Privacy Policy — NightClerk AI

Overview

NightClerk AI, operated by Akand Group LLC ("NightClerk," "we," "us," "our"), is committed to protecting the privacy of our customers ("you," "Property Owners," or "Operators") and the guests whose communications flow through our platform ("Guests").

This Privacy Policy explains what information we collect, how we use and share it, and the choices you have with respect to your information. It applies to the NightClerk AI platform, including our web application, APIs, SMS and voice communication pipelines, and any related services.

NightClerk AI processes two distinct categories of data: Customer Data (information about Property Owners and their accounts) and Guest Communications Data (messages and call data exchanged with lodging guests on your behalf). Different protections apply to each category, as described below.

Information We Collect

A. Information You Provide Directly

Account Information: Name, email address, phone number, business name, property address, number of rooms, and billing information collected during registration
Property Knowledge Base: Check-in/check-out policies, room types, amenities, local recommendations, escalation contacts, and other property-specific information you upload
OTA Integration Credentials: API keys or OAuth tokens for connected platforms such as Booking.com or Expedia (stored encrypted at rest)
Support Communications: Emails, chat logs, or other messages you send to our support team

B. Information Collected Automatically

Usage Data: Dashboard interactions, features accessed, session duration, and feature usage frequency
Log Data: IP addresses, browser type, operating system, pages visited, referring URLs, and timestamps
Communication Metadata: Message timestamps, delivery status, response latency, escalation triggers, and AI confidence scores (not message content)
Device Information: Device type, operating system version, and browser for dashboard access

C. Guest Communications Data (Processed on Your Behalf)

Inbound and outbound SMS message content between guests and your property number
Voice call audio recordings and transcriptions (where enabled)
OTA message content from platforms you connect
Guest phone numbers and contact information transmitted through communication channels
Guest review content and our AI-generated review responses

Guest Communications Data is processed as a data processor on your behalf. You, as the Property Operator, are the data controller for guest data.

How We Use Information

Purpose	Data Used
Providing and operating the Service	Account info, property knowledge base, guest communications
AI response generation and routing	Guest message content, knowledge base, communication history
Escalation routing to property staff	Guest message content, escalation contact list, trigger keywords
Daily digest and analytics reports	Communication metadata, message counts, escalation summaries
Review response generation	Guest review text, property information
Billing and account management	Account info, usage data, billing details
Customer support	Account info, support communications, usage logs
Product improvement (aggregated, anonymized)	Usage data, anonymized interaction patterns
Security and fraud prevention	Log data, usage data, communication metadata
Legal compliance	As required by applicable law

We do not use Guest Communications Data to train general-purpose AI models, sell data to advertisers, or build profiles of guests beyond what is necessary to deliver your configured communication service.

How We Share Information

We do not sell your personal information or Guest Communications Data. We share information only in the following limited circumstances:

Service Providers. We engage third-party vendors to help operate the Service. These providers process data only on our instructions:

Twilio — SMS delivery, A2P 10DLC messaging, and voice call infrastructure
Deepgram — Voice-to-text transcription of inbound call audio
ElevenLabs — Text-to-speech voice synthesis for AI voice responses
Cloud hosting and database providers — Secure storage and compute infrastructure
Payment processors — Billing and subscription management (they do not receive your property or guest data)

OTA Platforms. When you connect an OTA integration, message content is transmitted to and received from that platform per your configuration. Those platforms have their own privacy policies.

Legal Requirements. We may disclose information if required by law, subpoena, court order, or to protect the rights, property, or safety of NightClerk AI, our customers, or the public.

Business Transfers. In the event of a merger, acquisition, or sale of assets, your information may be transferred to the successor entity. We will provide notice before such transfer and any material change to this policy.

Guest Data & Your Responsibilities

You are the data controller for Guest Communications Data processed through your NightClerk AI account. This means:

You are responsible for having a lawful basis for processing guest personal data and for providing guests with any required privacy notices
You are responsible for ensuring compliance with applicable telemarketing and messaging laws, including TCPA opt-out requirements
You must configure the Service to honor guest opt-out requests from SMS communications
If a guest contacts you to exercise their privacy rights (access, deletion, correction), you are responsible for responding; we will assist you with data retrieval or deletion requests upon written request

NightClerk AI acts as a data processor for Guest Communications Data and will process such data only in accordance with your instructions and this Privacy Policy.

Data Retention

We retain different categories of data for different periods:

Data Category	Retention Period
Account information	Duration of account + 90 days post-termination
Guest SMS message content	90 days rolling (configurable per property)
Voice call transcriptions	30 days (audio recordings deleted within 24 hours of transcription)
OTA message content	60 days
Communication metadata & logs	12 months
Billing records	7 years (legal/tax compliance)
Property knowledge base	Until deleted by you or 30 days post-termination
SMS opt-out records	Duration of Property Operator account

You may request earlier deletion of Guest Communications Data by contacting us at privacy@nightclerk.ai.

Security

We implement commercially reasonable technical and organizational security measures to protect your information, including:

Encryption of data at rest (AES-256) and in transit (TLS 1.2+)
Encrypted storage of third-party API credentials and OAuth tokens
Role-based access controls for internal personnel
Regular security reviews of our infrastructure and dependencies
Isolated data environments per property account

No security measure is perfect. In the event of a security breach that affects your personal data, we will notify you as required by applicable law and as promptly as reasonably possible.

Your Rights & Choices

Depending on your jurisdiction, you may have the right to:

Access the personal information we hold about you
Correct inaccurate or incomplete information
Delete your account and associated personal information
Data portability — receive your account data in a machine-readable format
Opt out of non-essential communications from NightClerk AI
Restrict processing in certain circumstances

To exercise any of these rights, email us at privacy@nightclerk.ai with your name and the email address associated with your account. We will respond within 30 days. We may need to verify your identity before fulfilling a request.

California Residents. California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, the right to opt out of the sale of personal information (we do not sell personal information), and the right to non-discrimination for exercising privacy rights.

Cookies & Tracking

Our web dashboard uses cookies and similar tracking technologies to:

Maintain your login session and authentication state
Remember your preferences and dashboard configuration
Analyze aggregate usage patterns to improve the dashboard experience

We do not use advertising or cross-site tracking cookies. You can configure your browser to block or delete cookies, but this may affect functionality of the dashboard.

Our SMS and voice communication pipelines do not use cookies.

Children's Privacy

The Service is intended for use by business owners and operators and is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us personal information, please contact us at privacy@nightclerk.ai and we will delete such information promptly.

International Data Transfers

NightClerk AI is based in the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country.

By using the Service, you consent to this transfer. We take steps to ensure that international transfers of personal data comply with applicable legal requirements, including by using data processing agreements with our service providers.

SMS Communications

NightClerk AI sends transactional SMS messages to lodging property guests on behalf of Property Operators who have authorized the service. This section provides additional detail on how SMS-related data is collected, used, and protected.

SMS data we process:

Guest phone numbers (received from OTA booking data, PMS integrations, or provided when the guest initiates contact by texting or calling the property number)
Inbound and outbound SMS message content
Message delivery status and timestamps
Opt-out records (STOP requests)

How guest consent is obtained:

Inbound-initiated: Guest texts or calls the property's dedicated NightClerk phone number, displayed on property signage, Google Business Profile, and property website
Booking-triggered: Guest provides phone number when making a reservation through Booking.com, Expedia, or direct booking
QR code: Guest scans QR code posted at the property with adjacent consent disclosure
Web opt-in: Guest enters phone number on property website or NightClerk guest opt-in page at nightclerk.ai/sms-optin with consent language

        SMS-specific disclosures: Messages are sent from a dedicated local phone number assigned to each property via the Twilio messaging platform. Message frequency varies by guest interaction (typically 1–5 messages per guest stay). Message and data rates may apply. Guests may opt out at any time by replying STOP to any message. Reply HELP for assistance. Consent to receive messages is not a condition of any purchase or booking.
      

SMS data sharing: Guest phone numbers and SMS message content are shared only with Twilio (our telecommunications provider) for the purpose of delivering messages. We do not sell, rent, or share guest phone numbers or SMS data with third parties for marketing purposes.

SMS data retention: SMS message content is retained for 90 days (configurable per property). Opt-out records are retained for the duration of the Property Operator's account to prevent re-messaging opted-out guests.

For complete SMS messaging terms, including detailed consent methods and opt-out procedures, see our SMS Messaging Terms.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will provide notice via email to your registered address or through a prominent notice in the dashboard at least 14 days before the changes take effect.

We encourage you to review this policy periodically. Continued use of the Service after the effective date of a revised policy constitutes your acceptance of the changes.

Contact Us

For questions, concerns, or requests regarding this Privacy Policy:

Akand Group LLC d/b/a NightClerk AI
Privacy inquiries: hello@nightclerk.ai
General support: hello@nightclerk.ai
Legal matters: hello@nightclerk.ai