Last updated: June 2026

Privacy Policy

mystayflow.ai — Effective June 2026

1. Who This Policy Applies To

  • Hotel guests who make a booking, receive an email, or use the AI chatbot on a Stayflow-powered website
  • Hotel owners who register for and use the Stayflow owner dashboard
  • Visitors to mystayflow.ai

2. Data We Collect

Hotel Guests

When a guest makes a booking or uses the chatbot, we collect:

  • Full name and contact details (email address, phone number)
  • Booking information (dates, room type, amount paid, payment status, discount codes used)
  • Chat messages exchanged with the AI guest assistant
  • Source of booking
  • Nationality (where voluntarily provided)

We do not collect or store payment card details. All payments are processed by Stripe Inc. under its own Privacy Policy.

Hotel Owners

  • Name and email address
  • Property details (name, address, room information, pricing)
  • Login credentials (password stored encrypted, never readable)
  • Dashboard usage data

3. How We Use Your Data

  • To process and confirm hotel bookings
  • To send booking confirmation and post-stay email sequences
  • To generate personalised discount codes for returning guests
  • To enable AI-powered guest communication via chatbot (powered by Anthropic Claude)
  • To provide hotel owners with a guest CRM and dashboard
  • To generate anonymised monthly performance reports
  • To track advertising conversions where Stayflow Ads is active
  • To comply with legal obligations

We do not sell or share personal data for third-party marketing.

4. AI Processing Disclosure

Guest chat messages are processed by Anthropic PBC's Claude AI to generate responses. Anthropic does not retain message content beyond processing individual requests. Guests interacting with the chatbot are communicating with an AI assistant on behalf of the hotel, not a human.

5. Legal Basis for Processing

  • Contract performance: to fulfil a booking
  • Legitimate interests: to operate and improve the platform
  • Consent: for marketing emails (opt out any time via unsubscribe link)
  • Legal obligation: where required by law

6. Data Sharing

We share data only with:

  • The hotel owner whose property the guest booked with
  • Supabase Inc. — database hosting (EU West, Ireland)
  • Vercel Inc. — platform hosting (EU, Frankfurt)
  • Resend Inc. — email delivery (EU region)
  • Anthropic PBC — AI processing (not retained)
  • Stripe Inc. — payments (independent controller)
  • Google LLC — ad conversion tracking where Stayflow Ads is active

7. Data Retention

Guest booking data is retained for 12 months after the booking date. Hotel owners may request earlier deletion via their dashboard or by emailing [email protected].

8. Your Rights Under GDPR

You have the right to:

  • Access your data
  • Correct inaccuracies
  • Request deletion
  • Restrict processing
  • Data portability
  • Object to processing
  • Withdraw consent
  • Opt out of marketing emails

Contact [email protected]. We will respond within 30 days.

You may also complain to the Information and Data Protection Commissioner (IDPC) at idpc.org.mt.

9. Cookies

We use strictly necessary cookies only. No advertising or tracking cookies are set. No consent banner is required. See our Cookie Policy for full details.

10. Contact

Liam Micallef trading as Stayflow

[email protected]