Privacy Policy

QuickKey, Inc. ("QuickKey," "we," "us," or "our") operates the QuickKey hotel operations platform, accessible at quickkey.io and through our associated mobile and web applications. QuickKey is headquartered in Miami, Florida, USA.

For the purposes of data protection law, QuickKey acts as a data controller with respect to information about hotel operators, staff, and website visitors. QuickKey acts as a data processor with respect to guest data that hotels collect and process through our platform.

If you have questions about this Privacy Policy or our data practices, please contact our Privacy Team at [email protected].

We collect information in the following categories:

2.1 Information You Provide Directly

• Account Registration: Name, email address, phone number, hotel name, job title, and billing information when you create an account.
• Contact Forms: Information you submit when requesting a demo, contacting support, or communicating with us.
• Platform Configuration: Hotel settings, staff profiles, department configurations, and operational preferences you enter into the platform.

2.2 Guest Information (Processed on Behalf of Hotels)

• Guest names, room numbers, and phone numbers provided by hotels or collected during guest interactions.
• Service request content, including the nature of requests, descriptions, and any media attachments.
• Communication logs from SMS, WhatsApp, and AI phone agent interactions.
• Voice recordings of AI phone agent calls (where applicable and with appropriate notice to guests).

2.3 Automatically Collected Information

• Usage Data: Pages visited, features used, time spent, and interaction patterns within the platform.
• Device Information: IP address, browser type, operating system, device identifiers, and screen resolution.
• Log Data: Server logs including access times, error logs, and API request data.
• Cookies: Session cookies, preference cookies, and analytics cookies as described in Section 10.

2.4 Information from Third Parties

• Property Management System (PMS) data when you enable integrations, including reservation data and guest profiles.
• Payment information processed by our third-party payment processor (we do not store full payment card numbers).
• Information from communication providers (Twilio, WhatsApp Business API) related to message delivery status.

We use the information we collect for the following purposes:

• Service Delivery: To provide, operate, maintain, and improve the QuickKey platform and all associated features.
• Account Management: To create and manage your account, process payments, and communicate with you about your subscription.
• Guest Request Processing: To route, track, and fulfill hotel guest service requests through the platform.
• AI Training and Improvement: To train and improve our AI models, with appropriate anonymization and safeguards.
• Customer Support: To respond to your inquiries, troubleshoot issues, and provide technical assistance.
• Communications: To send service-related notifications, product updates, security alerts, and (where you have opted in) marketing communications.
• Analytics: To understand how the platform is used, identify trends, and make data-driven improvements.
• Legal Compliance: To comply with applicable laws, regulations, and legal processes.
• Security: To detect, prevent, and respond to fraud, abuse, and security incidents.

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, our legal bases for processing personal data are:

• Contract Performance: Processing necessary to fulfill our contractual obligations to you as a subscriber.
• Legitimate Interests: Processing for our legitimate business interests, such as improving our services, preventing fraud, and ensuring security, where these interests are not overridden by your rights.
• Legal Obligation: Processing required to comply with applicable laws and regulations.
• Consent: Where we rely on your consent, such as for marketing emails or certain cookies, you have the right to withdraw consent at any time.

We do not sell your personal information. We share information only in the following circumstances:

• Service Providers: We share information with trusted third-party vendors who assist us in operating the platform, including cloud hosting (AWS), communication providers (Twilio), payment processors (Stripe), and analytics tools. These providers are contractually bound to protect your data.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.
• Legal Requirements: We may disclose information when required by law, court order, or government request, or to protect the rights, property, or safety of QuickKey, our users, or the public.
• With Your Consent: We may share information for other purposes with your explicit consent.
• Aggregated/Anonymized Data: We may share aggregated, anonymized data that cannot reasonably identify you for research, industry analysis, or marketing purposes.

Hotels using QuickKey are responsible for the lawful collection and processing of their guests' personal data. As a hotel operator, you must:

• Obtain all necessary consents from guests before initiating communications through the platform.
• Inform guests about how their data will be used, including through QuickKey's platform.
• Respond to guest data subject requests (access, deletion, correction) in accordance with applicable law.
• Ensure your use of guest data complies with applicable privacy laws in your jurisdiction.

QuickKey processes guest data only as instructed by hotels and in accordance with our Data Processing Agreement. Hotels may request a Data Processing Agreement by contacting [email protected].

When guests interact with QuickKey's AI voice agent, the following applies:

• Call Recording: AI phone calls may be recorded for quality assurance, dispute resolution, and AI model improvement. Hotels are responsible for ensuring guests are notified of recording in compliance with applicable wiretapping laws.
• Voice Data: Voice recordings are processed using speech-to-text technology and may be retained for a limited period for quality review before deletion or anonymization.
• AI Training: Anonymized and aggregated interaction data may be used to improve our AI models. We do not use identifiable guest data for AI training without appropriate consent.
• Third-Party AI Services: We may use third-party AI service providers for voice processing. These providers are bound by data processing agreements and confidentiality obligations.

We retain personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required by law:

• Account Data: Retained for the duration of your subscription and for up to 3 years after termination for legal and business purposes.
• Guest Communication Data: Retained for up to 2 years after the communication, or as specified in your Data Processing Agreement.
• Voice Recordings: Retained for up to 90 days unless required longer for legal or dispute resolution purposes.
• Analytics Data: Aggregated analytics data may be retained indefinitely in anonymized form.
• Legal Hold: Data subject to a legal hold will be retained until the hold is released.

You may request deletion of your data at any time, subject to our legal obligations and legitimate business interests.

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete personal information.
• Deletion: Request deletion of your personal information, subject to certain exceptions.
• Portability: Request a machine-readable copy of your personal information.
• Restriction: Request that we restrict processing of your personal information in certain circumstances.
• Objection: Object to processing based on legitimate interests or for direct marketing purposes.
• Withdraw Consent: Withdraw consent where processing is based on consent.

To exercise these rights, please contact us at [email protected]. We will respond to your request within 30 days (or 45 days where permitted by law). We may need to verify your identity before processing your request.

You also have the right to lodge a complaint with your local data protection authority if you believe we have not handled your data appropriately.

We use cookies and similar tracking technologies on our website and platform. These include:

• Essential Cookies: Required for the platform to function, including session management and security. Cannot be disabled.
• Preference Cookies: Remember your settings and preferences to personalize your experience.
• Analytics Cookies: Help us understand how users interact with the platform using tools like Google Analytics. Data is aggregated and anonymized where possible.
• Marketing Cookies: Used to deliver relevant advertising on third-party platforms (only on our marketing website, not within the hotel platform).

You can manage cookie preferences through your browser settings or our cookie consent tool. Note that disabling certain cookies may affect platform functionality.

QuickKey implements industry-standard security measures to protect your personal information, including:

• TLS/SSL encryption for all data in transit
• AES-256 encryption for data at rest
• Multi-factor authentication for platform access
• Regular security audits and penetration testing
• Role-based access controls limiting data access to authorized personnel
• SOC 2 Type II compliance (in progress)
• Incident response procedures for data breach notification

Despite these measures, no security system is impenetrable. In the event of a data breach that affects your rights, we will notify you as required by applicable law.

QuickKey is based in the United States. If you are located outside the US, your information may be transferred to and processed in the US and other countries where our service providers operate.

For transfers from the EEA, UK, or Switzerland, we rely on appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the European Commission, adequacy decisions, or other lawful transfer mechanisms.

The QuickKey platform is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe we may have collected information from a child, please contact us at [email protected].

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you.
• Right to Delete: Request deletion of personal information we have collected, subject to certain exceptions.
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt-Out of Sale/Sharing: QuickKey does not sell or share personal information for cross-context behavioral advertising.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To submit a CCPA request, contact us at [email protected] or call 1-786-672-1101.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on our website with a new "Last Updated" date and, where appropriate, by sending an email notification.

Your continued use of the Services after the effective date of the revised Privacy Policy constitutes your acceptance of the changes. We encourage you to review this policy periodically.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: