Privacy Policy

Last updated: May 9, 2025

Sumi ("we", "our", or "us") operates an AI-powered guest communication platform for hotels and hospitality businesses. This Privacy Policy explains how we collect, use, and protect information when hotels use our service and when hotel guests interact with our system via WhatsApp or other messaging channels.

1. Information We Collect

We collect the following types of information:

• Hotel account data: Name, email address, business name, and billing information provided during registration.
• Guest messaging data: WhatsApp messages, phone numbers, and conversation history between hotel guests and the AI assistant.
• Booking data: Check-in/check-out dates, guest names, room preferences, and reservation details shared during conversations.
• Usage data: Platform usage metrics, message counts, and feature interactions used to improve the service.

2. How We Use Information

• To operate the AI guest communication service on behalf of hotels.
• To process and respond to guest inquiries and booking requests.
• To forward conversations to hotel staff when human assistance is needed.
• To improve the accuracy and performance of our AI models.
• To provide hotels with analytics and conversation history via the dashboard.

3. WhatsApp and Meta Platform Data

Our service integrates with the WhatsApp Business API via Meta. Messages sent to a hotel's WhatsApp number are received by our platform and processed by our AI. We comply with Meta's Platform Terms and Messaging Policies. Guest phone numbers and message content are stored securely and used solely to operate the hotel's communication service.

4. Data Sharing

We do not sell personal data. We share data only:

• With the hotel that the guest is communicating with (the hotel is the data controller for their guests).
• With AI processing services (such as Google Gemini) strictly for generating responses — no data is used to train third-party models.
• With cloud infrastructure providers (Firebase / Google Cloud) for secure data storage.
• When required by law or to protect legal rights.

5. Data Retention

Conversation history is retained for as long as the hotel account is active. Hotels may request deletion of guest data at any time via the dashboard or by contacting us. Guest data is deleted within 30 days of a valid deletion request.

6. Security

We use industry-standard security measures including encryption in transit (TLS), encrypted storage, and access controls. WhatsApp message signatures are verified using Meta's HMAC protocol on every request.

7. Guest Rights

Hotel guests who wish to access, correct, or delete their personal data should contact the hotel they communicated with directly, as the hotel is the data controller for guest conversations. Hotels may contact us to action these requests.

8. Cookies

Our hotel dashboard uses session cookies for authentication. We do not use tracking or advertising cookies.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date. Continued use of the platform after changes constitutes acceptance.

10. Contact

For privacy questions or data requests, contact us at: privacy@getsumi.co