HotelPulseHotelPulse
Home

Privacy Policy

Last updated: April 2026

1. Data Controller

AI Automation Agency UG (haftungsbeschränkt) Querstraße 6, 14163 Berlin Email: start@aiautomationagency.de

2. Data We Process

HotelPulse processes the following data from your Apaleo account:

  • Reservation data (arrival, departure, room category, channel, revenue)
  • Financial data (revenue per room, total revenue)
  • Property data (name, city, room count)
  • Account data (email address of the connecting user)

We do not store any personal guest data (no names, email addresses, phone numbers, or addresses of hotel guests).

Apaleo OAuth permissions: Read-only access (reservations.read, folios.read, account.read, rateplans.read, reports.read). HotelPulse does not make any changes to your Apaleo data.

3. Purpose of Processing

  • Calculation of hotel KPIs (occupancy, ADR, RevPAR)
  • Display in dashboard and reports
  • AI-based insights and revenue forecasts
  • Notifications (email briefing, KPI alerts)

4. Legal Basis

Art. 6(1)(b) GDPR (performance of contract) — data processing is necessary for the provision of our analytics service.

5. Third Parties

  • Apaleo GmbH — PMS data source (OAuth 2.0 connection)
  • Stripe Inc. — Payment processing (PCI DSS Level 1 compliant)
  • Anthropic PBC — AI analysis (Claude API, aggregated KPI data only)
  • Vercel Inc. — Hosting (EU Region, SOC 2 Type 2)

6. Storage Location and Security

All data is stored in the EU. OAuth tokens are encrypted with AES-256-GCM. Sessions use signed HTTP-Only cookies.

7. Retention and Deletion

Upon cancellation, all data is deleted within 30 days. You can request immediate deletion at any time.

8. Cookies

HotelPulse uses only technically necessary cookies. No tracking, analytics, or marketing cookies are used.

  • session — Authentication (HTTP-Only, Secure, SameSite=Lax, valid for 7 days)
  • NEXT_LOCALE — Language preference DE/EN (valid for 1 year)

Since only technically necessary cookies are used, no consent is required according to § 25 para. 2 TTDSG.

9. Your Rights

You have the right to access, rectification, deletion, restriction of processing, data portability, and objection. Contact: start@aiautomationagency.de