Privacy Policy

Innteracto ("we", "us", "our") is committed to protecting the privacy of our clients and their guests. This Privacy Policy explains how we collect, use, store, and protect personal data in connection with the Innteracto platform. We operate in compliance with Moroccan Law 09-08 on the Protection of Personal Data, and we apply international best practices in data privacy including principles aligned with the GDPR. By using our Service, you agree to the collection and use of information as described in this Policy.

We collect the following categories of data: ACCOUNT DATA • Business name, contact name, email address, phone number • Billing information (processed securely — we do not store card details) • Property details (room count, departments, services offered) GUEST INTERACTION DATA • Messages sent by guests through the AI concierge interface • Language preferences and detected sentiment • Service requests, complaints, and feedback submitted via the platform • Device type and approximate location (city level) for analytics USAGE DATA • Pages and features accessed within the operator dashboard • Session duration, click patterns, and feature usage frequency • Error logs and performance metrics We do not collect guest names, passport numbers, or payment information through the chat interface.

We use collected data for the following purposes: • Providing and improving the Innteracto Service • Routing guest requests to the correct department in real time • Detecting guest dissatisfaction and triggering alerts • Generating analytics reports for your property • Sending service notifications, invoices, and support communications • Improving AI model accuracy using anonymized conversation data • Complying with legal obligations We do not sell, rent, or share your personal data or your guests' data with third parties for marketing purposes.

We share data only in the following limited circumstances: SERVICE PROVIDERS We work with trusted third-party providers for infrastructure, email delivery, and SMS notifications. These providers are contractually bound to process data only for the purposes we specify and in accordance with this Policy. LEGAL REQUIREMENTS We may disclose data if required to do so by law, court order, or governmental authority in Morocco or any jurisdiction where we operate. BUSINESS TRANSFERS In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify active subscribers by email before such a transfer occurs. We never share identifiable guest conversation data with any third party for advertising, analytics resale, or profiling purposes.

We retain data for the following periods: • Active account data: retained for the duration of the subscription • Guest conversation logs: retained for 12 months from the date of the conversation, then anonymized • Billing records: retained for 5 years as required by Moroccan tax law • Anonymized analytics data: retained indefinitely for service improvement Upon account cancellation, all identifiable data is deleted within 30 days unless a longer retention period is required by law or requested by you for data export purposes.

We take data security seriously and implement the following measures: • All data is transmitted over encrypted HTTPS connections • Database encryption at rest for all personally identifiable information • Role-based access controls limiting staff access to only the data necessary for their role • Regular security audits and vulnerability assessments • Secure API authentication for all integrations No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security and are not liable for breaches that result from factors outside our reasonable control.

As a hotel or restaurant operator using Innteracto, you are the data controller for your guests' personal data. Innteracto acts as a data processor on your behalf. Your responsibilities as a data controller include: • Informing your guests that an AI concierge system processes their requests • Displaying appropriate privacy notices at QR code locations (e.g. in-room cards) • Handling guest requests to access, correct, or delete their data • Ensuring your use of Innteracto complies with applicable local privacy laws We provide a standard guest-facing privacy notice template during onboarding that you can adapt for your property.

Under Moroccan Law 09-08 and applicable international frameworks, you have the right to: • Access the personal data we hold about you • Correct inaccurate or incomplete data • Request deletion of your data (subject to legal retention requirements) • Object to certain types of processing • Request that we restrict processing of your data in certain circumstances • Receive a copy of your data in a portable format To exercise any of these rights, contact us at contact@innteracto.com. We will respond within 30 days.

Our website uses cookies for the following purposes: ESSENTIAL COOKIES Required for the website and dashboard to function correctly. These cannot be disabled. ANALYTICS COOKIES Help us understand how visitors use our website so we can improve the experience. These are anonymized and do not identify individual users. PREFERENCE COOKIES Remember your language and display preferences. You can control cookie settings through your browser settings. Disabling non-essential cookies will not affect your ability to use the Innteracto platform.

The Innteracto Service is designed for use by hospitality businesses and their adult staff. We do not knowingly collect personal data from individuals under the age of 16. If you believe a child has provided personal data to us, please contact us at contact@innteracto.com and we will delete the data promptly.

We may update this Privacy Policy from time to time. When we make material changes: • The "Last Updated" date at the top of this page will be revised • Active subscribers will be notified by email at least 14 days before changes take effect • Continued use of the Service after the effective date constitutes acceptance of the revised Policy We encourage you to review this Policy periodically.

For privacy-related questions, requests, or complaints: Email: contact@innteracto.com Phone: +212 609971450 Address: Kénitra, Morocco We aim to respond to all privacy enquiries within 5 business days. If you are not satisfied with our response, you have the right to lodge a complaint with the relevant data protection authority in Morocco (CNDP — Commission Nationale de contrôle de la protection des Données à caractère Personnel).