Privacy Policy

Effective date: June 1, 2026 · Last updated: May 4, 2026

This Privacy Policy explains how First Hospitality, LLC (“First Hospitality,” “we,” “us,” or “our”) collects, uses, shares, and protects information when you visit our website, purchase a report, or otherwise use the Hotel Owner Toolkit platform (the “Service”).

1. Who we are

First Hospitality, LLC is an Illinois limited liability company headquartered in Chicago. Hotel Owner Toolkit is a product line of First Hospitality, LLC; the same company is the data controller for purposes of this policy.

Address for privacy correspondence:
First Hospitality, LLC, Attn: Privacy
Chicago, Illinois
privacy@firsthospitality.com

2. Information we collect

We collect only the information needed to operate the Service. We do not run advertising networks, behavioral profiling, or data brokerage of any kind.

2.1 At checkout

Hotel name and URL of the property you want analyzed
Email address where the report will be delivered
Your name (optional)
Desired comparison properties (optional, up to 5)
Payment information — processed and stored by Stripe; we receive only a confirmation token, the last four digits of the card, the card brand, and the billing zip code

2.2 Collected automatically

IP address (rate limiting and security)
Browser type, operating system, device type
Pages viewed, referrer, timestamps
Anonymous interaction analytics from Vercel Analytics (does not use cookies for individual identification)

2.3 Generated by us about your purchase

A unique run identifier
Operational metadata (start, completion, model usage, cost)
The contents of the generated report
A signed URL for downloading the report PDF
A record of when the delivery email was sent

We do not collect special-category personal data (health, biometric, racial, religious, political, sexual, etc.). The Service is not directed at children under 16.

3. How we use the information

Generate and deliver your report
Process your payment via Stripe
Send transactional emails about your purchase
Provide customer support
Operate, secure, and improve the Service (fraud detection, debugging, performance monitoring, aggregate usage analysis)
Comply with legal obligations and respond to lawful requests

We do not use your information to train AI models. Anthropic's API does not retain or train on customer-submitted data by default, and we do not separately repurpose your data for model training. We do not sell or “share” your personal information for cross-context behavioral advertising as those terms are defined under California law.

4. Sub-processors and vendors

Vendor	Purpose	Data shared
Stripe, Inc.	Payment processing	Email, billing zip, name, card details (Stripe holds)
Anthropic, PBC	AI analysis (Claude API)	Hotel name, URL, comp set, structured prompts. No customer email, name, or payment data.
Supabase, Inc.	Database, file storage	All purchase and report data
Resend, Inc.	Transactional email delivery	Email, name (if provided), subject, download link
Vercel, Inc.	Web hosting and analytics	All site traffic; aggregate analytics
Inngest, Inc.	Background job orchestration	Run identifier, status events
Upstash, Inc.	Rate limiting	IP address (transient)

5. How long we keep information

Category	Default retention
Buyer contact information (email, name)	24 months from purchase
Report contents and delivery URL	24 months from purchase
Operational metadata (de-identified)	Indefinite
Stripe payment records	Per Stripe's retention policies
Server logs (IP, user agent)	30 days
Backup snapshots	Up to 90 days beyond active retention

You can request earlier deletion at any time — see §7.

6. How we protect information

Encryption in transit (TLS) for all data; encryption at rest for our primary database and file storage; row-level security so only the record owner and our administrative service can read it; least-privilege access; webhook signature verification; rate limiting on public endpoints; regular dependency audits. No system is perfectly secure; report suspected compromise to security@firsthospitality.com.

7. Your rights

Depending on where you live, you may have some or all of the following rights regarding your personal information:

Access — request a copy of your personal information
Correction — request that we correct inaccurate information
Deletion — request that we delete your information (subject to legal exceptions)
Portability — request a copy in a machine-readable format
Opt-out of “sale” or “sharing” — we do not sell or share your information for advertising, but you may submit a request to confirm
Non-discrimination — we will not discriminate against you for exercising any of these rights

To exercise any of these rights, email privacy@firsthospitality.com from the address you used at checkout. We will respond within 30 days.

8. State-specific notices

California (CCPA / CPRA)

We have not sold your personal information in the past 12 months and do not currently sell or share personal information for cross-context behavioral advertising. Because we do not sell or share for advertising, no “Do Not Sell or Share My Personal Information” link is required, but you may exercise that right by contacting us.

Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana

Residents of these states have rights similar to those in §7 under their respective comprehensive privacy laws. We honor those rights through the same privacy@firsthospitality.com request channel. We do not engage in “targeted advertising,” “sale” of personal data, or “profiling” with legal or similarly significant effects.

EEA, UK, Switzerland

We do not currently target the Service to EEA, UK, or Swiss residents. To the extent residents nonetheless purchase reports, our lawful basis is performance of a contract and our legitimate interest in operating and securing the Service.

9. Cookies and tracking

We use only essential cookies needed to operate the Service. We do not set tracking cookies for advertising. See our Cookie Notice.

10. Marketing communications

We do not send marketing emails by default. The only emails you will receive from us are transactional: report delivery, refund confirmation, and direct replies to support inquiries.

11. Links to third-party sites

We are not responsible for the privacy practices of third-party sites the Service may link to. Review their privacy policies before submitting information to them.

12. Changes to this policy

We may update this policy from time to time. The “Last updated” date at the top reflects the most recent change. For material changes, we will provide notice on the Platform and, where reasonably practicable, by email to recent purchasers.

13. Contact

First Hospitality, LLC, Attn: Privacy
Chicago, Illinois
privacy@firsthospitality.com