Privacy Policy

1. Introduction

OpenKey ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered tools and services for Airbnb hosts. This policy complies with applicable data protection laws including GDPR, CCPA, and other relevant regulations.

By using OpenKey's services, you consent to the data practices described in this policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

2.1 Personal Information

• Email Address: Required for account creation and service delivery
• Name: Optional, used for personalization
• Account Credentials: Passwords (encrypted) for authentication
• Payment Information: Not collected - our services are currently free

2.2 Usage Data

• IP address and device information
• Browser type and version
• Pages visited and time spent on pages
• Tool usage frequency and preferences
• Error logs and performance data

2.3 Content Data

• Listing descriptions and photos you upload
• AI-generated content (optimized listings, enhanced photos)
• Your preferences and settings

3. How We Use Your Information

• Service Delivery: To provide AI-powered tools for listing optimization, photo enhancement, and attraction finding
• Account Management: To create and maintain your user account
• Communication: To send you service updates, newsletters, and marketing communications (with your consent)
• Improvement: To analyze usage patterns and improve our services
• Support: To provide customer support and respond to inquiries
• Compliance: To comply with legal obligations and enforce our terms

4. Data Sharing and Disclosure

4.1 Third-Party Service Providers

We may share your information with trusted third-party service providers who assist us in operating our services:

• Cloud Hosting: Supabase (data storage and authentication)
• AI Services: Google Gemini, OpenRouter (content generation)
• Analytics: Google Analytics (usage tracking)

4.2 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as a business asset.

4.3 Legal Requirements

We may disclose your information if required by law, court order, or government request.

4.4 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

5. Data Security

We implement industry-standard security measures to protect your information:

• Encryption in transit (TLS/SSL) and at rest (AES-256)
• Secure authentication using OAuth and JWT tokens
• Regular security audits and vulnerability assessments
• Access controls limiting employee access to data
• Secure data backups with encryption

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security but will notify you of any data breaches within 72 hours as required by law.

6. Your Rights and Choices

6.1 Data Access and Portability

You have the right to request a copy of your personal data and receive it in a machine-readable format.

6.2 Data Correction

You may update or correct your personal information at any time through your account settings.

6.3 Data Deletion

You may request deletion of your account and associated data. Some data may be retained for legal compliance.

6.4 Marketing Consent

You may opt-out of marketing communications at any time by clicking "unsubscribe" in emails or contacting us directly.

6.5 Do Not Track

We do not currently respond to "Do Not Track" signals from browsers.

7. Cookies and Tracking

We use cookies and similar technologies to:

• Maintain user sessions
• Remember preferences and settings
• Analyze website performance and usage
• Improve user experience

You can control cookies through your browser settings. Disabling cookies may limit some features of our services.

8. Children's Privacy

Our services are not directed to individuals under the age of 13 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will delete it immediately.

9. International Data Transfers

OpenKey is based in the United States. Your information may be transferred to and processed in countries outside your jurisdiction. We ensure appropriate safeguards are in place to protect your data during international transfers, including Standard Contractual Clauses (SCCs) where required.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or through our services. The updated policy will be posted on this page with the effective date. Your continued use of our services after changes constitutes acceptance of the updated policy.

11. Contact Information

For questions, concerns, or to exercise your rights regarding this Privacy Policy, please contact us:

We will respond to your inquiry within 30 days. For urgent privacy concerns, please contact our DPO directly.

12. Cookie List

Below is a list of cookies we use and their purposes:

12. Cookie List

Below is a list of cookies we use and their purposes: