Last updated: September 15, 2025
This Privacy Policy explains how HotelMapping.ai (“we,” “us,” “our”) collects, uses, shares, and protects personal data in connection with our hotel/room mapping SaaS (the “Service”).
Role clarity. For Customer Data (your uploads), you are the controller and we act as a processor/service provider, processing strictly on your instructions to deliver the Service. For Account, Billing, Usage, and our website analytics, we act as a controller.
Controller: HotelMapping.ai
Address: Istanbul, Türkiye
Contact: support@hotelmapping.ai
Account Data (controller): name, email, password hash, team/org info.
Billing Data (controller): limited details required for purchase (billing name, address, tax/VAT ID). Payments are processed by our providers (e.g., Paddle.com as Merchant of Record, or others). We do not store full payment card numbers.
Customer Data / Uploads (processor): files/lists you upload for mapping or de-duplication (e.g., property identifiers, room names/descriptions, geodata, catalog fields). Avoid uploading personal data unless necessary.
Usage & Logs (controller): device info, IP, timestamps, feature usage, performance, and error logs.
Cookies/Similar Tech (controller): functional cookies for authentication/session; optional analytics subject to consent where required.
Role. For Customer Data (including Source/Target Data), you are controller; we act as processor/service provider. We process solely to provide and secure the Service. We do not sell Customer Data or use it for advertising or training public models.
Lawful basis & notices. You are responsible for ensuring a lawful basis and providing any required notices to data subjects for Customer Data.
Third-party datasets. If Customer Data includes third-party datasets (e.g., GIATA, Vervotech, Hotelbeds, GoGlobal), you are responsible for ensuring our processing is permitted by your agreement with the third party.
Security & subprocessors. We implement appropriate technical and organizational measures. We may engage vetted subprocessors (e.g., cloud hosting, logging, email delivery) under written commitments to equivalent protections; a current list is available upon request.
Retention & deletion. We retain Customer Data while your account is active and for a limited period thereafter for backup/audit/legal compliance. Upon request or termination, we will delete or return Customer Data within a reasonable time, except where retention is legally required (e.g., audit logs, defense of claims).
Data-subject requests. If we receive a request relating to Customer Data, we will notify you and, where feasible, direct the requester to you. We will reasonably assist you in meeting your obligations (fees may apply where permitted).
Data Processing Addendum (DPA). A DPA reflecting these roles/obligations is available upon request at support@hotelmapping.ai
• Provide the Service (contract).
• Billing, fraud prevention, and compliance (contract, legal obligation, legitimate interests).
• Improve quality and accuracy—e.g., tuning heuristics and scoring using usage signals and aggregated/anonymous data (legitimate interests). We do not use Customer Data in a way that would identify your datasets outside your account.
• Support & communications (contract, legitimate interests; consent where applicable).
• Security (legitimate interests, legal obligation).
We share data with service providers who help operate the Service (hosting, storage, email, analytics, payments). Where Paddle.com acts as Merchant of Record, Paddle is an independent controller for payment/tax data. We may disclose data to comply with law, enforce terms, or protect rights, safety, and security. In a corporate transaction (merger, acquisition, or sale of assets), personal data may be transferred subject to this Policy.
We may transfer data internationally subject to appropriate safeguards (e.g., Standard Contractual Clauses, data-transfer impact assessments where required). Details available on request.
Account data is retained for the duration of your account and as needed for legal/contractual obligations. Uploaded files may be deleted automatically after processing or at your request. Minimal logs/records may be retained for security, auditing, and compliance.
We use technical and organizational measures appropriate to the risk, including access controls, encryption in transit/at rest (where applicable), segregation, and least-privilege practices. No system is perfectly secure; please use strong passwords and enable any offered security features.
Depending on your location (e.g., EEA/UK under GDPR, California under CCPA/CPRA, Türkiye under KVKK), you may have rights to access, correct, delete, restrict, port, or object to certain processing, and to withdraw consent where processing is based on consent.
To exercise rights, contact support@hotelmapping.ai. You may also lodge a complaint with your local supervisory authority (e.g., your EU/UK DPA, the KVKK Authority in Türkiye, or the California Attorney General for certain issues).
The Service is not directed to children. Do not use the Service if you are under the age required to consent to data processing in your jurisdiction.
We use essential cookies for login and session. Where we use analytics or non-essential cookies, we will obtain consent where required and provide controls to manage preferences.
We may update this Policy; material changes will be communicated within the Service or via email. Continued use after the effective date constitutes acceptance.
Address: Istanbul, Türkiye
Contact: support@hotelmapping.ai
