Legal
Privacy Policy
Last updated: 4 July 2026 · Effective: 4 July 2026
1. Who we are
HotelFox is operated by Softwarepluz, a company registered in India (Karnataka), GSTIN 29ADQFS4753D1ZM. For any privacy or data-protection matter, contact us at hello@hotelfox.ai.
We provide a guest engagement and upsell automation platform for hospitality businesses ("the Service"). This policy explains how we collect, use, store, and protect personal data in connection with the Service.
2. Data we collect
We collect personal data in the following contexts:
2.1 Hotel staff and administrators
- Account registration data (name, work email, password hash)
- Hotel and property details you provide during onboarding
- Usage logs, session data, and platform activity
2.2 Your hotel guests
As a data processor acting on your instructions, we process guest data that you or your guests supply, including:
- Name, email address, and phone number
- Booking details (arrival/departure dates, room type, special requests)
- Conversation history via WhatsApp or email
- Engagement activity (message opens, upsell responses)
2.3 Website visitors
- Contact form submissions (name, email, hotel name, message)
- Standard server logs (IP address, browser, referrer)
3. Legal basis for processing
We rely on the following legal bases under India's Digital Personal Data Protection Act, 2023, and — for guests in the EU/UK — the GDPR:
- Contract — to deliver the Service you have subscribed to
- Legitimate interests — to improve the platform, prevent fraud, and maintain security
- Consent — for optional communications such as product newsletters
- Legal obligation — where required by law (e.g. tax records, regulatory requests)
For guest data processed on behalf of hotel customers, we act as a data processor. The hotel is the data controller and is responsible for ensuring a lawful basis exists for communicating with their guests.
4. How we use your data
- Providing, maintaining, and improving the Service
- Sending automated guest communications on behalf of hotels
- Processing upsell offers and tracking conversion outcomes
- Sending product updates, security notices, and support responses
- Analysing platform usage to identify and fix issues
- Complying with legal and regulatory requirements
We do not sell personal data to third parties. We do not use guest data for advertising purposes.
5. Data sharing and sub-processors
We share personal data only where necessary to deliver the Service:
- Cloud infrastructure — servers and databases hosted on AWS (Mumbai, ap-south-1)
- Transactional email — TurboSMTP for notification delivery
- Messaging — WhatsApp Business API (Meta Platforms) for guest messaging
- Analytics — anonymised, aggregated platform metrics only
All sub-processors are bound by data processing agreements and apply appropriate data-protection safeguards. A full list of sub-processors is available on request.
6. Data retention
- Account data — retained for the duration of your subscription plus 90 days after termination
- Guest conversation data — retained for 24 months or as configured by the hotel
- Contact enquiries — retained for 2 years
- Server logs — retained for 30 days
7. Your rights
Under the DPDP Act — and the GDPR where it applies to you — you have the right to:
- Access — request a copy of personal data we hold about you
- Rectification — correct inaccurate or incomplete data
- Erasure — request deletion of your data where no legal basis for retention exists
- Restriction — limit how we process your data in certain circumstances
- Portability — receive your data in a structured, machine-readable format
- Objection — object to processing based on legitimate interests
To exercise any of these rights, email hello@hotelfox.ai. We will respond within 30 days. Hotel guests should contact their hotel directly, as HotelFox acts as a processor on the hotel's behalf.
8. Cookies and tracking
Our marketing website uses a minimal set of cookies:
- Theme preference — stores your light/dark mode choice (localStorage, not transmitted to servers)
- Session — a short-lived session cookie required for authenticated users of the platform
We do not use third-party advertising or tracking cookies on this website.
9. Security
We implement industry-standard security measures including TLS encryption in transit, AES-256 encryption at rest, access controls, and regular security reviews. No method of transmission over the internet is 100% secure; we take all reasonable steps to protect your data.
10. International transfers
Data is primarily stored in India (AWS Mumbai, ap-south-1). Where data is transferred across borders, we rely on Standard Contractual Clauses or equivalent safeguards.
11. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be communicated by email or via a prominent notice in the platform. Continued use of the Service after changes take effect constitutes acceptance of the revised policy.
12. Contact and complaints
For privacy-related questions, contact us at hello@hotelfox.ai.
If you believe we have not handled your personal data correctly, you have the right to lodge a complaint with the Data Protection Board of India, or the relevant supervisory authority in your jurisdiction.