Privacy policy.
Hedonic Intelligence reads the public review record of hotels for hospitality investors, owners, asset managers, advisors, and operators. This policy describes how we handle personal data when you engage with us through this website, the contact form, the booking link, or a paid engagement.
01 Data we collect
Only information you give us directly:
- Contact data: name, work email, firm or hotel group, your seat, and the question you submit through the contact form.
- Booking data: if you book an intro call, the scheduling service collects your name, email, and scheduling details.
- Communications: messages you send us, and our replies.
- Technical data: IP address and browser type, collected automatically by our hosting provider for standard security and operational logging.
02 How we use it
- To respond to your enquiry and scope a potential engagement.
- To prepare, deliver, and refresh contracted analyses and reports.
- To understand visit patterns through aggregate analytics (only if you opt in via the cookie banner).
- To send communications strictly related to a current or prospective engagement. We do not run marketing campaigns.
03 Sharing
We do not sell, rent, or share your personal data for marketing. We share information only with the processors below.
| Processor | What is shared | Transfer mechanism |
|---|---|---|
| Formspree | Name, email, firm, role, message (contact form submissions) | SCC 2021/914 |
| Cal.com | Name, email, scheduling details (intro call bookings) | SCC 2021/914 / EU storage |
| Vercel, Inc. | IP address and request metadata (hosting and security logging). SOC 2 Type II. | SCC 2021/914 |
| Google Analytics (G-CC7MH7KJV8) |
Aggregate visit patterns. Loaded only after you accept the cookie banner. No data collected if you decline. | SCC 2021/914 |
| Google Fonts | IP address and browser type on each page load (technical font delivery, not analytics). | SCC 2021/914 |
| OpenRouter, Inc. | Review text, processed for structured extraction (identifying loyalty signals, price-value verdicts, and friction events in the text). Routed to a third-party model host; no data retained for model training per OpenRouter's data-processing terms. | SCC 2021/914 |
| Anthropic, PBC | Selected review excerpts for the synthesis layer of paid engagements. ~30-day operational log retention; no model training on our data. | SCC 2021/914 |
| Legal authorities | When required by law or court order. | N/A |
A full sub-processor list is available for institutional procurement on request.
04 Security
We apply reasonable technical and organisational measures to protect personal data against unauthorised access, loss, or alteration. Internal access is limited to authorised personnel and is logged.
05 Your rights (GDPR)
To exercise any of these rights, get in touch via the contact form on the homepage. We respond within 30 days.
06 Retention
We keep your data only as long as needed to fulfil the purpose for which it was collected, or as required by law. Contact-form submissions that do not lead to an engagement are deleted within 12 months. Review text processed via the sub-processors named in section 3 is held only in operational logs as described there, and is not used for model training.
07 Cookies and analytics
We load Google Analytics (G-CC7MH7KJV8) but gate it behind your explicit consent. We do not use tracking pixels, advertising cookies, or session-replay tools. To withdraw consent, clear your cookies or adjust your browser settings; the next page load re-prompts the banner.
08 Review-data processing in our engagements
As part of our paid engagements, we process publicly published guest reviews from Booking.com, Google, Expedia, and TripAdvisor. We never collect private data from a hotel's property-management system, reservation system, CRM, or guest database.
Reports contain only aggregate metrics. No row-level guest identifiers, no individual guest profiling.
09 EU data storage and cross-border transfers
Our primary database is hosted within the European Union. Where personal data is transferred outside the EEA, those transfers are governed by the European Commission's Standard Contractual Clauses (Decision 2021/914) or equivalent adequacy mechanism. Transfer mechanisms for each processor are shown in section 3 and available in full on request.
10 Contact
To exercise your rights or ask about this policy:
Use the contact form on the homepage, or book a call via the link in the navigation. We respond within 30 days.
11 Changes to this policy
We may update this policy from time to time. The "Last updated" date at the top reflects the most recent change. Material changes will be noted in that date.