Privacy Policy

Polygon AI GmbH takes the protection of personal data seriously. This Privacy Policy explains how we collect, use, store, and protect personal data when Hotel Operators use the sparkdesk platform and when guests interact with our AI-powered services.

1. Our Dual Role in Data Processing

sparkdesk operates in two distinct capacities depending on the data involved. For Hotel Operator account data, we act as the Data Controller. This includes the information you provide when creating an account, contact details of your organisation, billing and payment information, and platform usage data.

For Guest data (individuals interacting with sparkdesk), we act strictly as a Data Processor on behalf of the Hotel Operator, who remains the Data Controller. We process guest data solely according to the Hotel Operator's instructions and for the purpose of delivering AI receptionist services. We do not use guest data for our own marketing purposes.

2. Data We Collect

For Hotel Operators, we collect: name and contact information, organisation details, billing address, payment method details (processed via Stripe), and platform usage analytics.

For Guests (on behalf of Hotel Operators), we process: name and contact information provided during interactions, booking and reservation details, conversation transcripts (with sensitive data masked), and voice recordings where applicable. Sensitive payment details and personal identifiers are automatically masked and never stored in text or voice transcripts.

3. Data Storage & Security

All data is stored in secure, EU-based data centres with enterprise-grade security measures including encryption at rest and in transit, regular security audits, and strict access controls. Our infrastructure is designed to meet the requirements of both GDPR and Swiss data protection law (FADP/nDSG).

4. Third-Party Data Sharing

We share data only with essential service providers required to deliver our platform, including our hosting provider, property management systems (as configured by the Hotel Operator), payment processor (Stripe), and telephony infrastructure. We have data processing agreements in place with all sub-processors.

We do not sell data. We do not market to your guests. Your guest data is yours.

5. Cookies & Tracking

Our platform uses essential cookies required for authentication and session management. We use privacy-focused analytics to understand platform usage. We do not use third-party advertising cookies or cross-site tracking technologies.

6. Your Rights

Under GDPR and Swiss law, you have the right to access your personal data, rectify inaccurate data, request erasure of your data, restrict processing, data portability, and object to processing. Hotel Operators can exercise these rights through their account settings or by contacting us. Guests should contact the Hotel Operator who controls their data, who will then coordinate with us as needed.

7. Data Retention

We retain Hotel Operator data for as long as your account is active and for a period thereafter as required by applicable law (typically seven years for financial records). Guest interaction data is retained according to the Hotel Operator's configured retention policies and applicable legal requirements.

8. Security Measures

We implement appropriate technical and organisational measures to protect personal data, including TLS encryption for all data in transit, encryption for data at rest, transcript masking for sensitive information, role-based access controls, and incident response procedures.

9. Changes to This Policy

We may update this Privacy Policy from time to time. The updated policy will be posted on our website with the revision date.