Privacy Policy

1. Data controller

The data controller for personal data processed through the StayHelp service is Touch Informatica (contact: info@touchinformatica.it). This policy explains how we collect, use and protect personal data of account holders and, where applicable, of guests who interact with our customers' bots.

2. What we collect

Account data: name, email address, password hash, language, timezone, Stripe customer ID, Telegram user ID once you claim your bot.
Bot configuration: encrypted Telegram bot token, knowledge base entries, rooms list, welcome message.
Guest interactions: chat messages exchanged between guests and the bot, detected guest language, timestamps. These are stored on behalf of our customer (the property owner).
Technical data: IP address of web requests, browser user agent, session cookies, minimal server logs for troubleshooting.

3. Why we collect it (legal basis)

We process account and bot data to provide the service (performance of contract, GDPR Art. 6(1)(b)). We process guest messages on our customers' behalf as a processor. We process minimal technical logs for security and troubleshooting (legitimate interest, GDPR Art. 6(1)(f)). We send transactional emails (signup confirmation, billing notices) under the same contractual basis. We do not use your data for advertising or sell it to third parties.

4. How long we keep it

Account and billing data are kept for the duration of your subscription and for up to 7 years after termination where required by tax and accounting laws. Guest conversation data is retained for 90 days by default and then deleted (customers can shorten this in Settings). Server logs are kept for 30 days.

5. Third-party processors

To operate the service we rely on the following sub-processors: Telegram (messaging infrastructure), Stripe (payments, PCI-DSS certified), DeepSeek (AI model for classification and answer generation), SMTP2GO (transactional email delivery), and a European cloud infrastructure provider for hosting and database. Processing agreements are in place with each provider. An up-to-date list is available on request.

6. Cookies

We use only strictly necessary cookies: a session cookie to keep you logged in, a CSRF token for form security, and a language preference cookie. We do not use advertising, tracking or analytics cookies. See the cookie notice shown the first time you visit the site.

7. Your rights

Under the GDPR you have the right to: access your personal data; correct inaccurate data; request deletion ("right to be forgotten"); restrict or object to processing; receive your data in a portable format; lodge a complaint with your data protection authority (in Italy: Garante per la protezione dei dati personali, www.garanteprivacy.it). To exercise these rights, email us at info@touchinformatica.it.

8. International transfers

Our primary infrastructure is hosted in the European Union. Some sub-processors (notably Telegram, Stripe, DeepSeek) may process data outside the EU. Where they do, we rely on standard contractual clauses or adequacy decisions approved by the European Commission.

9. Security

We encrypt Telegram bot tokens at rest using AES-256. Passwords are hashed with BCrypt. All connections to our web and API endpoints use TLS. Access to production data is limited to authorized personnel.

10. Children

The service is intended for business users (B&B and hotel operators). It is not directed at children under 16. If you believe a child has provided us with personal data, contact us and we will delete it.

11. Changes to this policy

We may update this policy from time to time. Material changes will be announced by email to the account owner at least 30 days in advance.

12. Contact

For any privacy question or to exercise your rights, email us at info@touchinformatica.it.