowledge or when the chat feature is not actively in use.
  • Content Retention:
    • Voice recordings: content is converted to text for retention and use by our clients in order to provide improved services to users. Raw recordings are not stored.
    • Images / videos: are only ever requested for use to provide a resolution to a reported problem. These are retained for access by the client and held in line with our standard retention policy.

How and Why We Use Your Data

We process personal data for the following purposes:

  • To provide, maintain, and improve our AI agent services
  • To respond to user queries and support requests
  • To monitor, audit, and enhance AI performance and compliance
  • To comply with legal and regulatory obligations
  • For security, fraud prevention, and risk management

We only process personal data for specified, explicit, and legitimate purposes, and do not use it in ways incompatible with those purposes.

AI-Specific Processing and Automated Decisions

Our AI agents may process personal data autonomously to deliver services, including automated decision-making. Where such processing has legal or significant effects, data subjects have the right to request human intervention, express their point of view, and contest decisions.

We may use information from public social media profiles to better understand customer preferences and enhance the services provided to customers. We do this based on our clients’ legitimate interest in improving the experience of their customers. You have the right to object to this processing at any time.

We provide clear, plain-language explanations of how our AI agents operate, including the logic, significance, and consequences of automated decisions, as required by GDPR and the EU AI Act.

Data Sharing and Third Parties

We may share your data with:

  • Authorized service providers and partners (subject to strict contractual controls)
  • Regulatory authorities if required by law
  • Other parties with your explicit consent

If we use third-party AI platforms, we disclose their identity and ensure they meet GDPR and CCPA requirements.

Data Subject Rights

You have the following rights, subject to applicable law:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data (“right to be forgotten”)
  • Restriction: Request restriction of processing
  • Objection: Object to certain processing, including direct marketing and automated decisions
  • Portability: Request transfer of your data to another provider

For California residents, you may also opt out of the sale or sharing of personal information and request information about data disclosures.

Data Minimization, Security, and Retention

We collect only the data necessary for our stated purposes and retain it only as long as required by law or business needs. We implement robust security measures, including encryption, access controls, and regular audits, to protect your data from unauthorized access or disclosure.

Data Governance, Monitoring, and Compliance

We conduct Data Protection Impact Assessments (DPIAs) for high-risk processing, as required by GDPR and the EU AI Act. Our systems are regularly monitored for compliance, and we maintain detailed records of processing activities, consent, and data access.

International Data Transfers

If your data is transferred outside your jurisdiction (e.g., from the EU to the US), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or equivalent mechanisms.

Changes to This Policy

We may update this Privacy Policy to reflect changes in law or our practices. We will notify you of significant updates and post the revised policy on our website.

Contact Us

For questions or to exercise your rights, contact us at:compliance@hotelworld.ai or visit