Privacy Policy

What we collect. What we don't.

Hotilla processes operational hotel data on behalf of our customers. This policy explains what personal information we collect from visitors and customers, how we use it, who we share it with (almost no one), and how you can exercise your rights.

Effective date May 2026
Frameworks GDPR · APP 1988
Contact privacy@hotilla.com
01 / Who we are

The data controller.

Hotilla is operated by Maxyme Tuffery, founder, based in Sydney, Australia. Entity structure is being formalised as a French SAS with operations in Australia. For any privacy-related question, you can reach us at the contact below.

Operator
Maxyme Tuffery, founder of Hotilla.
Location
Sydney, Australia. Entity registration in progress (French SAS).
Contact for privacy
privacy@hotilla.com
Two distinct roles
For website visitors, Hotilla is the data controller. For hotel customer data processed through the dashboard, Hotilla is the data processor and the customer hotel is the controller. The terms of that processor relationship are defined in our Data Processing Agreement.
02 / What we collect

Three things. Nothing more.

Hotilla is designed around data minimisation. We collect only what is strictly necessary to operate the website, respond to inquiries, and deliver the dashboard service to our customers.

Contact information
When you reach out to us through email or contact forms, we collect your name, email, hotel name, and message content. We use this only to respond to you and to follow up if relevant. We do not use it for marketing or share it with third parties.
Technical information
When you visit hotilla.com, our hosting provider (Netlify) automatically logs technical data such as IP address, browser type, referring page, and timestamp. This is standard web traffic data used to operate the site and protect against abuse. No advertising or behavioural trackers are deployed.
Customer dashboard data
For customers using the Hotilla dashboard, we process operational hotel data: duty log entries, departmental records, and derived analytical outputs. Guest names are anonymised at ingestion. No PMS, CRM, or payment data is processed. Full details are in the Data Processing Agreement.
What we do not collect
No advertising cookies. No third-party trackers. No behavioural analytics on visitors. No social media pixels. No financial information. No special category data (health, religion, political opinions, etc.).
03 / How we use it

Strict purpose limitation.

Each type of data is processed for a single, well-defined purpose. We do not repurpose data for marketing, training, or analytics beyond what is explicitly disclosed below.

Responding to inquiries
If you contact us, we use your information to respond and to coordinate any follow-up you may want. Legal basis: legitimate interest (GDPR Article 6(1)(f)) or consent where applicable.
Operating the website
Technical data is used to deliver pages, protect the site against abuse, and improve performance. Legal basis: legitimate interest.
Delivering the service
Customer data is used solely to produce the recovery cost intelligence dashboard that the customer has subscribed to. Legal basis: contract performance (GDPR Article 6(1)(b)).
No automated decision-making
Hotilla does not make automated decisions that produce legal or similarly significant effects concerning individuals. All outputs are insights presented to hotel decision-makers, not automated actions.
04 / Who we share with

A short, deliberate list.

Hotilla shares personal data only with a narrow set of sub-processors selected for their security posture and bound by contractual obligations. We do not sell, rent, or trade personal data to third parties under any circumstance.

Netlify
Application hosting and edge delivery. SOC 2 Type II certified. Data routed through APAC region nodes for hospitality customers.
Anthropic
AI inference for incident classification (when explicitly enabled by the customer). No customer data is used for model training. Zero data retention configuration available on request.
Google Workspace
Business email infrastructure for customer-facing communications.
Legal disclosures
We may disclose personal information if required by applicable law, court order, or government authority. We will resist disclosures we consider overbroad or improper.
05 / Your rights

What you can ask us to do.

Under GDPR (for EU/EEA residents) and the Australian Privacy Principles, you have specific rights regarding your personal information. We honour these rights regardless of your location and respond within statutory timelines.

Right 01

Access

Request a copy of the personal information we hold about you and confirmation that we are processing it.

Right 02

Rectification

Request that we correct any inaccurate or incomplete personal information we hold about you.

Right 03

Erasure

Request deletion of your personal information, subject to limited exceptions (for example, legal obligations).

Right 04

Restriction

Ask us to limit the processing of your personal information in specific circumstances.

Right 05

Portability

Receive your personal information in a structured, commonly used, machine-readable format.

Right 06

Objection

Object to processing based on legitimate interests, including any related profiling.

Right 07

Withdraw consent

Where processing relies on consent, you can withdraw it at any time without affecting prior lawful processing.

Right 08

Lodge a complaint

Lodge a complaint with a supervisory authority. In Australia: OAIC. In France: CNIL. In other jurisdictions: your local data protection authority.

06 / Retention

How long we keep it.

We retain personal information only as long as necessary for the purposes for which it was collected, or as required by applicable law. Specific retention windows are documented below.

Contact and inquiry data
Retained for up to 24 months after our last meaningful interaction, then deleted or anonymised. Sales-related correspondence may be retained for legal record-keeping obligations.
Technical access logs
Web server logs are retained for up to 90 days for security and operational purposes.
Customer dashboard data
Retained for the duration of the service contract. Upon contract termination, data is returned or deleted within 30 days, in accordance with the Data Processing Agreement.
Backups
Encrypted backup snapshots are retained for 30 days after the active record is deleted, after which they are also permanently removed.
07 / International transfers

When data crosses borders.

Hotilla operates between Australia and Europe. Some of our sub-processors operate globally. When personal data is transferred internationally, we rely on appropriate safeguards as required by applicable law.

EU to non-EEA
Transfers outside the EEA are governed by Standard Contractual Clauses or other valid transfer mechanisms under GDPR.
Australia to overseas
Cross-border disclosures are made in accordance with Australian Privacy Principle 8, ensuring receiving parties handle data consistently with the APPs.
Data residency on request
Where customers have specific data residency requirements, we can formalise commitments in the contractual documentation at signature.
08 / Changes to this policy

When this document evolves.

As Hotilla grows, we may update this policy. We will always indicate the effective date at the top of the document and, where changes are significant, notify customers and relevant contacts directly.

Material changes
For changes that affect how we collect or use personal data in a meaningful way, we will notify customers via email or dashboard notice at least 30 days before they take effect.
Version history
Previous versions of this policy are available on request from privacy@hotilla.com.
Privacy inquiries

Questions about your data?

For any privacy-related question (access, deletion, complaint, or just curiosity about how we operate), write to us directly. We respond within two business days.

privacy@hotilla.com