UNLOKET PRIVACY POLICY

Effective Date: February, 1, 2026
Last Updated: February 18, 2026

Unloket, Inc. (“Unloket,” “we,” “our,” or “us”) provides AI-powered concierge and guest communication services to hospitality providers. This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when:

• Guests interact with Unloket’s AI concierge services

• Hotels use our platform

• Individuals visit our website

• Individuals communicate with us directly

This Policy is designed to comply with:

• General Data Protection Regulation (GDPR)

• California Consumer Privacy Act as amended by CPRA

• Applicable U.S. federal and state privacy laws

 

1. ROLE OF UNLOKET: CONTROLLER AND PROCESSOR

Unloket acts in two distinct roles:

A. As a Data Processor

When providing concierge services on behalf of a hotel partner, Unloket processes guest personal data strictly under the hotel’s instructions. In these cases:

• The hotel is the Data Controller.

• Unloket acts as a Data Processor under Article 28 GDPR.

• Guests should direct operational privacy requests to the hotel.

B. As an Independent Data Controller

Unloket acts as an independent Data Controller when processing:

• Aggregated and anonymized data

• Product analytics

• AI model training (on de-identified data)

• Platform security logs

• Benchmarking insights

• Website visitor data

 

2. CATEGORIES OF PERSONAL DATA WE COLLECT

Depending on your interaction, we may collect:

A. Guest Data (via Hotel Services)

• Name

• Phone number

• Email address

• Room number (if provided)

• Message content

• Feedback and service requests

• Preferences (e.g., dining, transportation)

B. Website & Marketing Data

• Name

• Email

• Phone

• Company name

• IP address

• Device identifiers

• Browser information

• Cookie identifiers

C. Usage & Technical Data

• Interaction logs

• Message timestamps

• System performance logs

• AI interaction metadata

We do not intentionally collect sensitive categories of data (e.g., health data, biometric data) unless voluntarily provided by users.

 

3. HOW WE COLLECT DATA

We collect information:

• Directly from users (forms, messages, SMS)

• From hotel partners

• Automatically through cookies and analytics tools

• Through integrations with authorized service providers

 

4. PURPOSES AND LEGAL BASES FOR PROCESSING (GDPR)

Where GDPR applies, we rely on the following legal bases:

Purpose

Legal Basis

Providing concierge services

Contract performance

AI-generated responses

Legitimate interest

Platform improvement

Legitimate interest

Security monitoring

Legitimate interest

Marketing communications

Consent

Compliance with law

Legal obligation

We balance legitimate interests against user rights as required under GDPR Article 6(1)(f).

 

5. AI PROCESSING DISCLOSURE

Unloket uses artificial intelligence technologies to:

• Generate guest recommendations

• Route service requests

• Analyze patterns for service improvement

Important disclosures:

• AI responses may be automated.

• Human oversight may occur.

• Model training uses aggregated or de-identified data.

• We do not use identifiable guest data to train publicly available models.

• No guest data is sold to third parties.

Users may request human review where legally required.

 

6. DATA SHARING AND SUBPROCESSORS

We do not sell personal data.

We may share information with:

• Cloud hosting providers (e.g., AWS or equivalent)

• SMS and messaging providers

• Analytics providers

• AI infrastructure providers

• Legal and regulatory authorities when required

All subprocessors are contractually bound by confidentiality and data protection obligations.

A current list of subprocessors is available upon request.

 

7. INTERNATIONAL DATA TRANSFERS

Because Unloket operates globally, personal data may be transferred outside the European Economic Area (EEA).

Where required, we rely on:

• Standard Contractual Clauses (SCCs)

• EU–U.S. Data Privacy Framework (if applicable)

• Additional technical safeguards

 

8. DATA RETENTION

We retain personal data:

• For the duration of hotel contracts (for processor activities)

• As required for legal compliance

• As reasonably necessary for product improvement

• Security logs for fraud prevention and platform integrity

Anonymized data may be retained indefinitely.

 

9. YOUR PRIVACY RIGHTS

Under GDPR (EU/EEA residents):

You have the right to:

• Access

• Rectification

• Erasure (“Right to be Forgotten”)

• Restrict processing

• Data portability

• Object to processing

• Withdraw consent

You may lodge complaints with your local supervisory authority.

Under CCPA/CPRA (California residents):

You have the right to:

• Know what personal data is collected

• Request deletion

• Correct inaccurate data

• Opt out of sale/sharing (we do not sell personal data)

• Limit use of sensitive personal information

To exercise rights:
📧 privacy@unloket.com

 

10. DATA SECURITY

We implement technical and organizational safeguards including:

• Encryption in transit (TLS)

• Access controls

• Role-based permissions

• Audit logging

• Security monitoring

However, no method of transmission over the Internet is 100% secure.

 

11. CHILDREN’S PRIVACY

Unloket services are not directed to children under 16. We do not knowingly collect data from children without appropriate consent.

 

12. COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar technologies for:

• Site functionality

• Analytics

• Performance monitoring

Where required by law, we obtain consent before placing non-essential cookies.

 

13. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. Material changes will be communicated where legally required.

 

14. CONTACT INFORMATION

Unloket Private Company
Steliou Kazantizi 47, Thessaloniki, 57001, Greece

Email: privacy@unloket.com

For EU residents, an EU Representative may be designated as required under Article 27 GDPR.


 

​