Privacy Policy

Last Updated: February 15, 2025

1. Introduction
2. Our Role as a Data Processor
3. Information We Collect
4. How We Use Your Information
5. Data Security
6. Data Retention and Deletion
7. Third-Party Services
8. Your Rights Under CCPA/CPRA
9. Changes to This Policy
10. Contact Us

1. Introduction

Welcome to BORA Bros ("we," "us," or "our"). We provide a B2B Voice AI "Intelligent Front Desk" solution for the hospitality industry. This Privacy Policy explains how we collect, use, disclose, and safeguard information when our clients (hotels, motels, and other lodging providers, hereafter "Customers") use our services. This policy is primarily directed at our Customers and explains our role in handling data related to their guests.

2. Our Role as a Data Processor

Under privacy laws like the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), our Customer (the hotel or motel) is the "Data Controller" for their guest data. BORA Bros acts as a "Service Provider" or "Data Processor" on behalf of our Customers. This means we process guest data based on the instructions of our Customers and for the purpose of providing our services to them.

3. Information We Collect

In the course of providing our services, we process the following categories of information related to our Customer's guests:

Voice Recordings and Transcripts: We record and transcribe phone calls made to our Customers' dedicated phone lines to facilitate bookings and answer inquiries.
Guest Contact Information: This includes names, phone numbers, and email addresses provided during the call to complete a reservation or send information.
Booking Information: Details related to the reservation, such as check-in/check-out dates, room preferences, and number of guests.
Payment Metadata: For transactions, we process payment information via a secure, PCI-DSS compliant third-party link. We do not directly store full credit card numbers on our servers. We may store metadata such as transaction IDs, payment status, and the last four digits of a card for verification and fraud prevention purposes.

4. How We Use Your Information

We use the collected information for the following business purposes:

To Provide Services: To facilitate hotel bookings, manage reservations, and communicate with guests on behalf of our Customers.
To Improve Our AI: We may use anonymized and aggregated voice data and transcripts to train and improve the accuracy, responsiveness, and capabilities of our AI models. All personally identifiable information is removed before this process.
Fraud Prevention: To monitor and prevent fraudulent transactions and activities.
Customer Support: To provide support to our Customers and troubleshoot any issues with our service.

5. Data Security

We are committed to protecting the data we process. We implement industry-standard security measures, including:

Encryption at Rest: All sensitive data, including voice recordings and personal information, is protected using strong encryption algorithms such as AES-256.
Encryption in Transit: Data transmitted between our systems, our Customers, and third-party services is encrypted using Transport Layer Security (TLS).
PCI-DSS Compliance: Guest payment processing is handled via a secure, third-party payment gateway that is fully PCI-DSS compliant. We ensure our integration follows all necessary security protocols.
Access Controls: We enforce strict access controls to ensure that only authorized personnel have access to sensitive data on a need-to-know basis.

6. Data Retention and Deletion

We retain guest data, including voice recordings, for as long as necessary to provide our services to the Customer or as required by our contractual agreements. Guests have the right to request the deletion of their personal information, including their voice recordings. Such requests should be directed to the Hotel/Motel (the Data Controller), who will then instruct BORA Bros to perform the deletion.

7. Third-Party Services

We may utilize third-party services for payment processing and communication (SMS/Email). These services have their own privacy policies, and we ensure they meet stringent security and privacy standards before integration.

8. Your Rights Under CCPA/CPRA

As a resident of California, guests of our Customers have specific rights regarding their personal information. These rights include the right to know, the right to delete, and the right to opt-out of the sale or sharing of personal information. All such requests should be made directly to the hotel or motel where the booking was made or attempted. We will assist our Customers in responding to these requests in a timely manner.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify our Customers of any material changes. The "Last Updated" date at the top of this policy indicates when it was last revised.

10. Contact Us

If you are a Customer with questions about this Privacy Policy or our data practices, please contact us at customercare@borabros.com. If you are a guest, please direct your privacy-related inquiries to the hotel or motel with whom you have a relationship.