Overview
NightClerk AI, operated by Akand Group LLC ("NightClerk," "we," "us," "our"), is committed to protecting the privacy of our customers ("you," "Property Owners," or "Operators") and the guests whose communications flow through our platform ("Guests").
This Privacy Policy explains what information we collect, how we use and share it, and the choices you have with respect to your information. It applies to the NightClerk AI platform, including our web application, APIs, SMS and voice communication pipelines, and any related services.
Information We Collect
A. Information You Provide Directly
- Account Information: Name, email address, phone number, business name, property address, number of rooms, and billing information collected during registration
- Property Knowledge Base: Check-in/check-out policies, room types, amenities, local recommendations, escalation contacts, and other property-specific information you upload
- OTA Integration Credentials: API keys or OAuth tokens for connected platforms such as Booking.com or Expedia (stored encrypted at rest)
- Support Communications: Emails, chat logs, or other messages you send to our support team
B. Information Collected Automatically
- Usage Data: Dashboard interactions, features accessed, session duration, and feature usage frequency
- Log Data: IP addresses, browser type, operating system, pages visited, referring URLs, and timestamps
- Communication Metadata: Message timestamps, delivery status, response latency, escalation triggers, and AI confidence scores (not message content)
- Device Information: Device type, operating system version, and browser for dashboard access
C. Guest Communications Data (Processed on Your Behalf)
- Inbound and outbound SMS message content between guests and your property number
- Voice call audio recordings and transcriptions (where enabled)
- OTA message content from platforms you connect
- Guest phone numbers and contact information transmitted through communication channels
- Guest review content and our AI-generated review responses
Guest Communications Data is processed as a data processor on your behalf. You, as the Property Operator, are the data controller for guest data.
How We Use Information
| Purpose | Data Used |
|---|---|
| Providing and operating the Service | Account info, property knowledge base, guest communications |
| AI response generation and routing | Guest message content, knowledge base, communication history |
| Escalation routing to property staff | Guest message content, escalation contact list, trigger keywords |
| Daily digest and analytics reports | Communication metadata, message counts, escalation summaries |
| Review response generation | Guest review text, property information |
| Billing and account management | Account info, usage data, billing details |
| Customer support | Account info, support communications, usage logs |
| Product improvement (aggregated, anonymized) | Usage data, anonymized interaction patterns |
| Security and fraud prevention | Log data, usage data, communication metadata |
| Legal compliance | As required by applicable law |
We do not use Guest Communications Data to train general-purpose AI models, sell data to advertisers, or build profiles of guests beyond what is necessary to deliver your configured communication service.
How We Share Information
We do not sell your personal information or Guest Communications Data. We share information only in the following limited circumstances:
Service Providers. We engage third-party vendors to help operate the Service. These providers process data only on our instructions:
- Twilio — SMS delivery, A2P 10DLC messaging, and voice call infrastructure
- Deepgram — Voice-to-text transcription of inbound call audio
- ElevenLabs — Text-to-speech voice synthesis for AI voice responses
- Cloud hosting and database providers — Secure storage and compute infrastructure
- Payment processors — Billing and subscription management (they do not receive your property or guest data)
OTA Platforms. When you connect an OTA integration, message content is transmitted to and received from that platform per your configuration. Those platforms have their own privacy policies.
Legal Requirements. We may disclose information if required by law, subpoena, court order, or to protect the rights, property, or safety of NightClerk AI, our customers, or the public.
Business Transfers. In the event of a merger, acquisition, or sale of assets, your information may be transferred to the successor entity. We will provide notice before such transfer and any material change to this policy.
Guest Data & Your Responsibilities
You are the data controller for Guest Communications Data processed through your NightClerk AI account. This means:
- You are responsible for having a lawful basis for processing guest personal data and for providing guests with any required privacy notices
- You are responsible for ensuring compliance with applicable telemarketing and messaging laws, including TCPA opt-out requirements
- You must configure the Service to honor guest opt-out requests from SMS communications
- If a guest contacts you to exercise their privacy rights (access, deletion, correction), you are responsible for responding; we will assist you with data retrieval or deletion requests upon written request
NightClerk AI acts as a data processor for Guest Communications Data and will process such data only in accordance with your instructions and this Privacy Policy.
Data Retention
We retain different categories of data for different periods:
| Data Category | Retention Period |
|---|---|
| Account information | Duration of account + 90 days post-termination |
| Guest SMS message content | 90 days rolling (configurable per property) |
| Voice call transcriptions | 30 days (audio recordings deleted within 24 hours of transcription) |
| OTA message content | 60 days |
| Communication metadata & logs | 12 months |
| Billing records | 7 years (legal/tax compliance) |
| Property knowledge base | Until deleted by you or 30 days post-termination |
You may request earlier deletion of Guest Communications Data by contacting us at privacy@nightclerk.ai.
Security
We implement commercially reasonable technical and organizational security measures to protect your information, including:
- Encryption of data at rest (AES-256) and in transit (TLS 1.2+)
- Encrypted storage of third-party API credentials and OAuth tokens
- Role-based access controls for internal personnel
- Regular security reviews of our infrastructure and dependencies
- Isolated data environments per property account
No security measure is perfect. In the event of a security breach that affects your personal data, we will notify you as required by applicable law and as promptly as reasonably possible.
Your Rights & Choices
Depending on your jurisdiction, you may have the right to:
- Access the personal information we hold about you
- Correct inaccurate or incomplete information
- Delete your account and associated personal information
- Data portability — receive your account data in a machine-readable format
- Opt out of non-essential communications from NightClerk AI
- Restrict processing in certain circumstances
To exercise any of these rights, email us at privacy@nightclerk.ai with your name and the email address associated with your account. We will respond within 30 days. We may need to verify your identity before fulfilling a request.
California Residents. California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, the right to opt out of the sale of personal information (we do not sell personal information), and the right to non-discrimination for exercising privacy rights.
Cookies & Tracking
Our web dashboard uses cookies and similar tracking technologies to:
- Maintain your login session and authentication state
- Remember your preferences and dashboard configuration
- Analyze aggregate usage patterns to improve the dashboard experience
We do not use advertising or cross-site tracking cookies. You can configure your browser to block or delete cookies, but this may affect functionality of the dashboard.
Our SMS and voice communication pipelines do not use cookies.
Children's Privacy
The Service is intended for use by business owners and operators and is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us personal information, please contact us at privacy@nightclerk.ai and we will delete such information promptly.
International Data Transfers
NightClerk AI is based in the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country.
By using the Service, you consent to this transfer. We take steps to ensure that international transfers of personal data comply with applicable legal requirements, including by using data processing agreements with our service providers.
Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will provide notice via email to your registered address or through a prominent notice in the dashboard at least 14 days before the changes take effect.
We encourage you to review this policy periodically. Continued use of the Service after the effective date of a revised policy constitutes your acceptance of the changes.
Contact Us
For questions, concerns, or requests regarding this Privacy Policy:
Akand Group LLC d/b/a NightClerk AI
Privacy inquiries: hello@nightclerk.ai
General support: hello@nightclerk.ai
Legal matters: hello@nightclerk.ai