top of page

RevChill Privacy Policy & Data Management

​

1. Overview

RevChill ("we," "us," or "our") provides high-performance hospitality technology consultancy and reselling services. We help hotel partners optimize their tech ecosystem (Channel Managers, Booking Engines, Chatbots, Websites and tech tools & services) and boost direct revenue.

This policy outlines how we handle data in two capacities:

  1. As a Data Controller: Managing the business information of our hotel clients.

  2. As a Data Processor: Managing the flow of hotel guest data through the third-party tools we resell and configure.

2. Data Collection & Usage

We collect only the minimum data necessary to provide our services:

  • Hotel Business Data: Contact names, business emails, property addresses, and billing information.

  • Technical Configuration Data: System credentials and API mapping details required to link your Property Management System (PMS) with your Channel Manager or Booking Engine.

  • Guest Data (Processor Role): Our resold tools process guest names, contact details, and booking dates to fulfill reservations. RevChill does not store or "own" this guest data; it belongs to the Hotel (the Data Controller).

3. Data Retention Policy

We adhere to strict "Storage Limitation" principles. Data is kept only as long as there is a legitimate business or legal need.

Data CategoryRetention Period

Active Client Account DataDuration of the active service contract.

Operational Technical LogsUp to 12 months (for troubleshooting and security auditing).

Financial & Tax Records 7 years (to comply with international statutory audit requirements).

Marketing Contact DataUntil you opt-out or for 3 years from the last engagement.

4. Post-Contract Termination Data Handling

When a partnership with RevChill ends, we follow a structured "Data Exit" protocol:

  • System Access: All administrative access to the hotel’s tech stack (Channel Manager, Extranets) is revoked immediately upon the effective termination date.

  • Guest Data Purge: Any guest-related records or temporary logs held within RevChill-managed environments are permanently deleted or anonymized within 60 days.

  • Partner Data Portability: Upon request, we will assist in the transfer of mapping logs or configuration settings to the hotel's new provider before deletion.

  • Hard Deletion: After the 60-day "grace period," data is purged from our active databases and eventually overwritten in our encrypted backups (usually within an additional 30 days).

5. Data Security & Compliance

  • Encryption: All data is encrypted using TLS/SSL during transit and AES-256 at rest.

  • PCI DSS Compliance: We only resell booking engines and payment gateways that are Level 1 PCI DSS compliant. RevChill personnel never have access to full, unmasked credit card numbers.

  • Sub-processors: We only share data with vetted partners (e.g., RateGain, AWS, Stripe) who maintain equal or higher security standards.

6. Contact & Rights

Under GDPR and other global data laws, you have the right to access, rectify, or erase your data.

For all inquiries, please contact our Data Protection Officer:

bottom of page