Privacy Policy

Introduction

This Privacy Policy explains how Guidlio ("we", "us", or "our") collects, uses, stores, and processes personal data when you use the Guidlio web application and services. Guidlio is an AI-powered concierge platform for short-term rental hosts and their guests. We are committed to protecting your privacy and handling your data transparently.

Who This Policy Applies To

This policy applies to all users of the Guidlio platform, including:

• Hosts — property owners and managers who register properties and manage knowledge bases on the platform.
• Guests — travelers who access the guest experience via a QR code provided by a host, without registration.

Data We Collect

From Hosts: Email address, full name, account credentials (managed via Supabase Auth), property addresses, property knowledge base content (house rules, instructions, notes), and nearby place customizations. All host content is stored securely and used solely to power the AI concierge for their properties.

From Guests: Guests access the Service without registration. We generate an anonymous session identifier stored in the browser's local storage to manage the session per property. No personally identifiable information is collected from guests unless they voluntarily provide it in a chat conversation.

Technical data: IP address, device type, browser type, and usage data may be collected for service operation, security, and improvement purposes.

Purpose of Processing

We process personal data to: provide and operate the Guidlio platform; power the AI concierge, local guide, and day planner features; manage host accounts and property configurations; generate vector embeddings for AI search and retrieval; sync nearby place data via Google Places API; improve product functionality and performance; ensure security and prevent misuse; and comply with legal obligations.

Legal Basis

Personal data is processed in accordance with the General Data Protection Regulation (GDPR) based on contractual necessity (to provide the Service to hosts), legitimate interests (service improvement and security), legal obligations, and user consent where required.

Third-Party Services

We use the following third-party services to operate the platform:

• Supabase — authentication, database storage, and vector search.
• OpenAI — AI language model for chat and itinerary features.
• Google Gemini — vector embeddings for knowledge base search.
• Google Places API — nearby place data and photos.

We do not sell personal data. Data is shared with third parties only to the extent necessary to operate the Service.

Data Retention

Host account data and property knowledge is retained for the duration of the host's account. Guest session identifiers are stored only in the browser's local storage and are not retained on our servers. Technical and usage data is retained only as long as necessary for the stated purposes.

Your Rights

You have the right to access, correct, delete, or restrict the processing of your personal data, as well as the right to data portability and to object to certain processing activities, in accordance with applicable data protection laws. To exercise your rights, contact us at team@guidlio.com.

Data Security

We implement reasonable technical and organizational measures to protect personal data against unauthorized access, loss, misuse, or alteration. All data is transmitted over encrypted connections (HTTPS). Host authentication is managed via Supabase Auth with JWT-based session verification.

International Transfers

Personal data may be processed or stored outside of the European Union by our third-party service providers (Supabase, OpenAI, Google). Where applicable, appropriate safeguards are in place in accordance with GDPR requirements.

Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the Service or by email to registered hosts.

Contact

If you have questions about this Privacy Policy or our data protection practices, contact us at team@guidlio.com.