Privacy Policy

1. Introduction

MigoAI ("we", "us", "our") operates an AI-powered guest communication platform for the hospitality industry. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our services, including our dashboard, AI concierge, and integrations with third-party booking platforms.

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws. By using MigoAI, you acknowledge that you have read and understood this Privacy Policy.

2. Information We Collect

2.1 Account Information

When you register for a MigoAI account, we collect your name, email address, organization name, and login credentials. For organization administrators, we also store role and permission settings.

2.2 Reservation Data

We receive reservation details from your connected booking platforms (such as Booking.com and Airbnb) through channel managers. This includes guest names, email addresses, phone numbers, check-in and check-out dates, number of guests, booking platform, and reservation status.

2.3 Conversation Data

We store messages exchanged between guests and our AI concierge. This includes guest questions, AI-generated responses, timestamps, and the language detected for each conversation. Conversations may be initiated through Booking.com, Airbnb, or our web-based chat interface.

2.4 Property Information

Property owners and managers provide apartment details such as addresses, check-in instructions, WiFi credentials, access codes, house rules, amenities, and local attraction recommendations. This information is used by the AI to assist guests.

2.5 Technical Data

We automatically collect certain technical information when you use our services, including IP addresses, browser type, device information, and access timestamps. This data is used for security monitoring, rate limiting, and service optimization.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Providing our AI concierge service - generating personalized, context-aware responses to guest messages based on property details and reservation information
• Syncing reservations from your connected booking platforms to ensure up-to-date guest information
• Delivering AI responses back to guests through their original messaging channel (Booking.com, Airbnb, or web chat)
• Operating and maintaining the dashboard for property owners and managers to monitor conversations, manage properties, and configure settings
• Ensuring security through rate limiting, threat detection, input validation, and access control
• Improving our AI model's accuracy and the overall quality of our service
• Sending important service updates, security notifications, and account-related communications

4. AI-Generated Content

MigoAI uses artificial intelligence to generate responses to guest messages. Guest messages are sent to our AI provider's API for processing, along with relevant context about the property and reservation. Our AI provider processes this data under strict API terms, which means your data is not used to train AI models.

Individual conversations are not manually reviewed by our staff during normal operations. Conversations may be reviewed for quality assurance, troubleshooting, or when investigating reported issues.

5. Data Sharing & Third Parties

We share your data with the following categories of third parties, only as necessary to provide our services:

• AI Processing Provider - processes guest messages to generate AI responses. Data is sent via their API and handled according to their API data usage policy.
• Channel Manager Providers - sync reservation data and deliver messages between your booking platforms and MigoAI. Credentials are stored encrypted.
• Booking Platforms (Booking.com, Airbnb) - AI responses are sent back to guests through the same platform they used to message you, via the channel manager.
• Infrastructure Providers - we use secure cloud hosting and database services to store and process your data.

We do not sell, rent, or trade your personal data to any third party. We do not share your data with advertisers or marketing companies.

6. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

• Encryption of all data in transit using industry-standard protocols
• Encrypted storage of sensitive credentials at rest
• Secure password hashing using industry-standard algorithms
• Token-based authentication with automatic session expiration
• Database-level access controls for multi-tenant data isolation
• Rate limiting and DDoS protection at multiple layers
• Input validation and sanitization against common attack vectors
• Regular automated database backups
• Security event logging and monitoring

7. Data Retention

We retain your data for as long as your account is active and as needed to provide our services. Specifically:

• Account data - retained while your account is active. Deleted within 30 days of account termination upon request.
• Conversation data - retained for the duration of your service subscription. Historical conversations may be archived for analytics and service improvement.
• Reservation data - retained as long as the associated property is managed through our platform.
• Technical logs - security and performance logs are automatically rotated and deleted after 30 days.

8. Your Rights Under GDPR

If you are located in the European Economic Area (EEA), you have the following rights regarding your personal data:

• Right of Access - you can request a copy of the personal data we hold about you
• Right to Rectification - you can request correction of inaccurate or incomplete data
• Right to Erasure - you can request deletion of your personal data ("right to be forgotten")
• Right to Data Portability - you can request your data in a structured, machine-readable format
• Right to Restrict Processing - you can request that we limit how we use your data
• Right to Object - you can object to the processing of your data for certain purposes
• Right to Withdraw Consent - where processing is based on consent, you can withdraw it at any time

To exercise any of these rights, please contact us at the email address provided below. We will respond to your request within 30 days.

9. Cookies & Tracking

MigoAI uses strictly necessary cookies for authentication and session management. These cookies are essential for the platform to function and cannot be disabled.

We do not use third-party tracking cookies, advertising cookies, or analytics cookies. We do not use any external tracking or advertising scripts.

10. Children's Privacy

MigoAI is a business-to-business service designed for hospitality professionals. Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly.

11. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area, particularly when using AI processing services. When such transfers occur, we ensure appropriate safeguards are in place, including standard contractual clauses approved by the European Commission.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by email or through a prominent notice on our dashboard. The "Last updated" date at the top of this page indicates when this policy was last revised.

13. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have a complaint about how we handle your data, please contact us at:

You also have the right to lodge a complaint with your local data protection authority if you believe your data protection rights have been violated.