Free Demo

Privacy Policy
SuiteOp Inc

Last Updated: January 21, 2026

SuiteOp Inc. ("Company", "we" or "us") is committed to protecting your privacy and safeguarding your personal information. This Privacy Policy informs you about our practices regarding the collection, use, and disclosure of personal information.

1. Meaning of Personal Information

"Personal information" means information about an identifiable individual (e.g., name, address, email, phone number). It does not include anonymized data where there is no serious possibility it can be used to identify an individual.

2. Your Consent

We collect, use, and disclose your personal information with your consent or as required by law. By providing information to us, you consent to the practices outlined here. You may withdraw consent at any time by contacting us, though this may limit our ability to provide certain services.

3. Personal Information We Collect

  • From Clients (Property Managers): Name, email, phone, business address, billing details, and credentials for linked third-party apps.
  • About Guests:
    • Name, email, phone number, and length of stay.
    • Identity Verification (via SuiteVerify): Government-issued ID or passport copies, and selfie photographs. We use AI-assisted facial matching technology (powered by Google Gemini AI) to verify that the selfie matches the ID photo. This biometric processing is performed only when configured by the Property Manager and consented to by the Guest.
    • Property Monitoring (via SuiteMonitor): Entry/exit times, air quality, decibel levels (noise), CO2, humidity, and temperature. We do not collect audio or video recordings.
  • Automatically via Website: IP address, device info, browser type, and usage patterns via cookies.

4. How We Use Your Information

We use your data to:

  • Provide and support our products (GDPR Basis: Performance of Contract).
  • Monitor and improve our services (GDPR Basis: Legitimate Interest).
  • Respond to inquiries and conduct research.
  • Provide interest-based advertising (with consent).

5. How We Share Your Information

  • With Clients: Guest contact info, verification results, entry/exit logs, and environment sensor data are shared with the property manager/owner who configured the automation.
  • With Service Providers: We use third parties who are contractually bound to maintain confidentiality and comply with GDPR:
    • Hosting: Bubble.io (SOC 2 Type II certified), AWS, Cloudflare
    • AI & Identity Verification: Google Gemini AI (facial matching), Authenticate.com, Chekin.io, Persona (optional ID verification services)
    • Payments: Stripe (PCI-DSS compliant), GuestyPay, Juspay/Hyperswitch
    • Communication: Sendgrid (email), Twilio (SMS)
    • PMS Integrations: Various Property Management Systems (see suiteop.com/integrations), Calry (middleware)
    • Internal Tools: Google Workspace, 1Password, Apple Business Manager
  • Legal Requirements: We may disclose data to comply with legal processes or protect our rights/safety.

6. Retention & Security

  • Retention: We delete personal information when it is no longer necessary for processing or when required by law. Specific retention periods:
    • Guest verification data: Duration of stay + 30 days
    • Sensor/monitoring data: Duration of stay + 90 days
    • Transaction records: 7 years (tax/financial compliance)
    • System logs: 90 days minimum
  • Security: We implement robust security measures including:
    • Encryption: AES-256 for data at rest, TLS 1.2/1.3 for data in transit
    • Access Control: Multi-Factor Authentication (MFA), role-based permissions, least-privilege access
    • Infrastructure: SOC 2 Type II certified hosting (Bubble.io), AWS secure cloud infrastructure
    • Monitoring: Continuous vulnerability scanning, annual penetration testing
    • However, no system is 100% secure.

7. Your Rights (GDPR)

Under the GDPR, you may have the right to:

  • Access, update, or erase your personal information.
  • Object to or restrict processing.
  • Data portability.
  • Withdraw consent at any time.

8. International Transfers

Your data may be stored and processed in the United States. We comply with GDPR requirements for international transfers, including the use of Standard Contractual Clauses.

9. Children's Privacy

Our services are not intended for individuals under the age of 19. We do not knowingly collect data from children.

10. Contact Us

For any questions or to exercise your privacy rights, please contact our Privacy Officer: