Your data
Privacy policy
We handle messages between hosts and guests. That is sensitive data. This page explains, in plain language, what we collect, why, where it goes, and how to get it back or delete it.
What we collect
- Account data — your email, name, and tenant settings.
- Property knowledge — the house facts you paste or upload so the AI can answer questions.
- Messages — inbound guest messages and outbound replies. Stored encrypted-at-rest. Guest email addresses and phone numbers are encrypted at the column level (AES-256-GCM) with a per-column blind index for deduplication.
- AI interaction telemetry — prompt/completion token counts, model used, confidence scores, and the thumbs-up/thumbs-down feedback you provide on drafts.
- Billing data — name, email, and card-on-file token from Stripe (we never store full card numbers).
How we use it
The data above is used exclusively to: (1) route messages between you and your guests, (2) generate AI draft replies, (3) bill you, (4) improve confidence scoring with your explicit feedback, and (5) protect the service (rate-limiting, abuse detection). We do not train third-party models on your data. We do not sell your data.
Sub-processors
We rely on the following sub-processors. Each is contractually bound by our Data Processing Agreement (DPA).
- Anthropic — LLM inference for draft generation (Claude Haiku / Sonnet / Opus).
- OpenAI — text embeddings for retrieval (text-embedding-3-small).
- Mailgun — outbound transactional email and inbound email parsing.
- Stripe — payment processing and subscription billing.
- Sentry — error monitoring. PII (emails, phone numbers) is scrubbed before any event leaves our servers.
- Railway — application hosting and Postgres infrastructure (EU and US regions).
Retention
We retain messages for as long as your account is active, with the following jurisdiction-specific defaults:
- Japan — 3 years (Minpaku record- keeping requirements).
- European Union — varies by member state (typically 1–3 years under local STR regulations).
- Other jurisdictions — we keep messages for the lifetime of the account unless you request deletion.
When you request account deletion, we soft-lock immediately and perform the hard delete after a 30-day grace period so accidental deletions can be reversed.
Your rights
Under GDPR, the Japan APPI, and the California CCPA you have the right to:
- Access — download a copy of everything we hold on you at any time from Settings → Your data.
- Erasure — request full deletion of your account or a specific guest's records. The deletion cascades to all related messages and conversations.
- Portability — the export is a self-contained JSON bundle you can take elsewhere.
- Rectification — edit your tenant profile and property knowledge directly in the host console.
A signed DPA is available on request for EU customers. Contact privacy@lobbyai.com.
Contact
Data-protection questions: privacy@lobbyai.com. General support: support@lobbyai.com.
Last updated — pending legal review · version 0.1