Privacy Policy

Last updated: 26 March 2026

GuestButler B.V. ("GuestButler", "we", "us", or "our") is committed to protecting the personal data of everyone who interacts with our services. This Privacy Policy explains what personal data we collect, for what purposes, on what legal grounds, and what rights you have.

GuestButler B.V. is registered in the Netherlands and acts as data controller for the processing activities described in this Privacy Policy, unless stated otherwise.

1. Scope of this Privacy Policy

This Privacy Policy applies when GuestButler processes personal data as a data controller, including when you:

  • visit or interact with our website (guestbutler.ai);
  • contact us for a demo, trial, or commercial inquiry;
  • subscribe to or use the GuestButler platform as a customer (hotel, vacation park, property manager, or other hospitality operator);
  • attend a GuestButler event, webinar, or online session;
  • interact with our marketing communications.

This Privacy Policy does not apply to GuestButler's processing of personal data on behalf of our hospitality customers. When GuestButler processes guest data (e.g. via WhatsApp) on behalf of a hotel or property, GuestButler acts as a data processor and the hospitality operator acts as data controller. Guests of hospitality businesses should contact that business directly for information about how their data is handled.

2. Personal Data We Collect and Why

2.1 Website visitors

When you visit our website, we automatically process the following data to provide a functioning website and improve user experience:

  • IP address, browser type, operating system, and device type;
  • pages visited, referral URLs, and session duration;
  • location data (country/region level).
Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) — to maintain and improve our website.

2.2 Contact and demo requests

When you reach out to us via our website, email, WhatsApp, or any other channel, we process:

  • name and job title;
  • business email address and phone number;
  • company name and property type;
  • the content of your messages.
Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) — to respond to your inquiry and assess commercial fit.

2.3 Customers and platform users

When you subscribe to or use the GuestButler platform, we process:

  • name, business email address, and phone number;
  • billing and company details;
  • platform usage data (features used, session logs, configuration settings);
  • support communications.
Legal basis: Performance of a contract (Art. 6(1)(b) GDPR) and legitimate interest (Art. 6(1)(f) GDPR) — to deliver the service, manage your account, and improve the platform.

2.4 Marketing and commercial outreach

To promote GuestButler's services and reach relevant hospitality businesses, we may process:

  • name, business email address, and phone number;
  • company name, size, and property type;
  • job title and professional role;
  • publicly available data from business sources and LinkedIn.
Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) — to grow our business by reaching relevant prospects. Where required by law (e.g. for email marketing to individuals), we rely on your consent (Art. 6(1)(a) GDPR). You may unsubscribe at any time via the link in any marketing email or by contacting privacy@guestbutler.ai.

2.5 Call recordings

We may record calls with customers and prospects for quality assurance and training purposes. We will inform you at the start of any recorded call and give you the opportunity to object.

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) or, where required, your consent (Art. 6(1)(a) GDPR).

2.6 Cookies and tracking technologies

We use cookies and similar tracking technologies on our website. Some are strictly necessary; others are used for analytics or marketing purposes. Where required by law, we will ask for your consent before placing non-essential cookies. A separate Cookie Policy will be published on our website shortly.

Legal basis: Consent (Art. 6(1)(a) GDPR) for non-essential cookies; legitimate interest (Art. 6(1)(f) GDPR) for strictly necessary cookies.

3. Sharing Your Personal Data

We do not sell your personal data. We may share personal data with the following categories of recipients:

Service providers (sub-processors): We use third-party providers to help deliver our Services. These parties process personal data only on our documented instructions and under contractual data protection obligations equivalent to those in this Privacy Policy. Our current sub-processors are: Google Cloud EMEA Limited (cloud hosting, Ireland/Netherlands), Bird B.V. (WhatsApp messaging, Netherlands), Meta Platforms Ireland Limited (WhatsApp Business Platform, Ireland), OpenAI LLC (AI language model, United States), Anthropic PBC (AI language model, United States), SendGrid/Twilio Ireland Limited (email delivery, Ireland), and TalkJS (in-platform chat, Netherlands). For US-based sub-processors, we ensure appropriate safeguards are in place including Standard Contractual Clauses.

Business partners: We may share data with partners in connection with co-hosted events or joint commercial activities, where you have been informed in advance.

Legal and regulatory authorities: We may disclose personal data where required by law, court order, or competent regulatory authority.

Corporate transactions: In the event of a merger, acquisition, or sale of assets, personal data may be transferred to the relevant counterparty, subject to appropriate confidentiality obligations.

Where we transfer personal data to recipients outside the European Economic Area (EEA), we ensure an adequate level of protection through the use of European Commission Standard Contractual Clauses or another valid transfer mechanism under the GDPR.

4. Data Retention

We retain personal data for no longer than necessary for the purposes described in this Privacy Policy or as required by applicable law. Our general retention periods are:

  • Website visitor data: up to 24 months from last interaction;
  • Contact and prospect data: up to 36 months from last contact or until you withdraw consent;
  • Customer and contract data: for the duration of the contract and up to 7 years thereafter (to meet statutory obligations under Dutch and EU law);
  • Call recordings: up to 12 months unless a longer period is required;
  • Marketing data: until you unsubscribe or withdraw consent.

Where data is no longer required, we delete or anonymise it. Anonymised and aggregated data may be retained indefinitely for analytical purposes.

5. Data Security

GuestButler implements appropriate technical and organisational security measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These measures include (but are not limited to):

  • encryption of data in transit (TLS) and, where applicable, at rest;
  • role-based and least-privilege access controls;
  • regular security assessments and monitoring;
  • staff training on data protection.

If you discover a potential security vulnerability in our systems, we ask you to report it responsibly via support@guestbutler.ai so we can take prompt action.

6. Automated Decision-Making and Profiling

GuestButler does not use automated decision-making processes that produce legal or similarly significant effects on individuals within the meaning of Article 22 GDPR. Where we use AI and automation in our platform (e.g. to generate guest communication on behalf of hospitality operators), this is done on behalf of and under the instruction of our customers.

7. Your Privacy Rights

Under the GDPR, you have the following rights in relation to your personal data:

  • Right of access — to obtain confirmation of whether we process your data and, if so, to receive a copy;
  • Right of rectification — to have inaccurate or incomplete data corrected;
  • Right to erasure ('right to be forgotten') — to request deletion of your data where there is no overriding legitimate ground or legal obligation to retain it;
  • Right to restriction of processing — to request that we temporarily limit how we use your data;
  • Right to data portability — to receive your data in a structured, commonly used, machine-readable format;
  • Right to object — to object to processing based on legitimate interests, including direct marketing;
  • Right to withdraw consent — where processing is based on consent, to withdraw it at any time without affecting the lawfulness of prior processing;
  • Right to lodge a complaint — with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, ap.nl) or the data protection authority of your EU member state.

To exercise any of these rights, please contact us at the address below. We will respond within one month of receipt of your request. We may ask you to verify your identity before processing your request.

8. Contact Details and DPO

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us at:

GuestButler B.V.
Attn: Privacy
Johan Cruijff Boulevard 65-71
1101 DL Amsterdam
The Netherlands
support@guestbutler.ai

If your request relates to data processed by a hospitality business using the GuestButler platform (e.g. your data as a hotel guest), please contact that business directly, as they are the data controller for that processing.

9. Updates to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in the law, our business, or our processing activities. The most recent version is always available at guestbutler.ai/privacy. Material changes will be communicated to customers via email or a notice on the platform.

This Privacy Policy was last updated on 26 March 2026.

GuestButler B.V. · support@guestbutler.ai · guestbutler.ai/privacy

Resources

PricingIntegrationsCase StudiesBlog

Company

About usContact Us

Contact

sales@guestbutler.ai020-308 63 98

Office

Johan Cruijff Boulevard 65 1101DL
Amsterdam

©2025 GuestButler B.V.
Algemene voorwaarden
Cookie statement
Privacy statement