Privacy Policy

Last updated: 27 March 2026

1. Who We Are

GuestPilot (“we”, “us”, “our”) operates the website guestpilot.net and provides a digital guest experience platform for short-term rental hosts. We are the data controller for the personal data described in this policy.

2. What Data We Collect

From Hosts (account holders):

  • Email address and name (for account creation)
  • Property details you provide (address, descriptions, photos, Wi-Fi passwords)
  • Payment information (processed securely by Stripe — we do not store card numbers)
  • Usage data (pages visited, features used)

From Guests (visitors to guest pages):

  • Questions asked to the AI concierge
  • Page views and interactions (anonymised)
  • Issue reports (if submitted voluntarily)
  • Email address (only if provided by the host for pre-arrival emails)

We do not require guests to create accounts or provide personal data to access guest pages. Guest analytics are collected anonymously.

3. How We Use Your Data

  • To provide and improve the GuestPilot service
  • To process payments and manage subscriptions
  • To send pre-arrival emails on behalf of hosts
  • To power AI concierge responses using property data
  • To generate analytics and usage reports for hosts
  • To communicate important service updates

We will never sell your data to third parties or use it for advertising purposes.

4. Third-Party Services

We use the following third-party services to operate GuestPilot:

  • Supabase — database and authentication (EU servers)
  • Vercel — website hosting
  • Stripe — payment processing
  • OpenAI — AI concierge responses
  • Google Places API — local place discovery during setup
  • Resend — email delivery

Each service has its own privacy policy. We only share the minimum data necessary for each service to function.

5. AI and Your Data

When guests ask questions via the AI concierge, their questions and your property data are sent to OpenAI to generate responses. We do not use this data to train AI models. OpenAI's API data is not used for training per their business terms. Guest questions are stored for analytics purposes and can be viewed by the host.

6. Data Storage and Security

Your data is stored securely in Supabase (EU region — Ireland). We use row-level security to ensure hosts can only access their own data. All data is transmitted over HTTPS. Passwords are hashed and never stored in plain text.

7. Data Retention

  • Account data is retained while your account is active
  • If you delete your account, all data is removed within 30 days
  • Guest interaction logs are retained for 12 months, then automatically deleted
  • Payment records are retained as required by UK tax law (6 years)

8. Your Rights (GDPR)

Under UK and EU data protection law, you have the right to:

  • Access — request a copy of your personal data
  • Rectification — correct inaccurate data
  • Erasure — request deletion of your data
  • Portability — receive your data in a machine-readable format
  • Object — object to certain processing of your data
  • Restrict — request restricted processing of your data

To exercise any of these rights, email us at privacy@guestpilot.net. We will respond within 30 days.

9. Cookies

GuestPilot uses essential cookies only — for authentication and session management. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. No cookie consent banner is needed as we only use strictly necessary cookies.

10. Children

GuestPilot is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children.

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes via email. The “last updated” date at the top of this page indicates when it was last revised.

12. Contact

For any privacy-related questions or requests, contact us at privacy@guestpilot.net.