SysistSysist

Privacy Policy

Effective Date: February 22, 2026 | Last Updated: February 22, 2026

1. Introduction

Sysist Ltd. ("Sysist", "we", "our", or "us") operates an AI-powered voice concierge platform for hotels, resorts, and vacation rental properties. This Privacy Policy describes how we collect, use, store, share, and protect personal information when you use our website (sysist.io), our dashboard application, our tablet-based guest application, and any related services (collectively, the "Services").

This policy applies to all users of our Services, including property owners, team members, and guests who interact with our voice concierge system. By using our Services, you acknowledge that you have read and understood this Privacy Policy.

2. Information We Collect

2.1 Information You Provide Directly

  • Account Information: Name, email address, phone number, and login credentials when you register for an account or join our waitlist.
  • Property Information: Property names, addresses, Wi-Fi credentials, house rules, check-in/out times, and other property details you configure.
  • Business Information: Affiliate restaurant details, WhatsApp phone numbers, and business relationships you set up.
  • Payment Information: Billing details if and when payment processing is implemented (processed by third-party payment processors; we do not store full payment card details).

2.2 Information Collected Automatically

  • Voice Data: Audio recordings and transcriptions of guest interactions with the AI voice concierge. Voice data is processed in real-time and is not permanently stored in audio form unless explicitly configured by the property owner.
  • Usage Data: Interaction logs, feature usage analytics, API call records, session timestamps, and performance metrics.
  • Device Information: Tablet identifiers, IP addresses, browser type, operating system, and connection data for paired devices.
  • Push Notification Tokens: Web push subscription endpoints for delivering real-time notifications.

2.3 Information from Third Parties

  • Reservation confirmation and status updates from affiliate restaurants via WhatsApp.
  • Location and place data from Google Maps and Google Places APIs.

3. How We Use Your Information

We use collected information for the following purposes:

  • Service Delivery: To operate and provide our AI voice concierge, process guest requests, manage reservations, and handle maintenance reports.
  • Communications: To send push notifications for escalations, reservations, and maintenance alerts; to send transactional emails related to your account.
  • Improvement: To analyze usage patterns, monitor service performance, and improve the accuracy and quality of our AI systems.
  • Security: To detect and prevent fraud, abuse, and unauthorized access.
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes.

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, and Israel, we process personal data under the following legal bases:

  • Contractual Necessity: Processing necessary to provide our Services under our agreement with you.
  • Legitimate Interests: Processing for service improvement, analytics, and security, where these interests are not overridden by your rights.
  • Consent: Where required, such as for marketing communications or optional cookies.
  • Legal Obligation: Processing required to comply with applicable law.

5. Data Sharing and Disclosure

We do not sell your personal data. We may share information in the following circumstances:

  • Service Providers: With third-party providers who process data on our behalf (e.g., cloud hosting, AI processing, speech-to-text, text-to-speech services). All providers are bound by data processing agreements.
  • Affiliate Partners: Reservation details shared with affiliate restaurants via WhatsApp as configured by property owners.
  • Legal Requirements: When required by law, court order, or governmental authority.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, subject to standard confidentiality requirements.

6. International Data Transfers

Our Services are hosted on servers in the United States (AWS). If you are located outside the United States, your data may be transferred to and processed in the United States. We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses (SCCs) where applicable.

7. Data Retention

We retain personal data for as long as necessary to provide our Services and fulfill the purposes described in this policy. Specifically:

  • Account data is retained while your account is active and for up to 12 months after deletion.
  • Voice interaction transcripts are retained for up to 90 days for service improvement, unless configured otherwise.
  • Usage analytics and logs are retained for up to 24 months.
  • You may request earlier deletion by contacting us.

8. Data Security

We implement industry-standard security measures including:

  • Encryption in transit (TLS/HTTPS) and at rest.
  • Row-level security policies on our database.
  • Role-based access controls for all dashboard users.
  • Regular security audits and monitoring.
  • HMAC-SHA256 webhook verification for third-party integrations.

While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

9. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data ("right to be forgotten").
  • Restriction: Request that we limit how we process your data.
  • Portability: Request a machine-readable copy of your data.
  • Objection: Object to processing based on legitimate interests.
  • Withdraw Consent: Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us at privacy@sysist.io. We will respond within 30 days.

10. California Residents (CCPA)

If you are a California resident, you have the right to: (a) know what personal information we collect and how it is used, (b) request deletion of your personal information, (c) opt out of the sale of personal information (we do not sell personal information), and (d) not be discriminated against for exercising your privacy rights.

11. Israeli Privacy Law

For users subject to the Israeli Protection of Privacy Law, 5741-1981, we comply with all applicable requirements regarding the collection, processing, and protection of personal data. Our database is registered as required under Israeli law.

12. Children's Privacy

Our Services are not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us to have it removed.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last Updated" date. Continued use of our Services after changes constitutes acceptance of the revised policy.

14. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or our data practices: