HHotelX
FeaturesPricingAboutTry now
Start free trialSign in
Concierge OSv2.0
Legal

Privacy Policy.

Last updated · April 2026

Your privacy matters to us. This policy explains what data we collect, why we collect it, and how we keep it safe.

Information We Collect

Account data. When you create an account we collect your name, email address, hotel name, and billing information.

Usage data. We automatically collect information about how you interact with the platform — pages visited, features used, timestamps, device type, and browser version.

Guest interaction data. When guests use the QR-based concierge, we process service requests, feedback ratings, and language preferences on behalf of your hotel.

Cookies. We use strictly necessary cookies for authentication and session management, plus optional analytics cookies (only with your consent).

How We Use Your Data

We use the information we collect to provide, maintain, and improve the HotelX service; to communicate important updates about your account; and to comply with applicable legal obligations.

We never use guest data for our own marketing. Guest data is processed solely to deliver the concierge service on behalf of your hotel.

Data Sharing

We do not sell your personal information. Period. We share data only with service providers that are strictly necessary to operate the platform:

  • Hosting: AWS (eu-central-1)
  • Payment processing: Stripe
  • Email delivery: Resend
  • Deployment: Vercel

Each provider is bound by a Data Processing Agreement and processes data only on our instructions.

Data Retention

We retain your account data for as long as your account is active. If you request deletion, we will remove your personal data within 30 days, except where we are legally required to retain it.

Guest Data

Guest data is processed on behalf of the hotel. The hotel acts as the data controller and HotelX acts as the data processor. Our responsibilities are governed by a Data Processing Agreement (DPA) between HotelX and each hotel.

Security

We implement industry-standard security measures including encryption at rest (AES-256) and in transit (TLS 1.3), SOC 2 Type II aligned practices, and regular penetration testing by independent third parties.

Your Rights

Under the GDPR and applicable data protection laws, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your data in a portable format (data portability)
  • Object to processing based on legitimate interests

To exercise any of these rights, contact us at privacy@hotelx.app.

Children

HotelX is not directed at children under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 16, we will delete it promptly.

International Transfers

Your data is stored in the European Union (AWS eu-central-1, Frankfurt). Where transfers outside the EU are necessary, we rely on EU Standard Contractual Clauses to ensure an adequate level of protection.

Changes to This Policy

We will notify you via email at least 30 days before any material changes to this Privacy Policy take effect. Non-material changes may be posted directly on this page.

Contact

Tadmit Interactive Ltd., Israel.
For privacy inquiries, reach us at privacy@hotelx.app.