Privacy Policy

We collect information in three categories:

• Account information— business name, contact email, phone, billing details, and team members you invite. Collected when you sign up or configure your workspace.
• Operational data— content, listings, bookings, leads, and integration credentials stored on your behalf inside your Hello Native workspace. You own this data; we store and process it to run the platform.
• Usage data— pages viewed, features used, device and browser metadata, IP address, and referrer, collected via first-party analytics and error logging.

End-users of your site (hotel guests, real-estate leads, construction inquiries) submit information to you, not to us. We process that information on your behalf under your instructions, as your data processor.

• Provide, operate, and improve the Hello Native platform.
• Authenticate you, your team, and enforce role-based access.
• Generate AI content (using Anthropic Claude, Google Gemini, or other model providers you select) strictly for your workspace.
• Send transactional email (receipts, system alerts, support replies).
• Send product updates or marketing email only if you’ve opted in.
• Comply with legal obligations (tax, fraud prevention, law enforcement requests).
• Detect and prevent abuse, security incidents, and fraud.

We do not sell personal information. We do not use your workspace content to train public AI models.

We share information only with service providers necessary to operate the platform, under contractual data-protection obligations. Our key sub-processors:

• Vercel — hosting, edge network, deployment.
• Neon — managed PostgreSQL database.
• Cloudflare — DNS, CDN, R2 object storage for media.
• Anthropic, Google (Gemini) — AI model inference for content generation.
• Twilio — SMS, voice, WhatsApp messaging.
• Stripe — payment processing.
• Channex, CallRail — when you enable the hospitality or construction integrations.

We may share information to comply with a valid legal request, enforce our Terms, protect the safety of users, or investigate fraud or abuse.

Hello Native AI integrates with Google Workspace and Google Marketing Platform on behalf of customers who explicitly connect a Google account. The integration uses Google’s OAuth 2.0 flow; you grant scopes one time per service, and you can revoke at any time at myaccount.google.com/permissions. We never collect Google credentials directly — only OAuth tokens issued by Google.

The Google API scopes we request, and exactly what we do with each:

• openid, userinfo.email, userinfo.profile— identify the connected Google account so the customer can see which mailbox or property is linked. Stored: email, Google sub (stable id), display name, photo URL.
• gmail.send— send transactional and operational email from the connected mailbox on behalf of the customer (booking confirmations, lead replies, follow-ups). We never read inbound mail under this scope.
• gmail.modify— read, label, and archive inbound mail in the connected mailbox to power the unified inbox feature inside the Hello Native dashboard. Used strictly to provide the user-facing inbox; messages remain in the customer’s Gmail.
• calendar, calendar.events— read availability and create/update events for showings, tours, and team scheduling features the customer initiates.
• analytics.readonly, analytics.edit— read GA4 property data to display performance dashboards inside Hello Native, and (only when the customer requests) write event configurations and conversion mappings.
• webmasters.readonly, webmasters— read Search Console data (queries, impressions, clicks) to power SEO insights, and submit sitemaps when the customer publishes one.
• business.manage— read and write Google Business Profile listings, photos, posts, reviews, and Q&A on locations the customer manages.
• adwords— read Google Ads campaign performance and (when the customer requests) make changes to budgets, bids, and creatives.
• Maps / Places API key— not OAuth; used server-side for address autocomplete and place details on customer sites. No personal data is sent.

Limited Use of Google user data:

Hello Native’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements:

• We use Google data only to provide and improve the user-facing features the customer connected the integration for. We do not use Google data to train AI/ML models.
• We do not transfer Google data to third parties except (a) to provide or improve user-facing features, (b) for security purposes (e.g., investigating abuse), or (c) to comply with applicable law.
• We do not use Google data to serve advertising, including retargeting, personalized, or interest-based ads.
• We do not allow humans to read Google data unless (a) we obtain explicit consent from the user, (b) it is necessary for security purposes (e.g., investigating abuse), (c) it is required to comply with applicable law, or (d) the data is aggregated and used for internal operations consistent with our terms.

To revoke Hello Native’s access to your Google data, visit myaccount.google.com/permissions or disconnect the integration from your Hello Native dashboard at /dashboard/core/integrations/google. After revocation, we delete stored OAuth tokens within 24 hours; cached operational data (e.g., synced inbox messages) is deleted within 30 days.

We retain account and operational data for as long as your workspace is active. If you cancel, we retain your data for up to 30 days so you can export it, then permanently delete it — except where we are legally required to keep records (tax, audit). Usage logs are retained for up to 90 days.

Depending on your jurisdiction (GDPR, CCPA, LGPD, and similar laws) you may have the right to:

• Access the personal data we hold about you.
• Request correction or deletion of your data.
• Export your data in a portable format.
• Object to or restrict certain processing.
• Withdraw consent at any time (where processing is based on consent).
• Lodge a complaint with your local data-protection authority.

To exercise any of these rights, email info@hellonative.ai. We respond within 30 days.

Data is encrypted in transit (TLS) and at rest. API keys and integration credentials are encrypted at the database layer. Every workspace is isolated at the tenant level. We log administrative actions and conduct periodic reviews of access. No system is perfectly secure — if you suspect a breach, report it to info@hellonative.ai.

Hello Native uses a small number of first-party cookies for authentication, CSRF protection, and usage analytics. We do not use third-party advertising cookies. Sites you operate on Hello Native may use additional cookies that you configure.

Hello Native is based in the United States. Your data may be processed in the US and in countries where our sub-processors operate. We use standard contractual clauses and equivalent safeguards where required by law.

Hello Native is not intended for use by anyone under 16. We do not knowingly collect information from children.

We may update this policy to reflect changes to the platform or legal requirements. Material changes are communicated by email or a notice in the dashboard. Continued use of the platform after changes constitutes acceptance.

Questions, requests, or concerns? info@hellonative.ai · +1 (954) 906-9919 · Miami, FL, USA.