Privacy Policy

1. Introduction

UpStar ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard information when you use our platform.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your name, email address, and password (stored as a secure hash). If you purchase a subscription, payment is processed by Stripe — we do not store your credit card details.

2.2 Hotel & Property Information

You provide hotel details during onboarding, including property name and URLs on OTA platforms (Booking.com, Google, Expedia, TripAdvisor).

2.3 Publicly Available Review Data

By using UpStar, you consent to the collection and processing of publicly available guest reviews from OTA platforms for the hotel properties you register. This includes:

• Guest display names (as publicly shown on the OTA platform)
• Review text, ratings, and dates
• Guest location and traveler type (when publicly displayed)
• Existing management responses (when publicly displayed)

Important: This data is already publicly visible to anyone visiting the OTA platform. We collect it exclusively for the properties you own or manage — on a strict per-hotel basis — and only to provide our analytics and AI response services to you.

3. How We Use Your Data

• Analytics & insights: We analyze review data to identify trends, sentiment patterns, strengths, and areas for improvement for your properties.
• AI response generation: We use review content to generate tailored response suggestions using AI, helping you respond to guests more efficiently.
• Quality scoring: We evaluate existing responses against quality criteria to help you improve your guest communication.
• Platform operation: We use your account information to authenticate you, manage subscriptions, and provide customer support.

4. Data Collection Methods

We use automated data collection tools to gather publicly available reviews from OTA platforms. These tools access only publicly visible information — the same data any internet user can see when visiting the review pages. Data collection is performed on a per-hotel basis, strictly limited to properties you have registered and are authorized to manage.

5. Data Storage & Security

• All data is stored in encrypted databases with access controls.
• Passwords are hashed using bcrypt before storage.
• Platform credentials (if provided for direct posting features) are encrypted using AES-256-GCM and never exposed to the browser.
• We use HTTPS for all data transmission.

6. Data Sharing

We do not sell, rent, or share your data with third parties, except:

• Service providers: We use Stripe for payment processing and OpenAI/Anthropic for AI processing. These providers process data as needed to deliver their services and are bound by their own privacy policies.
• Legal requirements: We may disclose data if required by law, regulation, or legal process.

7. Data Retention

We retain your data for as long as your account is active. Upon account deletion, we will remove your personal data and hotel data within 30 days. Anonymized, aggregated data may be retained for service improvement.

8. Your Rights

You have the right to:

• Access your personal data
• Request correction of inaccurate data
• Request deletion of your account and associated data
• Export your data in a standard format
• Withdraw consent to data collection (by closing your account)

9. Cookies

We use essential cookies for authentication and session management. We do not use tracking or advertising cookies.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. Continued use after changes constitutes acceptance.

11. Contact

For privacy-related questions or to exercise your rights, contact us at omri@upstar5.com.