Privacy Policy
Last updated: 2026-05-30 · Effective: 2026-05-30
This is a placeholder template. Review with legal counsel before launch.
1. Who we are
Project404 Hospitality OS ("we", "us", "the Service") is operated by Project 404, with operations in the United States. Contact: hospitality@project404.io.
2. What we collect
We collect: (a) account information you provide (name, email, phone, company info); (b) property + guest data you input or sync via integrations (reservations, room status, housekeeping, maintenance, messages, reviews); (c) usage analytics (which pages you visit, performance metrics — never message content); (d) payment information processed by Stripe (we do not store full card numbers).
3. How we use it
We use your data to: (a) operate the Service for your business; (b) generate AI insights specific to your operation; (c) communicate with you about your account; (d) improve the Service based on aggregated, anonymized usage patterns. We do not sell your data. We do not train AI models on your customer data.
4. Sub-processors
We rely on Supabase (database + auth), Vercel (hosting), Stripe (payments), Anthropic (AI processing, opted in per query), Resend (transactional email). Each has their own privacy policy.
5. Your rights
You can: (a) export all your data via Settings → Account → Export; (b) delete your account and all associated data within 30 days; (c) ask us to correct anything inaccurate. Email hospitality@project404.io.
6. Security
Data is encrypted at rest (AES-256) and in transit (TLS 1.3). Database access is restricted via row-level security per company. Payment data flows through Stripe's PCI-compliant infrastructure.
7. Updates
We will notify you of material changes via email at least 30 days before they take effect.