Back to home
Legal

Privacy policy.

Last updated: 2026-07-02 Hedonic Intelligence · Porto, Portugal

Hedonic Intelligence reads the public review record of hotels for hospitality investors, owners, asset managers, advisors, and operators. This policy describes how we handle personal data when you engage with us through this website, the contact form, the booking link, or a paid engagement.

01 Data we collect

Only information you give us directly:

  • Contact data: name, work email, firm or hotel group, your seat, and the question you submit through the contact form.
  • Booking data: if you book an intro call, the scheduling service collects your name, email, and scheduling details.
  • Communications: messages you send us, and our replies.
  • Technical data: IP address and browser type, collected automatically by our hosting provider for standard security and operational logging.

02 How we use it

  • To respond to your enquiry and scope a potential engagement.
  • To prepare, deliver, and refresh contracted analyses and reports.
  • To understand visit patterns through aggregate analytics (only if you opt in via the cookie banner).
  • To send communications strictly related to a current or prospective engagement. We do not run marketing campaigns.
Legal basis. We process contact-form and booking data under Art. 6(1)(b) GDPR (steps taken at your request prior to, or in performance of, a contract). Analytics data is processed only under Art. 6(1)(a) GDPR (your consent, given via the cookie banner and withdrawable at any time). The legal basis for review-data processing is in section 8.

03 Sharing

We do not sell, rent, or share your personal data for marketing. We share information only with the processors below.

Processor What is shared Transfer mechanism
Formspree Name, email, firm, role, message (contact form submissions) SCC 2021/914
Cal.com Name, email, scheduling details (intro call bookings) SCC 2021/914 / EU storage
Vercel, Inc. IP address and request metadata (hosting and security logging). SOC 2 Type II. SCC 2021/914
Google Analytics
(G-CC7MH7KJV8)
Aggregate visit patterns. Loaded only after you accept the cookie banner. No data collected if you decline. SCC 2021/914
Google Fonts IP address and browser type on each page load (technical font delivery, not analytics). SCC 2021/914
OpenRouter, Inc. Review text, processed for structured extraction (identifying loyalty signals, price-value verdicts, and friction events in the text). Routed to a third-party model host; no data retained for model training per OpenRouter's data-processing terms. SCC 2021/914
Anthropic, PBC Selected review excerpts for the synthesis layer of paid engagements. ~30-day operational log retention; no model training on our data. SCC 2021/914
Legal authorities When required by law or court order. N/A

A full sub-processor list is available for institutional procurement on request.

04 Security

We apply reasonable technical and organisational measures to protect personal data against unauthorised access, loss, or alteration. Internal access is limited to authorised personnel and is logged.

05 Your rights (GDPR)

Access See the personal data we hold about you.
Correction Fix data that is inaccurate or out of date.
Erasure Request deletion of your data.
Objection / restriction Object to or restrict our processing.
Portability Receive your data in a machine-readable form.
Withdraw consent Revoke at any time where processing is consent-based.

To exercise any of these rights, get in touch via the contact form on the homepage. We respond within 30 days.

06 Retention

We keep your data only as long as needed to fulfil the purpose for which it was collected, or as required by law. Contact-form submissions that do not lead to an engagement are deleted within 12 months. Review text processed via the sub-processors named in section 3 is held only in operational logs as described there, and is not used for model training.

07 Cookies and analytics

We load Google Analytics (G-CC7MH7KJV8) but gate it behind your explicit consent. We do not use tracking pixels, advertising cookies, or session-replay tools. To withdraw consent, clear your cookies or adjust your browser settings; the next page load re-prompts the banner.

08 Review-data processing in our engagements

As part of our paid engagements, we process publicly published guest reviews from Booking.com, Google, Expedia, and TripAdvisor. We never collect private data from a hotel's property-management system, reservation system, CRM, or guest database.

Reports contain only aggregate metrics. No row-level guest identifiers, no individual guest profiling.

Legal basis: legitimate interest under Art. 6(1)(f) GDPR. The purpose is aggregate hospitality intelligence built from publicly available data. This basis has been weighed against data-subject interests: the reviews are voluntarily published under a pseudonym on public platforms, with no reasonable expectation of privacy on the published text and display name, and the processing yields only aggregate statistics with no individual identification.

09 EU data storage and cross-border transfers

Our primary database is hosted within the European Union. Where personal data is transferred outside the EEA, those transfers are governed by the European Commission's Standard Contractual Clauses (Decision 2021/914) or equivalent adequacy mechanism. Transfer mechanisms for each processor are shown in section 3 and available in full on request.

10 Contact

To exercise your rights or ask about this policy:

Hedonic Intelligence Porto, Portugal
Use the contact form on the homepage, or book a call via the link in the navigation. We respond within 30 days.

11 Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top reflects the most recent change. Material changes will be noted in that date.

Book a 20-min read intro