Privacy Policy

Last Updated: March 24, 2025

This Privacy Policy describes how Marco Benvenuti ("we", "us", or "our") collects, uses, and shares your personal information when you use our Replai website and application (the "Service").

We value your privacy and are committed to protecting your personal data. This Privacy Policy explains how we handle your personal information in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR).

1. Information We Collect

We collect several different types of information for various purposes to provide and improve our Service to you:

1.1 Personal Data

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you ("Personal Data"). Personally identifiable information may include, but is not limited to:

Email address
First name and last name
Phone number
Company name
Address, State, Province, ZIP/Postal code, City
Cookies and Usage Data
Payment information (processed securely through our payment processor, Stripe)

1.2 Hotel and Review Data

As part of our Service, we collect and process information about your hotels and customer reviews, including:

Hotel names, descriptions, and locations
Customer reviews from various platforms (Google, Booking.com, TripAdvisor)
Review responses and templates
Analytics data derived from reviews

1.3 Usage Data

We may also collect information about how the Service is accessed and used ("Usage Data"). This Usage Data may include information such as your computer's Internet Protocol address (e.g., IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers, and other diagnostic data.

1.4 Tracking & Cookies Data

We use cookies and similar tracking technologies to track activity on our Service and hold certain information. Cookies are files with a small amount of data which may include an anonymous unique identifier.

For more detailed information about the cookies we use, please see our Cookie Policy.

2. How We Use Your Information

We use the collected data for various purposes:

To provide and maintain our Service
To notify you about changes to our Service
To allow you to participate in interactive features of our Service when you choose to do so
To provide customer support
To gather analysis or valuable information so that we can improve our Service
To monitor the usage of our Service
To detect, prevent and address technical issues
To process payments and manage your account
To fulfill any other purpose for which you provide it
To analyze reviews and generate AI-powered responses
To provide insights and analytics about your hotel reviews

3. Legal Basis for Processing

We will only process your personal data if we have a legal basis to do so. The legal bases we rely on include:

Contractual necessity: Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
Legitimate interests: Processing is necessary for our legitimate interests or those of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms.
Consent: You have given consent to the processing of your personal data for one or more specific purposes.
Legal obligation: Processing is necessary for compliance with a legal obligation to which we are subject.

4. Data Sharing and Disclosure

We may share your personal information in the following situations:

Service Providers: We may share your information with third-party service providers to help us operate our business, such as payment processors, data storage providers, and analytics providers.
Business Transfers: We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
With Your Consent: We may disclose your personal information for any other purpose with your consent.
Legal Requirements: We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process.

4.1 Third-Party Service Providers

We use third-party service providers to help us operate our Service. These providers have access to your personal data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

Service Provider	Purpose	Data Shared	Location
MongoDB Atlas	Database hosting	All user and hotel data	EU (AWS data centers)
Stripe	Payment processing	Payment details, billing information	US (with EU data protection compliance)
OpenAI & Anthropic	AI text generation	Review content, hotel descriptions	US
Apify	Web scraping for reviews	Hotel identifiers, platform IDs	EU/US
Resend	Email delivery	Email address, name	US
Facebook	Analytics and advertising	Usage data, cookie data	US
Twilio	WhatsApp Concierge AI service	Phone number, messages, hotel-related inquiries	US (with EU data protection compliance)

4.2 Facebook Pixel

We use Facebook Pixel on our website, which is an analytics tool that allows us to measure the effectiveness of our advertising by understanding the actions people take on our website. Facebook Pixel collects data such as:

HTTP headers (IP address, web browser information, page location, document, referrer, and person using the website)
Pixel-specific data (Pixel ID and Facebook Cookie)
Button click data (any buttons clicked by site visitors, the labels of those buttons and any pages visited as a result of the button clicks)
Form field names (text field names like 'email', 'address', 'quantity' for when you purchase a product or service)
Website events (page views, add to cart events, etc.)

This information is used to show you relevant ads on Facebook and to measure the effectiveness of those ads. For more information about Facebook Pixel, please visit Facebook Business Help Center.

4.3 WhatsApp Concierge AI Service

We use Twilio's WhatsApp Business API to provide our WhatsApp Concierge AI service. When you interact with our service through WhatsApp, we process the following types of data:

Your phone number
Message content (including text, images, and other media you may share)
Information about your inquiries and requests related to hotel services
Conversation history for providing continuity of service

This data is processed to provide you with AI-powered concierge services, answer your questions, and assist with hotel-related requests. Your WhatsApp messages are processed by our AI systems to generate appropriate responses and may be reviewed by our staff for quality assurance and service improvement.

Your use of our WhatsApp Concierge AI service is also subject to WhatsApp's own Privacy Policy and Terms of Service.

5. Data Retention

We will retain your personal data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your personal data to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our policies.

Specifically:

Account information: We retain your account information for as long as your account is active and for a reasonable period thereafter in case you decide to reactivate the Service.
Hotel and review data: We retain this data for as long as you maintain an active subscription and for a reasonable period thereafter.
Usage data: We generally retain usage data for shorter periods, typically 90 days, unless we need to retain it for longer periods for legitimate business purposes or legal requirements.
Transaction information: We retain transaction information for as long as needed to provide you with your subscription and for tax and accounting purposes.

6. Data Transfers

Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.

If you are located outside Italy and choose to provide information to us, please note that we transfer the data, including Personal Data, to Italy and process it there.

For transfers to countries without an adequacy decision by the European Commission, we implement appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission, to protect your personal data.

7. Your Data Protection Rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data:

Right to Access: You have the right to request copies of your personal data.
Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
Right to Erasure: You have the right to request that we erase your personal data, under certain conditions.
Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
Right to Object to Processing: You have the right to object to our processing of your personal data, under certain conditions.
Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at [email protected].

8. Children's Privacy

Our Service does not address anyone under the age of 18 ("Children"). We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.

9. Security of Your Personal Data

The security of your personal data is important to us, but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

We implement a variety of security measures to maintain the safety of your personal information, including:

Securing all communications with industry standard encryption (SSL/TLS)
Storing all data in secure cloud environments with restricted access
Regular security assessments and code reviews
Employee training on security and privacy practices

10. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top of this page.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

11. Contact Us

If you have any questions about this Privacy Policy, please contact us:

By email: [email protected]
Marco Benvenuti
Via del Francione 26
50143 Firenze
Italy
VAT: IT06769450484

Last updated: March 24, 2025