Legal

Privacy Policy

Last updated: 19 April 2026

HotelCompass ("we", "us", "our"), operator of the HotelCompass platform, respects your privacy. This Privacy Policy explains how we collect, use, store and protect your personal data in accordance with the Kenya Data Protection Act 2019 and, where applicable, the EU General Data Protection Regulation (GDPR).

Data we collect

  • Account details: name, email, company, country, role, phone
  • Project data you submit: financial models, BOQ entries, operator queries, project briefs
  • Usage data: pages visited, features used, timestamps, approximate location (from IP)
  • Communication history: emails, support requests, meeting notes where recorded with consent
  • Payment metadata from processors (M-Pesa, PayPal, bank transfer); we do not store full card data

How we use your data

  • To deliver the services you have subscribed to
  • To improve the platform, benchmark data and AI outputs
  • To notify you of service updates, new features, and (where you opt in) industry insights
  • To comply with legal, tax and regulatory obligations
  • To detect fraud, abuse or misuse of the platform

AI processing

When you use AI-powered features (feasibility analysis, BOQ audit, proposal generation, etc.), the project text you submit is sent to Anthropic's Claude API for processing under Anthropic's data handling commitments. We do not train third-party AI models on your data, and Anthropic does not retain API content for training.

Sharing

We do not sell your personal data. We share it only with: (i) service providers bound by confidentiality obligations (hosting, payments, email delivery, AI processing); (ii) professional advisors on a need-to-know basis; (iii) regulators or courts when legally required. Stakeholder matching on the platform is anonymous until both parties explicitly consent to reveal identities.

Your rights

You have the right to access, correct, export or delete your personal data, to object to processing, and to withdraw consent. To exercise these rights, email privacy@hotelcompass.app. We respond within 30 days.

Security

We encrypt data in transit (HTTPS) and store passwords using bcrypt hashing. Access to production systems is restricted and logged. We will notify affected users and the Data Protection Commissioner within 72 hours of any material data breach.

Retention

Active account data is retained for as long as your account is active. After termination, data is retained for 30 days to allow export, then deleted from active systems. Backups are retained for a further 90 days in encrypted form. Tax and financial records are retained as required by Kenyan law (typically 7 years).

Contact

Data Protection Officer: privacy@hotelcompass.app
HotelCompass · Vipingo, Kilifi County, Kenya