Privacy Policy

GDPR compliant • Last updated: January 2025

Introduction

Innvaro ("we", "us", "our") respects your privacy and is committed to protecting your personal data. This privacy policy explains what personal data we collect, how we use it, and what rights you have.

By using our service, you agree to the processing of your personal data as described in this privacy policy.

Data Controller

Innvaro

E-mail: info@innvaro.com

KVK: 74361333

BTW: NL002408889B57

Innvaro is responsible for the processing of personal data as described in this privacy policy, in accordance with the General Data Protection Regulation (GDPR).

What Data Do We Collect?

Account Data

To create an account, we ask for: name, email address, and company details. This data is necessary to provide the service.

Property Data

You can enter property details, such as address, description, check-in/check-out times, and house rules. This data is used to train the AI assistant and provide tips to your guests.

AI analytics (guest app)

For guests using Ask Innvaro, we log anonymized analytics: question categories, outcomes (answered/refused), response latency, and action clicks. We do not store raw questions or answers.

Guest Data

When guests use the Innvaro chat, we collect anonymous user data (such as device ID) and chat history. This data is used to improve the service and provide personalized tips.

Technical specifications

We automatically collect technical data such as IP address, browser type and version, operating system, device type, and usage patterns. This data is used to improve the service, troubleshoot issues, and ensure security.

Contact Form

When you use the contact form, we collect your name, email address, phone number (optional) and message. This data is used to answer your question.

Why Do We Collect This Data?

We use your data for the following purposes:

Providing and improving the Innvaro service
Processing your requests and questions
Sending important service updates
Analyzing usage patterns to optimize the service (anonymized)
Security: Ensuring the security and integrity of the service
Legal obligations: Complying with applicable laws and regulations

Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

Performance of contract: To provide the service you have requested
Legitimate interest: For enhancing service, security, and fraud prevention
Consent: For marketing communications and optional features (you can withdraw this consent at any time)
Legal obligation: To comply with applicable laws and regulations

How Long Do We Store Data?

We store your data as long as necessary for the purposes for which it was collected:

Account data: as long as your account is active
Property data: as long as you use the service
Chat history: maximum 2 years after last use
Contact form data: maximum 1 year after last contact
Technical logs: Maximum 6 months
AI analytics events: 90 days

After terminating your account, your data will be deleted within 30 days, unless we are legally required to keep it longer.

Do We Share Data with Third Parties?

We do not share your personal data with third parties for commercial purposes. However, we work with the following service providers:

Hosting providers: For hosting our service (e.g., Vercel). These parties only have access to technical data necessary for their services and are contractually obligated to protect your data.
Payment processors: For processing payments (Stripe). Payment data is sent directly to Stripe and is not stored by us.
Analytics (optional): For anonymized user statistics. All analytics are anonymized and cannot be traced back to individual users.

We may share data if legally required, if we receive a court order, or to protect our rights and property.

Data Security

We take appropriate technical and procedural measures to protect your data against unauthorized access, loss, destruction or modification.

This includes: encryption of data in transit and at rest, regular security updates, access controls, and regular backups.

Despite our efforts, no method of electronic storage or transmission can be 100% secure. Therefore, we cannot guarantee that your data is absolutely safe.

Cookies

Innvaro uses cookies and similar technologies to deliver and improve the service. We use:

Functional cookies: Necessary for the operation of the service (e.g., session management)
Analytics cookies: For anonymized user statistics (optional, off by default)

Analytics cookies are optional and off by default. You can accept or decline via the cookie banner.

You can disable cookies via your browser settings, but this may affect the functionality of the service. For more information about how we use cookies, please contact us.

Your Rights Under GDPR

You have the following rights regarding your personal data:

Right of Access: You have the right to know what data we process about you.
Right to Rectification: You have the right to have incorrect data corrected.
Right to Deletion: You have the right to have your data deleted ("right to be forgotten").
Right to Limitation: You have the right to limit the processing of your data.
Right to Data Portability: You have the right to receive your data in a structured format.
Right to Object: You have the right to object to the processing of your data.

To exercise these rights, please contact us viainfo@innvaro.com.We respond within 30 days to your request.

Complaints

If you believe that we are not processing your personal data correctly, you have the right to file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens). You can contact the AP via www.autoriteitpersoonsgegevens.nl.

Changes to This Privacy Policy

We may update this privacy policy from time to time. Changes will be published on this page with an updated date. We recommend checking this page regularly.

Contact

For questions about this privacy policy or about the processing of your personal data, you can contact us viainfo@innvaro.com.

Innvaro