Data Processing Agreement

The contractual framework.

When a hotel entrusts Hotilla with operational data, that relationship is governed by a Data Processing Agreement, a contractual layer that defines responsibilities, commitments, and rights for both sides. This page outlines the framework; the full document is available on request.

Last updated May 2026
Frameworks GDPR · APP 1988
Contact security@hotilla.com
01 / Scope

What this covers.

The DPA sits between Hotilla as the data processor and the hotel as the data controller. It governs how operational data is processed, who is accountable for what, and the terms under which the relationship can be reviewed or terminated.

Data controller
The hotel property determines the purposes and means of processing the operational data it shares with Hotilla. The controller retains ownership of all data and decides what is shared.
Data processor
Hotilla processes the data strictly on the instructions of the controller and only for the purposes defined in the agreement, namely the delivery of recovery cost intelligence.
Types of data covered
Duty log entries, departmental operational records, derived analytical outputs, and the metadata necessary to operate the dashboard. No PMS data, no CRM data, no payment data are processed under this agreement.
Duration
The DPA remains in effect for the duration of the service contract. Data deletion, return, or migration obligations apply at the end of the contract, typically within 30 days, fully confirmed in writing.
02 / Key Commitments

What Hotilla commits to. Concretely.

These commitments form the backbone of the DPA. They are written to be specific, verifiable, and consistent with GDPR and Australian Privacy Principles standards.

01

Process only on documented instructions

Hotilla processes customer data exclusively according to the controller's instructions and within the scope agreed at onboarding. No exploratory analysis on customer data without consent.

02

Confidentiality of personnel

Anyone with access to customer data (currently the founder) is bound by confidentiality obligations that survive the end of the contract. Internal access is logged and reviewed.

03

Sub-processor transparency

All sub-processors used by Hotilla are disclosed in the DPA. Customers are notified before any change to the sub-processor list and have the right to object within 30 days.

04

Data residency commitment

For APAC customers, application data is processed and stored within Australian region nodes. Specific residency requirements can be formalised at contract signature.

05

Breach notification within 24 hours

In the event of a personal data breach affecting the customer, Hotilla notifies the controller within 24 hours of confirmation, with scope, suspected cause, and immediate mitigation actions taken.

06

Right to audit

Customers retain the right to audit Hotilla's compliance with the DPA terms (directly or through an authorised third party) at reasonable intervals, with sufficient notice.

07

Data return and deletion

At the end of the contract, all customer data is either returned in a structured format or deleted from production and backup systems within 30 days, confirmed in writing.

08

Assistance with data subject rights

Hotilla provides reasonable assistance to controllers when responding to data subject requests (access, rectification, deletion, portability) within statutory timelines.

03 / Sub-processors

Who we work with.

Hotilla operates with a deliberately narrow set of sub-processors. Each one is selected for its security posture and bound by contractual obligations consistent with the DPA. The list below is current as of the last update date.

Netlify
Application hosting & edge delivery
SOC 2 Type II certified. Edge nodes globally distributed; application data routed through APAC-region nodes for hospitality customers.
Anthropic
AI inference for data classification
Used selectively to assist in incident classification when explicitly enabled by the customer. No customer data is used for model training. Zero data retention configuration available on request.
Google Workspace
Business email infrastructure
Used for customer-facing email communications (hello@hotilla.com, security@hotilla.com). No operational hotel data is transmitted via email under normal operations.
04 / Regulatory Frameworks

The legal foundations.

Hotilla's DPA is structured to align with the two regulatory frameworks most relevant to its APAC and EU customer base. Specific clauses can be adapted at signature to match additional jurisdictional requirements.

GDPR

EU General Data Protection Regulation

Article 28 obligations on processors fully reflected: documented instructions, confidentiality, security measures, sub-processor management, assistance with data subject rights, breach notification, deletion and return, audit rights.

Privacy Act 1988

Australian Privacy Principles (APP)

Alignment with the 13 Australian Privacy Principles, including collection limitation, use and disclosure, data quality, security, openness, access and correction, and cross-border disclosure standards.

Request the full document

Reviewing Hotilla for your property?

The full DPA document is available on request, ahead of any contract signature. It includes the complete clauses, sub-processor schedule, technical security measures, and jurisdictional appendix. Reach out and we'll send it through.

Request the full DPA
Response within two business days