Privacy Policy

MyHotelOps ("MyHotelOps", "we", "us") provides hospitality operations software to hotel property owners. This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and the rights you have over your information.

• Account information, name, work email, hotel name, optional phone number, and your account password (stored hashed by our authentication provider).
• Tenant content, files, photos, videos, documents, event records, vendor credentials, and other content you upload or create inside MyHotelOps.
• Billing information, your subscription status, invoice history, and payment-method metadata (last-4, brand). Full card numbers are stored exclusively with Stripe and never reach our servers.
• Usage and operational data, IP address, browser/device info, timestamps, and pages visited, used to operate and secure the service.
• Support communications, emails or messages you send to support@myhotelops.com or that we send you about your account.
• Market Intelligence inputs, your property's public identifier (Google Place ID) and the positioning band you supply (ADR floor and ceiling). The Google Place ID is resolved automatically from your property's name and address; you can override or clear it on the in-app Settings hub. These inputs are used solely to populate your own analytics; they are never sold or shared with other tenants.

• Provide, operate, and improve the service.
• Authenticate you and protect against unauthorized access.
• Process payments and manage subscriptions.
• Send transactional emails (password resets, billing notices, account changes).
• Send the daily Market Intelligence briefing email to your organization's owner. Org-level opt-out is available on the in-app Settings hub; you can also opt out via the unsubscribe link in any briefing email.
• Respond to support requests.
• Comply with legal obligations and enforce our agreements.

We do not sell your personal information.

The Market Intelligence module observes external commercial signals around your property to produce a daily briefing. By accepting our Terms of Service at signup, you authorize MyHotelOps to read these public signals on your behalf, no separate per-data-source confirmation is required inside the product. We integrate the following sources; each operates under its own privacy and terms of use:

• Published OTA rates.We read the nightly rates your competitors publicly list on the major online travel channels (Booking.com, Expedia, and others). This is public commercial data; no guest or personal information is involved. Live rates are cached for at most 24 hours. Historical derived signals (e.g. "Saturdays are 12% below comp set median") are retained for trend analysis.
• Public-data APIs, Ticketmaster Discovery, Eventbrite, Wikipedia (events + pageviews), Open-Meteo, NWS, Frankfurter (ECB FX), Nager.Date (public holidays), and public US statistical series (FRED, TSA). Used to surface concerts, conventions, sports, festivals, holidays, weather, search demand, and macro travel trends. No personal data is collected from these sources.
• Google Places, comp set and nearby venues. We call the Google Places API to discover the hotels in your competitive set and the venues (arenas, convention centers, theaters) that drive demand around your property. Only business listing data is read: names, locations, categories. No personal data is involved.
• Google Places, your property's reviews. We call the Google Places API to read up to five of your property's most-relevant publicly-displayed Google reviews per week. These feed the rating average, sentiment trend, and top themes in your Review Intelligence card. Reviewer names are HMAC-hashed before storage; no contact information is collected.
• Google Places, competitor reviews. We call the Google Places API to read up to five publicly-displayed Google reviews per week from each hotel in your detected competitive set (typically 10-15 hotels within ~3 miles of your property). These feed the competitor-comparison delta in your Review Intelligence card. Same HMAC-hashing rule applies; no contact information is collected.
• TripAdvisor. We match your property to its public TripAdvisor listing automatically (from its name and location) and periodically read that public review page to surface a 30-day rating, comp-set rank, guest-sentiment themes, and reputation movements. Same HMAC-hashing rule applies; no contact information is collected.

What we do not do. We do not collect personal data about your guests from any of these sources. We do not attempt to identify, profile, or contact any individual reviewer or attendee. We do not integrate with your PMS, booking engine, reservation system, or any other internal hotel system.

The Market Intelligence module may generate the daily briefing's prose using a third-party AI model (currently Anthropic's Claude). Only the structured signal set for your property (e.g. demand outlook, comp-set median, event list) plus our rule-based draft are sent to the model for rewording. No raw guest data, reservation data, or identifiable third-party content is sent. Anthropic is contracted not to use this content to train their models. If you prefer to disable AI rewording, contact support@myhotelops.com.

We rely on the following service providers to operate MyHotelOps. Each is bound by their own privacy and security commitments:

• Supabase, database and authentication (US/EU regions).
• Cloudflare, object storage (R2), CDN, and edge compute (global).
• Stripe, payment processing and billing (PCI-DSS Level 1).
• Resend, transactional email delivery.
• Vercel, application hosting.
• Anthropic, large-language-model inference for the Market Intelligence daily briefing rewording. Anthropic is contracted not to use submitted content to train their models. See the "AI processing" section above for what is sent.
• Google (Maps + Places), the map view in the Market Intelligence module uses Google Maps JavaScript API to render tiles, and the Google Places API to discover nearby hotels with their public name, rating, review count, and photo. We send your property's latitude and longitude to Google to perform the search; we do not send any guest data. Google's usage of these queries is governed by their own privacy policy.

We retain your account and tenant content while your subscription is active. After cancellation, we retain it for up to 30 days to support reactivation, then permanently delete it unless we are required to keep it longer to comply with law or resolve disputes. Backups expire automatically on a rolling 30-day window.

Market Intelligence signals are retained indefinitely while your subscription is activeso that the daily briefing can compare today's market against historical trends (a year-over-year demand chart, for example, requires at least a year of stored signal). On cancellation, your property-scoped signals follow the same 30-day deletion window as the rest of your tenant content.

You can access and update most account information from yourMyHotelOps dashboard. To exercise rights of access, correction, deletion, portability, or restriction (including under GDPR, UK GDPR, CCPA/CPRA, or LGPD), email support@myhotelops.com. We respond within 30 days.

We use industry-standard practices to protect your data: TLS in transit, encryption at rest, role-based access controls, and least-privilege secret management. No system is perfectly secure; we encourage you to use a strong, unique password and never share your credentials.

MyHotelOps is a business product not intended for individuals under 18. We do not knowingly collect personal information from children.

MyHotelOps is operated from the United States. If you access the service from outside the United States, you understand that your information may be transferred to and processed in the United States and other countries where our sub-processors operate.

We may update this Privacy Policy from time to time. Material changes will be communicated by email or in-product notice at least 7 days before they take effect. Continued use of MyHotelOps after changes take effect constitutes acceptance.

Questions or requests under this Privacy Policy can be sent to support@myhotelops.com or by post: