Politika privatnosti

Kako rukujemo vašim podacima

Izgradili smo MAIIA Concierge sa svesnim principom: prikupljati minimum potreban da pomognemo gostima, ne deliti ništa sa bilo kim van hotela u kojem boravite, i nikada ne koristiti podatke gostiju za oglašavanje, profilisanje za prodaju, ili bilo koju svrhu van sopstvene usluge i analitike hotela.

Poslednje ažuriranje: April 28, 2026 Važenje: April 28, 2026

Ne prodajemo podatke.

Podaci gostiju se nikada ne prodaju, ne licenciraju, ne trguje se njima, niti se dele sa oglašivačima, brokerima podataka ili marketinškim mrežama.

Ne zahtevamo vaše puno ime.

Ime je opciono, koristi se samo da bi vas asistent mogao prirodno osloviti. Prezime, email, telefon, adresa i lična karta se nikada ne zahtevaju niti čuvaju.

Samo analitika ograničena na hotel.

Svaka konverzacija, događaj i preferenca je izolovan na objekat sa kojim komunicirate. Samo taj hotel može videti podatke svojih gostiju — nikada drugi objekat, nikada mi za svoje sopstvene svrhe.

1. Ko smo mi

MAIIA Concierge vodi MAIIA Innovation Lab (“MAIIA,” “mi,” “nas”), dostupni na office@maiiaconcierge.ai i na webu na maiiaconcierge.ai.

MAIIA Concierge je multi-tenant platforma koja se isporučuje hotelima i hotelij erskim operaterima (svaki, “Hotel”). Kada koristite MAIIA chat widget na web sajtu hotela, MAIIA gost aplikaciju unutar hotela, ili bilo koju drugu MAIIA dodirnu tačku u objektu, Hotel je kontrolor podataka ličnih podataka opisanih u ovoj politici i MAIIA deluje kao obrađivač u ime Hotela. Za podatke koje držimo o potencijalnim klijentima koji nas kontaktiraju direktno preko maiiaconcierge.ai (na primer, zahtevi za demo), MAIIA Innovation Lab je kontrolor.

2. Šta ova politika pokriva

Ova politika se primenjuje na:

  • MAIIA Website Sales Agent (chat widget ugrađen na web sajtove hotela).
  • MAIIA Guest App (concierge iskustvo u sobi ili u objektu).
  • MAIIA Control Center koji koristi hotelsko osoblje.
  • Informacije prikupljene preko maiiaconcierge.ai direktno (uključujući demo i kontakt zahteve).

Ne pokriva prakse privatnosti bilo kog pojedinačnog Hotela, bilo kog booking engine-a treće strane na koji Hotel upućuje, ili bilo kog drugog sajta ili usluge koje deluju nezavisno od MAIIA.

3. What data we collect

3.1 Information you provide directly

  • First name (optional). A single name field, used only so the assistant can address you. Our system has no surname or full-name field. You may use a nickname or skip the field entirely.
  • Stay context. Where applicable: room number or room code, language preference, purpose of stay (e.g. “business,” “honeymoon”), and the hotel property you are interacting with.
  • Preferences. Food interests, point-of-interest interests, and allergens you choose to share so the assistant can give relevant recommendations and dietary warnings.
  • Conversation content. The messages you send to the AI assistant and the assistant’s replies.
  • Demo and contact requests. If you fill in a form on maiiaconcierge.ai, the contact details you provide (typically a work email and message).

3.2 Information collected automatically

  • Anonymous session identifier. A random sessionId is generated to keep your conversation continuous within a session. It is not linked to your identity outside the hotel context.
  • Technical metadata. Timestamps, the channel (website widget vs. guest app), interface language, and basic interaction events (e.g. that a recommendation card was clicked).
  • Local browser storage. The widget uses sessionStorage to keep your chat in view if you refresh the page, and localStorage to remember your chosen interface language and whether you have already dismissed a notification. We do not use cross-site tracking cookies.

3.3 What we do not collect

For clarity, the MAIIA platform does not have fields for, request, or store any of the following from guests:

  • Surname or full legal name
  • Email address (for guest chat — only for B2B contact requests)
  • Phone number
  • Postal address
  • Date of birth
  • Government-issued ID, passport, or document numbers
  • Payment card or banking information
  • Photographs or biometric data
  • Precise geolocation
  • Browsing history outside the chat or app
  • Advertising identifiers or cross-site tracking signals

4. How we use your data

We use the data described above strictly to:

  • Answer your questions and fulfil your requests through the AI assistant, grounded in the Hotel’s own approved content (rooms, menus, services, points of interest).
  • Personalise recommendations within your stay (for example, surfacing dishes that match your dietary preferences, or attractions that match your stated interests).
  • Route action requests to the relevant Hotel team (e.g. housekeeping, restaurant, concierge) when you ask the assistant to do something on your behalf.
  • Provide the Hotel with operational analytics strictly limited to that one Hotel’s own guests. The Hotel sees what its guests asked, what they engaged with, where recommendations succeeded or failed, and where its content has gaps. It does not see any other Hotel’s data.
  • Stress-test and improve the assistant’s quality for that Hotel using our anti-hallucination simulation system, so guests get accurate answers before, not after, the system goes live.
  • Operate, secure, and debug the service (rate-limiting, fraud and abuse prevention, error diagnostics).
  • Respond to your B2B inquiries if you contact MAIIA Innovation Lab directly through maiiaconcierge.ai.

We do not use guest data for behavioural advertising, profiling for sale, training of generic third-party AI models, or any purpose unrelated to delivering the service to that Hotel and its guests.

Where the GDPR or UK GDPR applies, we (and the Hotel as controller) rely on:

  • Contract. Processing necessary to provide the concierge service you have requested by interacting with the chat or app.
  • Legitimate interests. Operating, securing, and improving the service; preventing abuse; and providing the Hotel with operational analytics about its own service quality. These interests are balanced against your rights and minimised by collecting no direct identifiers.
  • Consent. Where the Hotel obtains your explicit consent for specific processing (for example, to share an allergen warning with the kitchen).
  • Legal obligation. To comply with applicable laws, court orders, or valid regulatory requests.

6. Who can see your data

6.1 The Hotel

The Hotel you are interacting with is the only customer-facing organisation with access to its guests’ conversations, preferences, and analytics. Each Hotel sees only its own property’s data, enforced by tenant isolation in our database.

6.2 We do not share data with third parties for their own purposes

We never sell guest data. We never share guest data with advertisers, data brokers, marketing networks, social media platforms, or any party that would use it for their own purposes.

6.3 Sub-processors that help us deliver the service

Like every modern AI product, MAIIA relies on a small number of sub-processors that act strictly under our instructions and only for the purpose of running the service:

  • AI model inference. Conversation messages and retrieved Hotel content are sent to OpenAI to generate the assistant’s response. OpenAI processes data on our instructions under its enterprise data-processing terms and does not use this data to train its general models.
  • Vector search. The Hotel’s approved content is indexed in Pinecone so the assistant can retrieve the right answer; query embeddings are short-lived and never sold.
  • Cloud hosting and infrastructure. Reputable European/EEA hosting and storage providers used to run the MAIIA backend, queue jobs, and store logs.
  • Translation services. A subset of message content may be translated by our internal translation pipeline (which itself runs on the AI model inference sub-processor above).

Where a Hotel chooses to deploy MAIIA against its own private AI endpoint, conversation data is routed to that endpoint instead of the default sub-processor.

6.4 Other limited disclosures

We may disclose information if strictly required by law (for example, in response to a valid court order), or to protect the rights, safety, or property of MAIIA, the Hotel, guests, or the public.

7. AI processing and anti-hallucination

The MAIIA assistant generates answers using large language models. To prevent fabricated information, every answer is grounded in the Hotel’s approved content (rooms, menus, facilities, events, points of interest) stored in our content management system. Before launch and after configuration changes, we stress-test each Hotel’s assistant with hundreds of simulated guest scenarios and report knowledge gaps to the Hotel so they can be addressed.

Conversation content is not used to train general-purpose AI models. Sub-processors that handle inference are contractually prohibited from using this data for their own model training.

8. How long we keep data

  • Active session data (chat history visible in the widget) lives in your browser’s sessionStorage and is cleared when the session expires.
  • Conversations and event logs are retained for as long as the Hotel needs them for service quality and analytics, subject to the Hotel’s own retention rules. The Hotel can request deletion at any time.
  • Operational logs (errors, rate-limit events, security signals) are retained for short periods needed to diagnose and secure the service.
  • B2B contact data (demo requests sent to MAIIA Innovation Lab) is retained for as long as needed to handle the inquiry and any resulting customer relationship.

9. Cookies and local storage

The MAIIA chat widget uses minimal browser storage to function:

  • sessionStorage — keeps your chat continuous if you reload the page; cleared when you close the tab.
  • localStorage — remembers your chosen interface language and whether you have dismissed a notification.
  • Authentication cookie (where the guest app is used) — a short-lived session token so the app can authenticate API calls.

We do not use advertising cookies, social media tracking pixels, or any cross-site tracking technology.

10. Your rights

Depending on your location (notably, the EU/EEA, UK, California, and other jurisdictions with comparable laws), you have the following rights over your personal data:

  • Access — ask what data we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Deletion — ask us to delete your data.
  • Restriction — ask us to limit how we use your data.
  • Portability — receive a copy of your data in a machine-readable format.
  • Objection — object to processing based on legitimate interests.
  • Withdraw consent — where we rely on consent, you can withdraw it at any time.
  • Lodge a complaint — with your local data protection authority.

Because the Hotel is the controller of guest data on its property, requests about that data are typically handled by the Hotel directly. You can also contact us at office@maiiaconcierge.ai and we will route your request to the right Hotel and assist with the technical side of fulfilling it.

11. Children’s privacy

MAIIA is designed for adult hotel guests and hotel staff. We do not knowingly collect personal data from children under the age relevant in their jurisdiction (16 in the EU, 13 in the United States). If you believe a child has interacted with MAIIA in a way that captured personal data, contact us at office@maiiaconcierge.ai and we will delete it.

12. Security

We protect data with: encrypted transport (HTTPS/TLS for all API calls), strong authentication (short-lived JWT tokens, scoped API keys for hotel partners), per-tenant data isolation, rate limiting against abuse, and standard infrastructure security practices (least-privilege access, audit logging, restricted admin access). No system is perfectly secure; if we ever become aware of a breach affecting your data, we will notify the affected Hotel(s) and, where required by law, the relevant authorities and individuals.

13. International data transfers

MAIIA primarily processes data in the European Economic Area. Where data is transferred to a sub-processor outside the EEA (for example, AI model inference), the transfer is protected either by an adequacy decision, by Standard Contractual Clauses approved by the European Commission, or by another lawful transfer mechanism.

14. Changes to this policy

We may update this policy as the service evolves or as the law changes. The “Last updated” date at the top of the page reflects the most recent version. Material changes will be announced through the MAIIA assistant, on maiiaconcierge.ai, or directly to Hotel administrators.

15. Contact us

If you have any questions, requests, or concerns about this policy or how your data is handled, please write to:

MAIIA Innovation Lab
Email: office@maiiaconcierge.ai
Web: maiiaconcierge.ai

Book a demo

Tell us about your property and we will follow up to schedule a personalized walkthrough.