Privacy Policy

HotelRMS runs a public demo of our Hotel Revenue Management System. We collect a small amount of information from visitors — primarily what you submit on our “Request demo credentials” form, plus standard web analytics about which pages of the demo you visit. We use it for one purpose: to decide whether to grant you demo access and to understand broadly which features prospective customers care about.

We don't sell your information to anyone. We don't embed third-party advertising tracking. We use a small number of well-known service providers (listed below) to run the site. You can request the deletion of your information at any time by emailing hello@hotelrms.com.

When you submit the “Request demo credentials” form

• Your name and company name (as you typed them)
• Your work email address
• Which US markets you indicated interest in (one or more of our 16 demo markets, or 'Other')
• The free-text message you wrote
• The IP address you submitted from, and the country/region/city we resolve from that IP
• Your browser's user-agent string
• The timestamp of submission

When you visit any page of the demo site (logged in or not)

• The URL path of each page you view
• How long each page was visible to you
• A session identifier randomly generated in your browser tab (reset when you close the tab — not a cookie, not shared across sessions)
• Your IP address and the country/region/city derived from it
• Your browser's user-agent string
• The referring URL, if any

When we grant you demo access

• A user account in our demo database, linked to your email, with a unique randomly generated password
• A scheduled expiration timestamp (typically 14 days after grant)
• A record of which operator at HotelRMS approved your request, and any internal notes that operator wrote
• An audit trail of which pages you viewed and which actions you performed inside the demo

• To decide whether to grant you demo access. We manually review every request to keep competitors out of our live demo environment. Real names + real email addresses + real company names tell us you are who you say you are.
• To send you your demo credentials. Once approved, your email address receives a one-time message containing your login and password.
• To understand which features and markets prospective customers care about most, so we know where to invest engineering effort.
• To detect and block automated abuse (form-spam bots, credential-stuffing attempts, scrapers).
• To respond to your questions and follow up about the demo experience.

• Demo-request submissions: retained for 24 months from submission, then deleted. Submissions marked as 'spam' are deleted after 30 days.
• Site analytics events: retained for 12 months, then aggregated to monthly counts (no individual session-level data preserved beyond that).
• Granted demo user accounts: deactivated automatically at the 14-day expiry. Account record and audit log retained for 6 months after expiry, then deleted.
• Operator decision notes: retained for 24 months (matched to the demo-request retention).
• Email-delivery logs (Resend): retained per Resend's own policy, typically 30 days.

We use a small number of vendors to operate the site. Each of them sees only a narrow slice of your information, governed by their own privacy policies:

We do not embed Google Analytics, Facebook Pixel, or any third-party advertising tracker. We do not sell, rent, or share your personal information with anyone for marketing purposes.

Regardless of where you live, you have the following rights with respect to the personal information we hold about you:

• Right to access — request a copy of everything we have about you.
• Right to correction — ask us to fix anything that's wrong.
• Right to deletion — ask us to delete your information. We will delete it within 30 days, except where retention is required for a legitimate security or legal reason (fraud detection, audit logs).
• Right to opt out — tell us you don't want to be in our records at all. We will mark you as opted-out and delete what we can.
• Right to data portability — receive a machine-readable copy of your information.
• Right to non-discrimination — exercising any right above will not change the demo experience or any future interaction with us.

To exercise any of these rights, email hello@hotelrms.com from the address you used to submit your demo request. We verify identity through email reply.

We do not use HTTP cookies for tracking. We do use a single sessionStorage key (named hotelrms_analytics_sid) that holds a random session identifier so we can count distinct sessions in our internal analytics. It is automatically cleared by your browser when you close the tab. It cannot be used to track you across sessions or across other websites.

If you sign in to the demo, we also use localStorage to hold your authentication token until you sign out. This is required for the demo to function; it is not used for analytics or marketing.

All traffic is encrypted in transit via TLS. Demo credentials are stored hashed (bcrypt) on our servers — we cannot recover your password if you lose it; you would request a new one. We use AES-GCM authenticated encryption for stored personal information (contact email, contact phone) on internal records. Access to operator tooling requires multi-factor authentication.

No system is perfectly secure. If you believe your demo credentials may have been compromised, email hello@hotelrms.com and we will revoke the account immediately.

The demo is not intended for or directed at anyone under 18. We do not knowingly collect information from minors. If you believe a minor has submitted a demo request, email us and we will delete the record.

Our infrastructure is hosted in the United States (AWS Lightsail, US-East-1 region). If you submit a demo request from outside the United States, your information will be transferred to and stored in the United States, where data-protection laws may differ from those in your country. By submitting the demo request form, you consent to that transfer.

We may update this policy from time to time. When we do, we will change the effective date at the top of this page. For material changes, we will email everyone who has an active or recently active demo account.

Questions about this policy, or about how we handle your information, can be sent to hello@hotelrms.com. We respond within 5 business days.