Skip to content
+212 522 123 456

Privacy Policy

We are committed to protecting the privacy and security of hotel operators, staff, and guest data processed through our Property Management System.

Last updated: June 12, 2026

1. Introduction

PMS ("we," "us," or "our") provides a cloud-based Hotel Property Management System (PMS) operated by CANTI TECH. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our website, create an account, or use our platform to manage hotel operations, reservations, channel connectivity, billing, and related services.

By accessing or using PMS, you acknowledge that you have read this Privacy Policy. If you do not agree with our practices, please do not use our services. Where you process guest personal data through PMS, you act as a data controller and we act as a data processor on your behalf, subject to our Data Processing Agreement where applicable.

2. Information We Collect

We collect information necessary to operate a hospitality SaaS platform, including:

2.1 Hotel & Account Information

  • Property name, address, room types, rate plans, and operational settings
  • Administrator and staff account details (name, email, role, login credentials)
  • Billing contact information, subscription plan, invoices, and payment status

2.2 Reservation & Operations Data

  • Reservation records, check-in/check-out dates, room assignments, and availability
  • Housekeeping status, front-desk notes, folios, and operational logs
  • OTA synchronization data including rates, inventory, and booking confirmations

2.3 Guest Information

  • Guest names, contact details, identification where provided, and stay preferences
  • Payment and billing information associated with a reservation
  • Communication history related to bookings when captured in the platform

2.4 Technical & Usage Data

  • IP address, browser type, device identifiers, operating system, and time zone
  • Log files, audit trails, feature usage, performance metrics, and error reports
  • Cookies and similar technologies as described in Section 6

3. How We Use Your Information

We use collected information to:

  • Provide, maintain, and improve the PMS platform and customer support
  • Synchronize availability, rates, and reservations with OTAs and connected channels
  • Process subscriptions, authenticate users, and prevent fraud or unauthorized access
  • Generate operational reports, analytics, and product performance insights
  • Send service-related communications, security alerts, and product updates
  • Comply with legal obligations, enforce our terms, and resolve disputes

We do not sell personal information. We process data only for legitimate business purposes consistent with this policy and applicable law.

4. Hotel Guest Data Processing

Hotels, riads, guesthouses, and hospitality groups using PMS determine what guest data is collected and for what purposes. As a processor, we handle guest data solely on your instructions and to deliver contracted PMS functionality.

You are responsible for providing guests with appropriate privacy notices, obtaining lawful bases for processing (such as contract performance or consent), and honoring guest rights requests. PMS provides tools to access, update, export, and delete guest records where your subscription includes those features.

We restrict staff access to guest data using role-based permissions and maintain audit logs for sensitive actions where configured.

5. OTA & Third-Party Integrations

PMS may connect with Online Travel Agencies (OTAs) and partners such as Booking.com, Airbnb, Expedia, Agoda, payment gateways, email providers, and analytics tools. When you enable an integration, relevant reservation, availability, rate, and property data is transmitted to and received from those services.

Each third-party service operates under its own privacy policy. We encourage you to review:

  • What data is shared when a channel connection is activated
  • How long partner systems retain synchronized data
  • Your contractual obligations with OTAs regarding guest information

We implement secure API connections and access controls, but we are not responsible for the independent data practices of third parties outside our control.

6. Cookies & Tracking Technologies

Our website and application use cookies, local storage, and similar technologies to enable authentication, remember preferences, measure usage, and improve performance.

  • Essential cookies required for login, security, and core functionality
  • Analytics cookies to understand feature adoption and diagnose errors
  • Preference cookies to store language and interface settings

You can manage browser cookie settings at any time. Disabling essential cookies may limit your ability to use certain parts of the platform.

7. Data Storage & Security

We store data on secure cloud infrastructure with encryption in transit (TLS) and encryption at rest for sensitive fields where applicable. Access is limited to authorized personnel under least-privilege principles.

We maintain administrative, technical, and organizational safeguards including monitoring, backups, vulnerability management, and incident response procedures designed for SaaS hospitality workloads.

No method of transmission or storage is completely secure. If we become aware of a data breach affecting your information, we will notify affected customers as required by applicable law.

8. International Data Transfers

PMS serves customers internationally. Your information may be processed in countries other than your own, including facilities operated by our hosting and subprocessors.

Where required, we rely on appropriate safeguards such as Standard Contractual Clauses, data processing agreements, and vendor security assessments to protect cross-border transfers.

9. Data Retention

We retain information for as long as necessary to:

  • Provide active services under your subscription
  • Meet legal, tax, and accounting obligations
  • Resolve disputes and enforce agreements

When an account is closed, we delete or anonymize data within a reasonable period unless retention is required by law or legitimate business needs. You may request earlier deletion subject to contractual and regulatory constraints.

10. User Rights

Depending on your location, you may have the right to:

  • Access personal data we hold about you
  • Correct inaccurate or incomplete information
  • Request deletion of personal data
  • Restrict or object to certain processing activities
  • Receive a portable copy of your data
  • Withdraw consent where processing is consent-based

To exercise these rights, contact us using the details in Section 16. We respond within timeframes required by applicable law.

11. GDPR Compliance

For customers and individuals in the European Economic Area (EEA), United Kingdom, or Switzerland, we process personal data under GDPR and UK GDPR principles including lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality.

  • Legal bases may include contract, legitimate interests, legal obligation, or consent
  • Data subjects may lodge complaints with their local supervisory authority
  • We provide Data Processing Agreements to hospitality customers upon request

Our designated privacy contact can assist with GDPR-related inquiries and data subject requests.

12. CCPA / CPRA Compliance

If you are a California resident, or if your hotel processes data of California guests, you may have rights under the California Consumer Privacy Act (CCPA) as amended by the CPRA.

  • Right to know categories and specific pieces of personal information collected
  • Right to delete personal information subject to exceptions
  • Right to correct inaccurate personal information
  • Right to opt out of sale or sharing of personal information — PMS does not sell personal data
  • Right to non-discrimination for exercising privacy rights

Authorized agents may submit verified requests on your behalf. Hospitality businesses using PMS should coordinate guest requests between their own privacy program and our support team when needed.

13. Third-Party Services

We may use trusted subprocessors for:

  • Cloud hosting and database infrastructure
  • Payment processing and invoicing
  • Email delivery and customer communication
  • Customer support, monitoring, and security tooling

Subprocessors are bound by contractual data protection obligations. A current list is available upon request. We remain responsible for subprocessors processing data on our behalf.

14. Children's Privacy

PMS is a business-to-business platform intended for hotel operators and authorized staff. It is not directed to children under 16, and we do not knowingly collect personal information from children.

If you believe a child has provided personal data through our services without appropriate authorization, contact us and we will take steps to delete such information.

15. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our services, legal requirements, or security practices. When we make material changes, we will post the updated policy on this page and revise the Last Updated date.

Continued use of PMS after changes become effective constitutes acceptance of the revised policy. We encourage administrators to review this page periodically.

16. Contact Information

For privacy questions, data subject requests, or security concerns, contact:

We aim to respond to verified requests within 30 days, or sooner where required by law.