Global Privacy Policy
This Privacy Policy explains how Host Logic ("Host Logic", "we", "us", "our") collects, uses, stores, and protects personal data across all jurisdictions in which we operate, including the European Union, the United Kingdom, and the United States.
This Policy is designed to comply with:
- Regulation (EU) 2016/679 (GDPR)
- UK General Data Protection Regulation (UK GDPR)
- California Consumer Privacy Act, as amended by the California Privacy Rights Act (CCPA/CPRA)
- Applicable US state-level privacy laws
1. Data Controller / Business Information
Data Controller / Business:
HOST LOGIC LIMITED
Venture Hub, 136 Capel Street, Dublin, D01 T2C9, Ireland
CRO No. 809382
Contact email: [email protected]
Website: https://hostlogic.io
For UK users, Host Logic acts as a data controller under UK GDPR.
For US users, Host Logic acts as a "Business" under CCPA/CPRA.
2. Categories of Personal Data Collected
2.1 Identifiers
- Name
- Email address
- Company name
- Account identifiers
- IP address (where applicable)
2.2 Commercial and Usage Information
- Subscription and service usage data
- Interaction logs
- Automation and workflow metadata
2.3 Customer-Provided Content
Personal data uploaded or transmitted by customers through the platform, including:
- Guest first name
- Communication metadata
- AI-generated responses
Host Logic does not knowingly collect or process sensitive personal data unless explicitly required for service delivery and contractually agreed.
3. Purposes of Processing
Personal data is processed for the following purposes:
- Provision and operation of Host Logic SaaS services
- Execution of automated and AI-powered workflows
- Customer and guest communication automation
- Analytics, service improvement, and performance optimisation
- Security, fraud prevention, and compliance
- Billing, authentication, and account management
4. Legal Bases (EU & UK)
For users in the EU and UK, processing is based on:
- Performance of a contract
- Compliance with legal obligations
- Legitimate interests (platform security, reliability, analytics)
- Consent, where required
5. US Privacy Rights (CCPA / CPRA)
For California residents, the following categories of personal data may be collected:
- Identifiers
- Internet activity information
- Professional or employment-related information
5.1 Sale or Sharing of Personal Data
Host Logic:
- Does not sell personal data
- Does not share personal data for cross-context behavioural advertising
5.2 Consumer Rights (California)
California residents have the right to:
- Know what personal data is collected
- Request access to their data
- Request deletion
- Request correction
- Opt out of sale or sharing (where applicable)
- Limit use of sensitive personal information (if applicable)
- Not be discriminated against for exercising privacy rights
Requests may be submitted to: [email protected]
6. Automated Processing and Artificial Intelligence
Host Logic uses automated processing and AI-assisted features, including:
- Automated communication generation
- Workflow decision support
- Categorisation and prioritisation
Host Logic does not perform solely automated decision-making with legal or similarly significant effects on individuals.
7. Google User Data
Where users authorise Host Logic to connect their Google account, the following applies in addition to this Policy. Host Logic's use of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements.
7.1 Data Accessed
Depending on the features enabled, Host Logic may access:
- Gmail (
gmail.modify,gmail.send): email subject lines, sender addresses, and body content of messages in the user's inbox.gmail.modifyis used solely to (1) mark processed reservation emails as read so they are not re-processed on subsequent polling cycles, and (2) apply aHostLogic-Processedlabel to handled emails, giving property managers a visible audit trail in their own inbox. No emails are moved to trash or permanently deleted.gmail.sendis used exclusively to dispatch automated guest reply messages from the user's own address. - Google Sign-In (
openid,email,profile): name and email address, used solely for account authentication.
7.2 Data Usage
- Gmail data is processed in real time to classify incoming messages as booking-related, extract reservation details (dates, guest names, property references), and generate automated responses. Gmail content is never used for advertising or sold to third parties.
- Profile data (name, email) is used to create and authenticate the user's Host Logic account.
7.3 Data Sharing
Google user data is not sold, rented, or shared with third parties for advertising purposes. Data may be processed by the following sub-processors solely to deliver the service:
- OpenAI — for AI-based email classification and response generation (Gmail content only; no user identity is passed)
- Amazon Web Services — for encrypted storage and processing infrastructure
All sub-processors are bound by data processing agreements consistent with GDPR.
7.4 Data Storage & Protection
- All Google user data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
- Access is restricted to authenticated service accounts with the minimum required permissions.
- Raw Gmail message bodies are not stored beyond the processing window required to generate a response (typically under 60 seconds). Only extracted structured data (reservation details) is persisted.
7.5 Data Retention & Deletion
- Extracted reservation data is retained for the duration of the user's active account.
- Upon account deletion or revocation of Google permissions, all associated Google user data and derived records are permanently deleted within 30 days.
- Users may request deletion at any time by emailing [email protected] or through the account settings page.
8. Account Deletion & Data Retention
Personal data is retained only as long as necessary for service provision, legal compliance, and contractual obligations.
Account holders can permanently delete their account at any time from the account settings page (Profile → Delete account), or by emailing [email protected]. When an account is deleted, Host Logic automatically:
- immediately cancels all active paid subscriptions, so no further billing occurs;
- permanently deletes all properties, units, knowledge-base content, uploaded media, and the data the AI assistants derive from them (including the operational knowledge store);
- anonymises the account's personal data — name, email address, phone number, login identifiers (Google / Facebook / Microsoft), authentication credentials, two-factor secrets, marketing-attribution data and IP addresses are erased or replaced with non-identifying placeholders;
- deletes connected mailbox access tokens (e.g. Gmail / Outlook OAuth credentials) and anonymises team-member contact details;
- anonymises and removes any login-enabled team-member sub-accounts belonging to the account.
After anonymisation, only records that no longer identify the individual are retained, and only where legally required: financial and billing records (including the payment-provider customer reference) for accounting and tax obligations, and a minimal anonymised audit-trail entry confirming that the erasure took place. These retained records contain no personal data. Google user data and any records derived from it are permanently deleted within 30 days of account deletion or revocation of Google permissions.
Retention periods may otherwise vary by data type and jurisdiction.
9. Data Sharing and Processors
Host Logic may share personal data with trusted service providers, including:
- Cloud hosting providers
- Automation and workflow platforms
- Authentication and payment services
- Messaging and email providers
All processors operate under contractual data protection obligations. A full list of sub-processors is available at hostlogic.io/trust/subprocessors.
10. International Data Transfers
Personal data may be transferred outside the EU/UK/US. Safeguards include:
- EU Standard Contractual Clauses (SCCs)
- UK International Data Transfer Agreements (IDTA)
- Equivalent legal mechanisms
11. Data Security
Host Logic applies appropriate technical and organisational measures, including:
- Encrypted data transmission (TLS 1.2+)
- Encryption at rest (AES-256)
- Access controls and authentication
- Environment separation (development, staging, production)
- Monitoring and audit logging
12. Data Subject Rights (EU & UK)
Individuals have the right to:
- Access their data
- Correct inaccurate data
- Request deletion ("right to be forgotten")
- Restrict or object to processing
- Data portability
- Withdraw consent at any time
- Lodge a complaint with a supervisory authority
The right to erasure can be exercised directly and immediately from the account settings page (Profile → Delete account), which triggers the automated deletion and anonymisation process described in Section 8. To exercise any of these rights, you may also contact us at [email protected].
13. Children's Data
Host Logic services are not directed at children under 16 (EU/UK) or under 13 (US). We do not knowingly collect children's personal data.
14. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be published on our website or communicated within the platform.
15. Contact
For privacy-related enquiries or rights requests:
HOST LOGIC LIMITED
Venture Hub, 136 Capel Street, Dublin, D01 T2C9, Ireland
CRO No. 809382
[email protected]