GuestNet
Privacy Policy
Last updated: April 27, 2026
This Privacy Policy describes how GuestNet, operated by Virtucom / Marz Innovations LLC ("we", "us", "our"), collects, uses, and protects information when you use our hospitality guest feedback platform.
1. Information We Collect
From hotel operators (account holders)
- Identity credentials (Glitch ID, license credentials)
- Property details (name, address, review platform URLs)
- Email addresses and phone numbers used for alerts
- Knowledge base content you provide (manager name, amenities, complaint playbooks)
- Login session metadata (IP address, browser, login timestamps)
From guests (people scanning your QR codes)
- Numeric feedback score (1–5)
- Optional room number
- Optional written comments
- IP address (used for rate limiting and abuse prevention only)
- Timestamp of submission
Guests are not required to provide any identifying information. We do not ask for guest names, email, or phone numbers in the standard feedback flow.
From integrated platforms
When you connect Google Business, TripAdvisor, Yelp, or Booking.com, we store your authorization tokens and pull review content, ratings, and reviewer-displayed names from those platforms on your behalf. This data is governed by each platform's terms.
2. How We Use Information
- To operate the feedback collection, routing, and response-drafting features
- To send operational alerts (email and SMS) to property managers about negative feedback
- To generate AI-drafted response suggestions using third-party AI models
- To prevent abuse through rate limiting and security monitoring
- To provide customer support and improve the service
- To send service-related communications (billing, security, product updates)
3. SMS Communications
GuestNet operates an SMS alert program for hotel operators. A property manager opts in by entering their own mobile number in the GuestNet admin dashboard settings; entering the number constitutes consent to receive operational text alerts. When a guest submits qualifying (negative) feedback, we send a text alert to that number. Then:
- Message frequency varies — alerts are event-driven and are sent only when a guest submits qualifying feedback (there is no fixed schedule or recurring send).
- Message and data rates may apply, depending on your mobile carrier and plan.
- We share the number with our SMS provider (Twilio) solely to deliver these operational alerts.
- Mobile opt-in data and phone numbers are not shared with third parties, and are never shared or sold for marketing purposes.
- We do not send marketing or promotional content via SMS — operational alerts only.
- You can opt out at any time by replying STOP to any message (or by removing the number in the dashboard). Reply HELP for help.
Important: Phone numbers and SMS opt-in data collected as part of the GuestNet service are not shared with third parties for marketing or promotional purposes under any circumstance.
4. AI Processing
To generate response drafts and analyze sentiment, guest feedback content (the score and any written comment) is sent to our AI provider (Anthropic) for processing. The AI provider's data handling is governed by their own data processing terms. We do not train AI models on your data, and our provider does not train its general-purpose models on data sent through their API.
5. Sharing of Information
We do not sell personal information. We share information only in these specific circumstances:
- Service providers who help us operate the service (hosting, email delivery, SMS delivery, AI processing) — bound by data protection agreements.
- Review platforms when you direct positive feedback to a public review platform (Google, TripAdvisor, etc.) — the guest is the one who chooses to submit a public review on that platform.
- Legal requirements when required by valid legal process.
- Business transfers if our company is acquired or merged, subject to the new owner being bound by this Privacy Policy or providing notice.
6. Data Retention
- Guest feedback is retained for the life of the property's subscription and for a reasonable period after termination for backup and recovery purposes.
- Account credentials and session logs are retained while the account is active and for up to 12 months after termination.
- SMS opt-out records are retained indefinitely to honor your opt-out across future engagements.
7. Security
We protect your data with the following measures:
- TLS encryption (HTTPS) for all data in transit
- Bcrypt hashing for any stored passwords
- AES-256-GCM encryption at rest for sensitive credentials (platform tokens, integration keys)
- Rate limiting and abuse prevention on all public endpoints
- Restricted server access via mesh-only networking and SSH key authentication
No system is perfectly secure. If we become aware of a breach affecting your data, we will notify you in accordance with applicable law.
8. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data
- Withdraw consent for SMS or email communications
- Export your data in a portable format
To exercise any of these rights, contact us at the address below.
9. Children's Privacy
The service is not intended for use by children under 13. We do not knowingly collect data from children under 13. If you believe a child has provided us with information, please contact us and we will delete it.
10. International Users
The service is operated from the United States. By using the service from outside the US, you consent to the transfer and processing of your data in the US.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated by email to account holders or through an in-product notice. The "Last updated" date at the top reflects the most recent revision.
12. Contact
Questions or requests related to this Privacy Policy can be directed to the address below.