The boring part, taken seriously.

Where guest data lives

Innquire is hosted on Cloudflare's global edge with primary data residency in the European Union (Frankfurt). Backups are encrypted at rest in EU regions only. We do not replicate guest data outside the EU. If you're a non-EU property and want US or APAC residency, talk to us about a bespoke deployment.

What we do (and don't) do with your data

Guest transcripts and your knowledge-base content stay in your account. We do not use guest data to train any model — yours, ours, or a third party's. The retrieval system that powers your Concierge runs against your private corpus only, with no leakage to other customers.

Aggregate, fully anonymised metrics (response time, deflection rate, channel mix) inform our product roadmap. Nothing identifying ever leaves your account.

GDPR and DPA

Innquire processes guest personal data on your behalf as a Data Processor under the GDPR. A Data Processing Addendum (DPA) is available on request and forms part of every customer contract. The DPA covers sub-processors, data export, deletion timelines, and breach notification commitments.

Guests can exercise their GDPR rights (access, rectification, erasure) directly through your Innquire dashboard. Every interaction is logged for audit, with full records preserved for the statutory period and then automatically purged.

AI safety

The Concierge is built on retrieval-augmented generation against your private knowledge base. Prompting is conservative: when the system isn't confident, it deflects to a human rather than guessing. This is intentional — we'd rather lose a deflection metric than damage a guest's trust.

Every AI reply is logged with its source citations. If a guest's complaint references something the AI said, you can see exactly which knowledge-base passages informed the answer and when they were last updated.

We do not give the model access to outbound network calls, payment systems, or any irreversible actions on your behalf without explicit human approval in the workflow.

Compliance roadmap

SOC 2 is on our security roadmap; we're happy to share our current control inventory under NDA. ISO 27001 is on the longer-term roadmap for larger deployments that require it.

Integration security

Our PMS integration (Mews today, with Cloudbeds, Apaleo, and Opera on the roadmap) uses the vendor's official APIs with OAuth-based authentication where supported and encrypted credential storage where not. We request the minimum scope needed for each operation. Webhooks are signed and verified.

Payment integrations (Stripe, Adyen) follow PCI-SAQ-A: card data never touches Innquire's servers. Tokens only.

Reporting a vulnerability

If you've found a security issue, please email security@innquire.uk. We acknowledge within one business day and aim for resolution timelines that scale with severity. We do not currently run a public bug bounty but we welcome responsible disclosure.