Privacy Policy

Last updated: 1 January 2026 · Effective date: 1 January 2026

Summary: The Residence Concierge operates a WhatsApp-based AI concierge platform for hotels. We collect hotel and guest data solely to provide the service. We do not sell personal data. We comply with GDPR and applicable Cypriot data protection law.

1. Who We Are

The Residence Concierge ("we", "us", "our") is a technology company registered in Cyprus, operating a WhatsApp-based AI concierge platform for hotels and hospitality businesses. Our platform enables hotels to provide 24/7 automated guest communication via WhatsApp, manage bookings with service partners, and earn commission revenue.

Our registered address is: Limassol, Cyprus.
For privacy enquiries, contact us at: privacy@theresidenceconcierge.com

2. Data We Collect

We collect and process the following categories of personal data:

Hotel clients: Business name, contact name, email address, phone number, hotel configuration details, and billing information.
Hotel guests (via WhatsApp): WhatsApp phone number, messages sent and received, room number, check-in and check-out dates, language, booking requests, and service preferences.
Service partners: Business name, contact name, WhatsApp number, and service details.
Website visitors: IP address, browser type, pages visited, and any information submitted via contact forms.

3. How We Use Your Data

We use personal data to:

Operate and deliver the concierge platform to hotel clients
Process and respond to guest WhatsApp messages via AI
Route booking requests to the appropriate service partners
Send automated guest journey messages (pre-arrival, in-stay, post-checkout)
Track and reconcile commission payments between hotels and partners
Provide the hotel staff dashboard and administrative tools
Respond to enquiries and provide customer support
Comply with legal obligations

4. Legal Basis for Processing

Under GDPR, we rely on the following legal bases:

Contractual necessity: Processing hotel and partner data is necessary to fulfil our service agreement.
Legitimate interests: Processing guest data as instructed by hotels, where the hotel is the data controller for its guests.
Consent: Where required for marketing communications.
Legal obligation: Where required by applicable law.

5. WhatsApp and Meta

Our platform operates through the WhatsApp Business API, provided by Meta Platforms Ireland Limited. When guests communicate with hotels using our service, those messages pass through WhatsApp's infrastructure. Meta's privacy policies apply to the transmission of messages via WhatsApp. We act as a data processor on behalf of the hotel (the data controller) in respect of guest communications.

By using a hotel's WhatsApp concierge service powered by The Residence Concierge, guests consent to receiving automated AI responses and to having their requests processed by our platform on behalf of the hotel.

6. Data Sharing

We do not sell personal data. We share data only in the following circumstances:

Hotels: Guest message data and booking information is visible to the relevant hotel's staff through our dashboard.
Service partners: Booking details (name, phone, request) are shared with the relevant partner (e.g. taxi driver) to fulfil a confirmed booking.
Sub-processors: We use trusted third-party services including Anthropic (AI), Twilio (messaging), Supabase (database), Vercel (hosting), and Stripe (payments). All are bound by appropriate data processing agreements.
Legal requirements: Where required by law, court order, or regulatory authority.

7. Data Retention

We retain data for as long as necessary to provide the service and comply with legal obligations:

Guest conversation data: 24 months after check-out, then anonymised
Booking records: 7 years (tax and legal compliance)
Hotel account data: Duration of contract plus 2 years
Website enquiry data: 12 months

8. Your Rights

Under GDPR, you have the right to:

Access your personal data
Rectify inaccurate data
Erase your data ("right to be forgotten")
Restrict processing
Data portability
Object to processing
Lodge a complaint with a supervisory authority

To exercise your rights, contact us at privacy@theresidenceconcierge.com. We will respond within 30 days.

9. Cookies

Our website uses essential cookies only, required for basic site functionality. We do not use tracking or advertising cookies. No third-party analytics are loaded without consent.

10. Security

We implement appropriate technical and organisational measures to protect personal data, including encryption in transit (TLS), encrypted databases, access controls, and regular security reviews. Our platform is hosted on Vercel's infrastructure with industry-standard security certifications.

11. International Transfers

Our sub-processors (Anthropic, Twilio, Supabase, Vercel) may process data in the United States. Where personal data is transferred outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) as approved by the European Commission.

12. Children's Data

Our service is not directed at children under 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16 without parental consent, we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to hotel clients by email. The "last updated" date at the top of this page indicates when the policy was last revised.

14. Contact Us

For any privacy-related questions, requests, or complaints:

Email: ferran.diaz92@gmail.com
General enquiries: ferran.diaz92@gmail.com
Address: Limassol, Cyprus

You also have the right to lodge a complaint with the Commissioner for Personal Data Protection (Cyprus): www.dataprotection.gov.cy