info@hotelmentor.ai  |  +385(91)9719-051

Fedezd Fel

Privacy Policy

Last updated: March 25, 2026

1. Data Controller Information

Company name: More Tourist Agency

Address: Croatia, 51514 Dobrinj, Čižići 307/a

TAXID: HR77693428025

OIB: 77693428025

MB: 03525759

Company registration number (MBS): 040027211

License number: HR-AB-51-040027211

Email: kapcsolat@hotelmentor.ai

Website: https://hotelmentor.ai

Product: HotelMentor.AI — AI-powered hotel management and customer service platform.

2. What Personal Data We Collect

2.1. Account Data

When you register for HotelMentor.AI, we collect:

– Full name

– Email address

– Organization/company name

– Password (stored in hashed form)

2.2. Guest Communication Data

When guests communicate with your business through channels managed by HotelMentor.AI (email, website chat, Facebook Messenger), we collect:

– Name and email address (if provided)

– Message content and conversation history

– Timestamps and metadata

– IP address (for website chat)

2.3. Facebook Messenger Data

When a user sends a message to a Facebook Page connected to our Service, we collect:

– Facebook public profile information (name, profile picture) via Facebook Graph API

– Message content sent to the Page

– Facebook Page-scoped User ID (PSID)

– Conversation timestamps

2.4. Knowledge Base Data

Documents, files, and content uploaded to the knowledge base by account holders.

2.5. Usage Data

– Browser type and version

– Pages visited within the platform

– Feature usage statistics

– Login timestamps

2.6. Cookies

We use essential cookies for authentication and session management. See Section 8 for details.

3. Purpose of Data Processing

We process personal data for the following purposes:

a) Providing the Service — managing guest communications, generating AI responses, task management

b) Customer support — responding to inquiries via email, chat, and Messenger

c) AI-powered responses — using knowledge base content to generate automated replies to guest messages

d) Analytics — improving the Service based on usage patterns

e) Security — preventing unauthorized access and detecting abuse

f) Legal compliance — meeting regulatory obligations

4. Legal Basis for Processing (GDPR Art. 6)

– Contract performance (Art. 6(1)(b)) — processing necessary to provide the Service to registered users

– Legitimate interest (Art. 6(1)(f)) — processing guest messages to provide customer service requested by the guest

– Consent (Art. 6(1)(a)) — where explicitly obtained (e.g., newsletter subscription)

– Legal obligation (Art. 6(1)(c)) — tax and accounting requirements

5. Facebook Messenger Integration

5.1. When a business connects their Facebook Page to HotelMentor.AI, we receive and process Messenger messages sent to that Page.

5.2. We use the pages_messaging permission to:

– Receive messages from users who initiate contact with the Page

– Send automated AI-powered responses on behalf of the business

– Enable business staff to respond manually when needed

5.3. We do NOT:

– Send unsolicited or promotional messages via Messenger

– Sell or share Messenger user data with third parties

– Use Messenger data for advertising purposes

– Store Messenger data for AI model training

5.4. Messenger users can request deletion of their data by contacting the business directly or emailing kapcsolat@hotelmentor.ai.

6. AI Processing

6.1. We use artificial intelligence (powered by OpenAI and similar providers) to generate responses to guest inquiries based on the business’s knowledge base.

6.2. Message content is sent to AI service providers for processing. These providers:

– Process data according to their data processing agreements

– Do not use the data for model training (when using API endpoints)

– Are bound by appropriate data protection agreements

6.3. AI-generated responses may contain inaccuracies. Business operators are responsible for monitoring and correcting AI responses.

7. Data Sharing and Third-Party Processors

We share data with the following categories of processors:

– Supabase Inc. — database hosting and authentication (EU region, Frankfurt, Germany)

– OpenAI / AI service providers — message processing for AI responses

– Facebook/Meta — Messenger platform integration (governed by Meta’s Data Policy)

– Vercel / hosting providers — application hosting

We do not sell personal data to third parties.

8. Cookies

Essential cookies:

– Authentication session cookies (required for login)

– Language preference cookie

– CSRF protection token

We do not use third-party tracking or advertising cookies.

9. Data Retention

– Account data: retained while the account is active, deleted within 30 days of account closure

– Guest communication data: retained for the duration of the business account, unless earlier deletion is requested

– Facebook Messenger data: retained as part of conversation history, deletable upon request

– Server logs: retained for 30 days

– Backups: retained for 90 days

10. Data Security

We implement appropriate technical and organizational measures:

– Encryption in transit (TLS/SSL)

– Encryption at rest for sensitive data

– Row-Level Security (RLS) for multi-tenant data isolation

– Regular security audits

– Access controls and authentication

11. Your Rights Under GDPR

You have the right to:

a) Access — request a copy of your personal data

b) Rectification — correct inaccurate data

c) Erasure — request deletion of your data („right to be forgotten”)

d) Restriction — restrict processing of your data

e) Data portability — receive your data in a machine-readable format

f) Object — object to processing based on legitimate interest

g) Withdraw consent — where processing is based on consent

To exercise these rights, contact us at kapcsolat@hotelmentor.ai. We will respond within 30 days.

12. International Data Transfers

Data is primarily stored within the European Union (Frankfurt, Germany). Where data is transferred outside the EU (e.g., to AI service providers in the US), we ensure appropriate safeguards through Standard Contractual Clauses (SCCs) or adequacy decisions.

13. Children’s Privacy

Our Service is not directed to individuals under 16. We do not knowingly collect personal data from children.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification. The „Last updated” date at the top indicates the most recent revision.

15. Contact and Complaints

For questions about this Privacy Policy or data processing:

Email: kapcsolat@hotelmentor.ai

You also have the right to lodge a complaint with:

– Croatian Personal Data Protection Agency (AZOP): https://azop.hr

– Or the data protection authority in your country of residence