How does HolaAI learn about my property?

Paste your house rules, WiFi password, check-in instructions, and local tips. The AI ingests everything and uses it for property-specific answers. Update anytime.

Can guests tell they're talking to AI?

HolaAI matches your tone and style. Most guests just appreciate instant, helpful responses. You can disable the AI signature if you prefer.

What happens when AI can't answer?

Smart escalation routes complex questions to you via email or SMS with full conversation context. You stay in control.

Which platforms does it work with?

Airbnb, Vrbo, Booking.com, and Hospitable. More integrations are added monthly.

Is the free trial actually free?

Yes. 30 days, no credit card upfront. Test with real bookings, then decide. Cancel anytime.

What languages are supported?

25+ languages. AI auto-detects the guest's language and responds natively.

Do I need to change my PMS?

No. HolaAI works alongside your existing setup. We just handle messaging.

Can I set guardrails on AI responses?

Yes. Control tone, set approval rules for sensitive topics, and review AI drafts before sending.

Legal

Privacy Policy

Last updated: April 11, 2026

This Privacy Policy explains how HolaAI ("we," "us," or "our"), operated from Spain within the European Union, collects, uses, stores, and protects your personal data when you use our website (holaai.es), application, and related services (collectively, the "Service"). We are committed to complying with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), Spain's Organic Law 3/2018 on Data Protection and Digital Rights ("LOPDGDD"), and all applicable data protection legislation.

1. Data controller

The data controller responsible for your personal data is HolaAI, with registered contact at hello@holaai.es. For any privacy-related inquiries or to exercise your rights, you may contact us at that address.

2. Data we collect

We collect the following categories of personal data:

Account data: name, email address, password (hashed), company or property management details you provide during registration.
Property data: property names, addresses, descriptions, house rules, amenities, and other listing information you upload to configure AI responses.
Guest interaction data: messages exchanged between you (or your AI assistant) and your guests through the Service, including chat transcripts and voice interaction logs.
Booking data: guest names, check-in/check-out dates, booking platform references, and reservation details you import or that we receive via integrated platforms.
Payment data: billing name, address, and payment method details processed by Stripe. We do not store full credit card numbers on our servers.
Usage data: IP address, browser type, device information, pages visited, feature usage patterns, and session duration collected automatically.
Communications: messages you send to our support team or submit through contact forms.

3. Legal basis for processing

Under the GDPR, we process your personal data on the following legal bases:

Contract performance (Art. 6(1)(b)): Processing necessary to provide the Service you have subscribed to, including managing your account, generating AI responses, and processing payments.
Legitimate interest (Art. 6(1)(f)): Analyzing usage data to improve the Service, prevent fraud, and ensure security. We have conducted balancing tests to ensure our interests do not override your fundamental rights.
Consent (Art. 6(1)(a)): Where required, such as for marketing communications or optional analytics cookies. You may withdraw consent at any time.
Legal obligation (Art. 6(1)(c)): Retaining billing records and tax documentation as required by Spanish and EU law.

4. How we use your data

We use personal data to:

Provide, operate, and maintain the Service, including AI-powered guest messaging and voice interactions.
Process subscriptions and payments through Stripe.
Personalize AI responses based on your property information, house rules, and preferences.
Send transactional emails (account confirmations, billing receipts, service alerts).
Send marketing communications if you have opted in, which you may unsubscribe from at any time.
Analyze usage patterns to improve features, fix bugs, and develop new functionality.
Detect, prevent, and address fraud, abuse, and security incidents.
Comply with legal obligations, resolve disputes, and enforce our Terms of Service.

5. AI data processing

HolaAI uses artificial intelligence services (currently Google Gemini) to generate text and voice responses on behalf of hosts. When the AI processes a guest message, the relevant property information, house rules, and conversation context are sent to the AI provider to generate a response. We do not use your data to train third-party AI models. AI-generated responses are produced in real time and are not guaranteed to be accurate — hosts remain responsible for the information communicated to guests. Guest interaction data may be stored temporarily to provide conversation continuity and improve response quality within your account.

6. Data sharing and third-party services

We share personal data only with trusted service providers who process data on our behalf under appropriate data processing agreements:

Convex — backend infrastructure and database hosting.
Vercel — website and application hosting.
Google (Gemini API) — AI text and voice generation.
Stripe — payment processing (PCI DSS Level 1 compliant).
Plausible Analytics — privacy-friendly, cookieless website analytics (no personal data transferred).
Vercel Analytics — performance and traffic monitoring.

We do not sell, rent, or trade your personal data to third parties for their own marketing purposes. We may disclose data if required by law, court order, or to protect our legal rights.

7. Cookies and tracking technologies

HolaAI uses essential cookies required for site functionality (authentication, language preferences, session management). We use Plausible Analytics, which is cookieless and does not track individuals. Vercel Analytics may set performance cookies. You may manage cookie preferences through your browser settings. Disabling essential cookies may prevent parts of the Service from functioning correctly. We do not use advertising cookies or cross-site tracking pixels.

8. Data retention

We retain personal data only for as long as necessary for the purposes described in this policy:

Account data: retained while your account is active and for 30 days after deletion to allow recovery.
Guest interaction data: retained for the duration of your subscription. You may delete individual conversations at any time.
Billing records: retained for 5 years after the last transaction, as required by Spanish tax law (Ley General Tributaria).
Usage and analytics data: retained in aggregated, non-identifiable form indefinitely for product improvement.

Upon account deletion, we will erase or anonymize your personal data within 30 days, except where retention is required by law.

9. International data transfers

Some of our service providers are based outside the European Economic Area (EEA). Where personal data is transferred outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, adequacy decisions, or the provider's participation in recognized data protection frameworks. Google and Stripe maintain EU data processing addenda and certifications under applicable frameworks.

10. Your rights under GDPR

As a data subject in the EU, you have the following rights:

Right of access (Art. 15): Request a copy of the personal data we hold about you.
Right to rectification (Art. 16): Request correction of inaccurate or incomplete data.
Right to erasure (Art. 17): Request deletion of your personal data ("right to be forgotten").
Right to restriction (Art. 18): Request that we limit processing of your data in certain circumstances.
Right to data portability (Art. 20): Receive your data in a structured, machine-readable format.
Right to object (Art. 21): Object to processing based on legitimate interests or for direct marketing.
Right to withdraw consent: Where processing is based on consent, withdraw it at any time without affecting prior processing.
Right to lodge a complaint: File a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos, AEPD) at www.aepd.es.

To exercise any of these rights, contact us at hello@holaai.es. We will respond within 30 days as required by the GDPR.

11. Children's privacy

HolaAI is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we learn that we have collected data from a child under 16, we will delete it promptly. If you believe a child has provided us with personal data, please contact us at hello@holaai.es.

12. Data security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include encryption of data in transit (TLS/HTTPS), secure authentication, access controls, and regular security reviews. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

13. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date. For significant changes, we may also notify you by email. Continued use of the Service after changes take effect constitutes acceptance of the revised policy.

14. Contact us

For privacy questions, data requests, or to exercise your GDPR rights, contact us at:

Email: hello@holaai.es
Website: holaai.es
Supervisory authority: Agencia Española de Protección de Datos (AEPD), www.aepd.es