Privacy Policy | InnDojo

1. Introduction

Welcome to InnDojo ("Company," "we," "our," "us"). InnDojo Inc. is committed to protecting your privacy and ensuring you understand how we collect, use, disclose, and safeguard your information.

This Privacy Policy applies when you:

Visit our website at www.inndojo.com
Use our hospitality revenue management platform and services
Interact with us through email, phone, or other communications
Are a guest or contact of one of our hotel/venue customers

By using our services, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use immediately.

Important: InnDojo serves as both a data controller (for our direct customers) and a data processor (for our customers' guest data). See Section 9 for details on these roles.

2. Information We Collect

2.1 Information You Provide Directly

Account Information: Name, email address, phone number, company name, job title
Billing Information: Payment card details, billing address (processed via Stripe)
Communications: Messages, support requests, feedback you send us
User Content: Data you upload or input into the platform (contacts, notes, files)

2.2 Information Collected Automatically

Device Information: IP address, browser type, operating system, device identifiers
Usage Data: Pages viewed, features used, time spent, clickstream data
Location Data: Approximate location based on IP address
Log Data: Server logs, error reports, access times

2.3 Information from Third Parties

Integration Partners: Data from connected services (property management systems, Google, etc.)
Analytics Providers: Aggregated usage insights
Payment Processors: Transaction confirmations from Stripe

3. How We Use Your Information

We use collected information for the following purposes:

Purpose	Legal Basis (GDPR)
Provide and maintain our Services	Contract performance
Process payments and manage subscriptions	Contract performance
Send transactional communications (receipts, alerts)	Contract performance
Provide customer support	Contract performance / Legitimate interest
Improve and personalize the Services	Legitimate interest
Send marketing communications	Consent / Legitimate interest
Ensure platform security and prevent fraud	Legitimate interest / Legal obligation
Comply with legal obligations	Legal obligation
Analyze usage and generate insights	Legitimate interest

4. Cookies and Tracking Technologies

We use cookies and similar technologies to:

Remember your preferences and login status
Analyze website traffic and usage patterns
Personalize content and advertisements
Improve site performance

4.1 Types of Cookies We Use

Essential Cookies: Required for basic site functionality
Analytics Cookies: Help us understand how visitors use our site
Functional Cookies: Remember your preferences
Marketing Cookies: Used for targeted advertising

4.2 Third-Party Services

Google Analytics: Website usage analysis (Privacy Policy)
GoHighLevel/LeadConnector: CRM and marketing automation
Stripe: Payment processing (Privacy Policy)

4.3 Managing Cookies

You can manage cookies through your browser settings. Note that disabling cookies may affect site functionality. For EU visitors, we provide a cookie consent banner.

5. Sharing and Disclosure of Information

We may share your information with:

5.1 Service Providers

Trusted third parties who assist with:

Cloud hosting and infrastructure (AWS, Cloudflare)
Payment processing (Stripe)
Email and SMS delivery
Customer support tools
Analytics services

These providers are contractually obligated to protect your data and use it only for specified purposes.

5.2 Legal and Compliance

We may disclose information when:

Required by law, regulation, or court order
Necessary to protect our rights, property, or safety
Needed to investigate potential violations of our Terms

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such change.

We do not sell your personal information. We have never sold personal information and have no plans to do so.

6. Data Retention

We retain your information only as long as necessary to:

Fulfill the purposes outlined in this policy
Comply with legal obligations (e.g., tax records)
Resolve disputes and enforce agreements

Typical retention periods:

Account data: Duration of account plus 30 days after deletion
Billing records: 7 years (legal requirement)
Usage logs: 12 months
Marketing data: Until consent is withdrawn

7. Data Security

We implement industry-standard security measures including:

Encryption of data in transit (TLS/SSL) and at rest
Access controls and authentication requirements
Regular security assessments and monitoring
Employee training on data protection
Incident response procedures

While we strive to protect your information, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

8. International Data Transfers

InnDojo is based in the United States. If you are accessing our Services from outside the US, your information will be transferred to and processed in the United States.

For transfers from the European Economic Area (EEA), UK, or Switzerland, we rely on:

Standard Contractual Clauses approved by the European Commission
Adequacy decisions where applicable
Your explicit consent where appropriate

9. Data Controller vs. Data Processor

9.1 When We Are the Data Controller

We are the data controller for:

Our direct customers' account and billing information
Website visitors' data
Marketing and sales lead data

9.2 When We Are the Data Processor

We act as a data processor when our hotel/venue customers use our platform to manage their guest data. In this case:

Our customer is the data controller
We process data only according to their instructions
Guest privacy inquiries should be directed to the respective hotel/venue

We offer Data Processing Agreements (DPAs) to customers upon request.

10. Your Privacy Rights

10.1 Rights for All Users

Regardless of location, you may:

Access the personal information we hold about you
Correct inaccurate information
Request deletion of your data
Opt out of marketing communications

10.2 California Residents (CCPA/CPRA Rights)

If you are a California resident, you have the right to:

Know: What personal information we collect and how it's used
Delete: Request deletion of your personal information
Correct: Request correction of inaccurate information
Opt-Out of Sale/Sharing: We do not sell personal information
Non-Discrimination: We will not discriminate against you for exercising your rights
Limit Use of Sensitive Information: Request limits on how we use sensitive data

Categories of Personal Information Collected: Identifiers, commercial information, Internet activity, geolocation data, professional information, and inferences.

To Exercise Your Rights: Email [email protected] or call 1-888-XXX-XXXX. We will verify your identity and respond within 45 days.

You may designate an authorized agent to make requests on your behalf.

10.3 European Economic Area, UK & Switzerland (GDPR Rights)

If you are in the EEA, UK, or Switzerland, you have the right to:

Access: Obtain a copy of your personal data
Rectification: Correct inaccurate or incomplete data
Erasure: Request deletion ("right to be forgotten")
Restriction: Limit how we process your data
Portability: Receive your data in a portable format
Object: Object to processing based on legitimate interests
Withdraw Consent: Withdraw previously given consent at any time
Lodge a Complaint: File a complaint with your local supervisory authority

To Exercise Your Rights: Email [email protected]. We will respond within 30 days.

Supervisory Authority: You have the right to lodge a complaint with your local data protection authority. A list of EU authorities is available at edpb.europa.eu.

11. Children's Privacy

Our Services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected data from a child, we will delete it promptly. If you believe a child has provided us with personal information, please contact us at [email protected].

12. Do Not Track Signals

Some browsers include "Do Not Track" (DNT) signals. Currently, there is no industry standard for DNT. Our website does not currently respond to DNT signals, but you can manage tracking through cookie settings.

13. Third-Party Links

Our Services may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing personal information.

14. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Changes will be posted on this page with a new "Last Updated" date. For material changes, we will provide notice via email or prominent website notification.

Your continued use of the Services after changes are posted constitutes acceptance of the revised policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

InnDojo Inc.
Email: [email protected]
Website: www.inndojo.com

For data protection inquiries in the EU:
Email: [email protected]