Privacy Policy

Your privacy matters to us. This Privacy Policy explains how ToursAiHub (“we”, “us”, “our”) collects, uses, and protects personal data in connection with our AI consultancy, automation templates, review aggregation, sentiment analysis, and related digital services.

1. Scope

This policy applies to personal data processed through:

• our website(s), portal(s), and dashboard(s)
• automation templates and integrations
• review analysis and data consolidation tools
• consultancy and implementation services
• all related AI, automation, and data-processing activities

2. Data controller and contact

Depending on the service, we may act as a Data Controller or a Data Processor (see section 4).

• Company: ToursAiHub
• Email: hello@toursaihub.com

3. Types of data we process

• Business and contact information: name, company, role, email, phone
• Platform access and credentials: API tokens, integration keys, platform authorizations (stored securely)
• Connected platform data: CRM exports, booking data, and review data (including ratings, timestamps, URLs, and publicly visible reviewer names)
• Automation and usage data: workflow logs, error logs, usage metrics, dashboard activity
• Derived data (AI-generated): sentiment scores, themes, labels, embeddings/vectors, summaries, automated outputs
• Technical data: IP address, browser/device data, cookies and analytics data (see Cookies Policy)

4. Controller vs. processor roles

We act as:

• Data Processor when processing client-provided data or connected-platform data under client instructions.
• Data Controller when operating our own website/platform features and when processing publicly available review data for analysis under legitimate interests.

Where we act as a Processor, a GDPR-compliant Data Processing Agreement (Article 28 GDPR) applies. Clients remain responsible for ensuring they have a lawful basis to provide data.

5. Legal basis and purposes

We process personal data for the following purposes and legal bases:

• Contract performance: delivering services, integrations, billing, support, and workflows.
• Legitimate interests: security, service improvement, and analyzing publicly available reviews for operational insights.
• Legal obligations: tax, accounting, and responding to lawful requests.
• Consent: optional cookies and marketing communications (you can withdraw consent at any time).

6. AI and automated processing

We use AI systems to analyze reviews, generate summaries and insights, and automate parts of workflows. AI outputs can contain errors and are informational. We do not make legally binding automated decisions.

7. Public review data

We may process publicly available online reviews for analytics under legitimate interest (Article 6(1)(f) GDPR). This is used solely for insights, trend identification, and operational improvements, and is not redistributed or republished by us.

8. Third-party platforms

When data originates from platforms such as Google, TripAdvisor, OTAs, or booking systems:

• Clients are responsible for ensuring their access and use is lawful and compliant with the platform’s terms.
• We are not responsible for unlawful sourcing or misuse of data supplied through client credentials or integrations.

9. Subprocessors and international transfers

We use trusted providers for hosting, analytics, automation, and AI processing. Where data is transferred outside the EEA, we use appropriate safeguards such as Standard Contractual Clauses (SCCs) or adequacy decisions. A subprocessor list is available upon request.

10. Retention

• Client/account data: up to 10 years after contract end (or as required by law)
• Automation logs and analytics: up to 24 months
• Marketing data: until you unsubscribe

Upon account deletion or contract termination, we delete or return data where applicable unless retention is legally required.

11. Your rights

You have the right to access, correct, delete, restrict, or object to processing, and to request data portability where applicable. You may withdraw consent at any time.

To exercise your rights, email hello@toursaihub.com. You may also contact the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

12. Security

We apply technical and organizational measures such as encryption, access controls, secure credential handling, and incident response procedures.

13. Updates to this policy

We may update this Privacy Policy periodically. Significant changes will be communicated on our website or by email where appropriate.