© 2025 GuestReply. All rights reserved.
1.1. The controller of personal data (hereinafter referred to as “we,” “us,” “Guestreply,” or the “Company”) is:
Legal form: a company registered in the State of Delaware (USA)
EIN (Tax ID): 994905314
Address: 1401 Pennsylvania Avenue, Wilmington, DE 19806, USA)
Country/Jurisdiction of registration: United States
1.2. All questions, requests, or comments regarding this Privacy Policy and the processing of personal data should be directed to the following email address: support@guestreply.ai
1.3. Guestreply provides services for automating guest communication and managing short-term rentals, utilizing integrations with PMS systems and tools supporting reservation management. Our clients may also include residents of the European Union (EU) or the European Economic Area (EEA), which requires compliance with additional GDPR regulations.
2.1. This Privacy Policy sets out how we collect, store, and process personal data (hereinafter referred to as “Personal Data”) of users (hereinafter “you” or “Users”) in connection with:
Our website, e.g., https://guestreply.ai, and its subdomains,
Our applications (if any – mobile or desktop),
Integrations with third-party Property Management Systems (PMS),
Any other services described on our website.
2.2. The processing of data is necessary for providing our services, including automating guest communication, optimizing reservations, and managing short-term rentals.
Full name – used to identify the User or the person representing a company,
Company name – if you use our services in a business context,
Email address, phone number – for service-related communication, technical support, billing, etc.,
Billing information (e.g., NIP/EIN, business address) – required for invoicing and financial settlements.
Property data – information such as property name, number of rooms, location, if necessary for rental management,
Data from PMS (Property Management Systems) – details on reservations, guests, and booking history, which are essential for automating communication and delivering our services,
Communication records (e.g., email correspondence, chat) – needed to ensure efficient support and service operation.
IP address, device type, browser – automatically collected to ensure security and the proper functioning of our services,
Cookies and similar tracking technologies – used for traffic analysis, saving user preferences, and improving user experience (see section 10 for details).
Registration or contact forms filled out by the User,
Publicly available sources (e.g., company registers, LinkedIn) if we need to verify data,
No external login: we do not allow logging in via Google, Facebook, or similar services.
Automate guest communication – providing 24/7 AI-assisted responses,
Manage short-term rentals – integrating with PMS, syncing bookings, increasing occupancy,
Provide technical support – responding to inquiries, helping with setup,
Analyze and develop services – improving our tools, creating statistics, enhancing functionality,
Conduct marketing activities (if applicable) – informing about new features and offers, sending newsletters (if consent is required),
Ensure security – detecting and preventing misuse.
Users in the USA – we follow federal and state regulations (e.g., in the State of Delaware).
Users in the EU/EEA – we comply with GDPR, specifically:
Necessity for performance of a contract (Article 6(1)(b) GDPR),
Consent (Article 6(1)(a) GDPR) – e.g., for sending newsletters,
Legitimate interest (Article 6(1)(f) GDPR) – analytics, direct marketing, ensuring security,
Legal obligation (Article 6(1)(c) GDPR) – e.g., retaining accounting documents.
If we serve California residents (CCPA) and meet relevant thresholds, we comply with CCPA provisions regarding information and data deletion rights.
Service Providers (Processors)
Hosting companies, cloud providers,
Payment and accounting systems,
Analytical tools (e.g., Google Analytics),
PMS systems for integration.
Public Authorities – when required by law or when official authorities request information based on their legal powers.
Potential Buyers or Investors – in case of asset sales, acquisitions, or mergers, always subject to adequate privacy safeguards.
We aim to enter into appropriate Data Processing Agreements or any other documents required by law with all such parties to ensure a suitable level of protection and security.
We use Standard Contractual Clauses (SCC) approved by the European Commission or equivalent legal mechanisms to safeguard your data.
We may conduct a Transfer Impact Assessment (TIA) to evaluate risks associated with transferring data to third countries.
We commit to applying additional safeguards (e.g., encryption, pseudonymization) if required by EU law.
If you wish to obtain a copy of the safeguards in place (such as SCC), please contact us at support@guestreply.ai.
Account and registration data – until the account is deleted or the cooperation ends,
Accounting and billing documents – in line with legal requirements (e.g., U.S. or EU tax regulations),
Technical data and logs – for the period necessary to analyze incidents and ensure security.
After the retention period ends, the data is irreversibly deleted or anonymized, making it impossible to retrieve.
Right of access – request information on whether we process your data and obtain a copy of such data,
Right to rectification – if your data is outdated or incorrect,
Right to erasure (right to be forgotten) – in specific circumstances,
Right to restrict processing – e.g., if you contest the accuracy of your data,
Right to data portability – if processing is based on consent or contract,
Right to object – if processing is based on legitimate interests,
Right to withdraw consent – if processing is based on consent (this does not affect the lawfulness of processing before withdrawal).
Right to know – the types of data we process,
Right to delete – in specific circumstances,
Right to opt-out of data sales (if applicable),
Right to non-discrimination – for exercising these rights.
We comply with local (federal/state) laws in the United States regarding privacy rights.
To exercise any of the above rights, please contact us at support@guestreply.ai.
SSL/TLS encryption for data transmission,
Securing servers (firewalls, passwords, restricted access),
Regular backups,
Security audits and testing.
Despite these measures, please note that no method of transmitting data over the Internet is 100% secure, and there is always some level of risk.
Ensure proper website functionality,
Perform analytics (e.g., Google Analytics) to understand how Users interact with our site and improve it,
Conduct marketing (if we use marketing pixels or remarketing).
You can manage cookies in your browser settings. Restricting certain cookies may, however, affect the website’s functionality and user experience.
Our services are not directed at individuals under 18 years of age,
We do not knowingly collect data from minors; if you suspect that we have such data, please contact us so we can delete it.
13.1. We reserve the right to modify this Privacy Policy to reflect changes in our practices or legal requirements.
13.2. We will inform Users of any significant changes via a notice on our website and/or an email notification (if we have your email address).
13.3. We encourage Users to periodically review the current version of this Privacy Policy.
If you have any questions, concerns, or requests regarding your personal data, please contact:
Guestreply LLC
1401 Pennsylvania Avenue, Wilmington, DE 19806, USA
Email: support@guestreply.ai
By using the services of Guestreply LLC, you agree to the terms of this Privacy Policy. If you disagree with any part of it, please stop using our services and contact us so we can delete your data (unless this conflicts with legal obligations).
© 2025 GuestReply. All rights reserved.