Privacy Policy
Effective date: July 11, 2026 Last updated: July 11, 2026
Kinora ("Kinora," "we," "us," or "our") operates the website at kinorahq.com and provides a software-as-a-service platform that enables independent and boutique hotels ("Hotels") to create branded guest-facing pages, including an AI-powered concierge feature called Clef. This Privacy Policy explains what information we collect, how we use it, and the choices available to you.
This Privacy Policy applies to:
- Hotels and their authorized users who subscribe to Kinora
- Guests of subscribing Hotels who interact with a Kinora-hosted page or with Clef
- Visitors to kinorahq.com
Jurisdictional note. Kinora is currently offered to Hotels located outside the State of California and the European Union / United Kingdom. If you are a California, EU, or UK resident or a business located in those jurisdictions, Kinora is not currently available to you, and we ask that you do not submit personal information through our service. We will expand availability to those jurisdictions in the future with additional privacy notices specific to them.
1. Information we collect
1.1 Information Hotels provide to us
When a Hotel subscribes to Kinora, we collect:
- Hotel name, location, website URL, and contact email
- Name and email of the Hotel's authorized user(s)
- Payment information (processed by Stripe — we do not store full payment card numbers)
- Content the Hotel adds to its Kinora page: links, images, taglines, and configuration
- Hotel website content automatically retrieved by our crawler approximately every 24 hours
- Hotel-configured preferences for Clef (tone, forwarding email, etc.)
1.2 Information we collect from Guests who use a Kinora page
When a guest visits a Hotel's Kinora page or interacts with Clef, we may collect:
- IP address, browser type, device type, and general location (country/region)
- Pages viewed, links clicked, and time spent
- UTM parameters and referral source
- If the guest chats with Clef: the conversation content
- If the guest asks Clef to forward a request to the Hotel: name and one contact method (email or phone number) that the guest voluntarily provides
Clef is instructed not to collect, and we do not knowingly store: payment card details, passport or government ID numbers, health or medical information, date of birth, or Social Security numbers. If a guest volunteers any of these, Clef is instructed not to acknowledge or repeat them and we will remove such content from logs upon discovery or request.
1.3 Information we collect automatically from website visitors
When you visit kinorahq.com, we automatically collect standard server logs (IP address, user agent, referring URL, pages accessed) and analytics data via standard cookies.
2. How we use information
We use the information we collect to:
(a) Provide, maintain, and improve the Kinora service, including generating Clef responses using the content of the Hotel's website (b) Process payments and manage subscriptions (c) Send service-related communications (account notifications, service updates, security alerts) (d) Forward guest requests from Clef conversations to the relevant Hotel (e) Monitor, analyze, and troubleshoot the service, including reviewing flagged Clef conversations to improve guardrails (f) Comply with legal obligations and enforce our Terms of Service (g) Prevent fraud, abuse, and security incidents
We do not use guest personal data or Hotel content to train AI models, sell to data brokers, or send marketing messages to guests.
3. How information is shared
3.1 Service providers (sub-processors)
We share information with trusted third-party service providers who process data on our behalf under contractual confidentiality obligations. Our current sub-processors are:
| Provider | Purpose | Data processed | |---|---|---| | Anthropic, PBC | AI inference for Clef | Conversation content + crawled website content | | Supabase Inc. | Database hosting | All stored data | | Vercel Inc. | Web hosting and cron | Server logs, request data | | Stripe Inc. | Payment processing | Hotel billing information | | Resend Inc. | Email delivery | Email addresses for magic links and notifications | | Google LLC | Places API (Google reviews) | Hotel identifier, retrieved reviews | | Cloudflare Inc. | CDN / edge hosting for landing page | Visitor IP, request metadata |
This list may be updated as our infrastructure evolves. Current list is always available at kinorahq.com/subprocessors.
3.2 Between Hotel and Kinora
The Hotel has access to guest conversation logs, analytics, and any contact details a guest voluntarily shared through Clef. Hotels are responsible for handling this data in accordance with their own privacy practices and applicable law.
3.3 Legal requirements
We may disclose information if required by law, court order, or valid legal process, or to protect the rights, property, or safety of Kinora, our users, or others.
3.4 Business transfers
If Kinora is involved in a merger, acquisition, or sale of assets, information may be transferred as part of that transaction. We will provide notice before any such transfer.
We do not sell personal information to third parties.
4. Your choices and rights
4.1 Hotels
Hotels can update account information, modify their Kinora page, change Clef configuration, and request deletion of their account at any time via the dashboard or by emailing partner@kinorahq.com.
4.2 Guests
Guests who have interacted with a Hotel's Kinora page or Clef can:
- Request a copy of their conversation history
- Request correction of inaccurate data
- Request deletion of their data
To exercise any of these rights, contact the Hotel directly or email partner@kinorahq.com with the request, the Hotel name, and your email address or name as it appeared in the conversation. We will respond within 30 days.
4.3 Do Not Track
Kinora does not respond to Do Not Track signals, as there is no common industry standard for how to interpret them.
5. Data retention
We retain personal information only as long as we have a clear business reason to do so, then delete it automatically. Our retention windows:
- Hotel account data: retained while the account is active, plus 90 days after cancellation for billing reconciliation
- Guest conversation logs (Clef chat): retained for 30 days from the date of the last message, then automatically deleted nightly
- Flagged conversations (those involving safety concerns, abuse, or complaints requiring investigation): retained for 12 months
- Analytics events (page views, link clicks, UTM data): retained for 90 days
- Server logs (IP addresses, request metadata): retained for 30 days
Hotels or guests may request earlier deletion at any time (see Section 4). All retention windows are enforced by automated nightly deletion jobs.
6. Security
We implement industry-standard security measures to protect information, including encryption of data in transit (TLS), encryption at rest for sensitive fields, access controls, and regular security reviews of our sub-processors. No system is perfectly secure, however, and we cannot guarantee absolute security. If we become aware of a security incident affecting your data, we will notify you in accordance with applicable law.
7. Cookies and similar technologies
Kinora uses cookies and similar technologies on kinorahq.com and on Hotel Kinora pages for:
- Authentication (to keep you signed in)
- Session management
- Basic analytics (which pages are viewed)
- If the Hotel has enabled them: Meta Pixel, Google Analytics, or TikTok Pixel (UTM tracking)
You can control cookies through your browser settings. Disabling cookies may affect the functionality of the service.
8. Children's privacy
Kinora is not directed to children under 16. We do not knowingly collect personal information from children under 16. Clef is instructed to refuse substantive engagement with anyone who identifies as under 16 and to route them to ask a parent or guardian. If we learn that we have collected information from a child under 16, we will delete it promptly. If you believe a child has provided information to us, contact partner@kinorahq.com.
9. International data transfers
Kinora is currently operated from the United States and data is primarily processed in the United States. Because Kinora is currently offered only to Hotels located outside California, the EU, and the UK, we do not currently rely on Standard Contractual Clauses or equivalent transfer mechanisms. If you access Kinora from a jurisdiction with different data protection laws, by using the service you consent to the transfer and processing of information in the United States.
10. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top will reflect the most recent revision. For material changes, we will notify active Hotels by email. Continued use of the service after a change constitutes acceptance of the revised Privacy Policy.
11. Contact
Questions about this Privacy Policy or your data:
Kinora Email: partner@kinorahq.com Support: partner@kinorahq.com Website: kinorahq.com
This Privacy Policy is written for clarity and reflects our actual practices. It is not a substitute for legal advice. We recommend reviewing this policy periodically and reaching out with questions.