Our role: data processor

motel4.ai acts as a data processor on behalf of property owners (the data controllers). We process guest data — including phone calls, transcripts, and contact information — solely to deliver the AI receptionist service. We do not sell personal information to third parties.

Information we collect and process

We collect and process the following categories of personal information to provide the service.

• ✓Account data — name, email, phone number, billing address, and payment method of property owners
• ✓Property data — property name, address, room types, amenities, policies, and pricing you provide to configure the AI
• ✓Call metadata — caller phone number, call timestamp, duration, and call disposition
• ✓AI-generated transcripts — text transcriptions of phone conversations produced by our speech-to-text systems in real time
• ✓AI summaries and follow-up actions — summaries, booking requests, and follow-up items generated by the AI from call content
• ✓Usage analytics — aggregated service usage, call volumes, and feature usage to improve the product
• ✓Support communications — messages you send to our support team

Call recording and AI transcription

Our AI receptionist generates real-time transcripts of phone conversations using speech-to-text technology. Under applicable law, AI-generated transcripts are treated as legally equivalent to audio recordings. Every call begins with a disclosure: "You're speaking with an AI assistant. This call may be recorded for quality and follow-up." The caller's continued participation after this disclosure constitutes implied consent. By default we store only AI-generated text transcripts and do NOT retain raw audio. A property owner may optionally enable audio recording for their property; when enabled, recordings are stored securely and automatically deleted after 30 days. If a caller objects to recording or transcription, the AI will offer to transfer the call to the property owner or take a basic message without storing a transcript.

AI disclosure

Our AI identifies itself as an artificial intelligence assistant at the start of every call. This disclosure is required by federal law (FCC/TCPA), California AB 2905, and other state AI disclosure laws. The disclosure cannot be disabled by property owners. If a caller asks whether they are speaking with a real person, the AI confirms it is an AI assistant and offers to connect the caller with a human.

Data retention

We retain personal information only as long as reasonably necessary for the purposes described in this policy.

• ✓AI-generated transcripts — 90 days from call date (configurable shorter by property owner)
• ✓Call metadata and summaries — duration of your subscription plus 30 days
• ✓Account and billing data — duration of your subscription plus 30 days, except billing records retained for 7 years as required by tax law
• ✓Support communications — 2 years from last contact
• ✓System and security logs — 1 year

PII handling in transcripts

Guests may disclose sensitive information during calls — such as credit card numbers, addresses, or dates of birth. We implement automated PII detection and redaction in transcripts before storage. Credit card numbers and CVV codes are never stored in any form. We do not use unredacted transcript content for model training or product improvement.

Your privacy rights (CCPA and state laws)

If you are a California resident or a resident of another state with comprehensive privacy legislation, you have the following rights.

• ✓Right to know — request disclosure of the categories and specific pieces of personal information we have collected about you
• ✓Right to delete — request deletion of your personal information, subject to certain legal exceptions
• ✓Right to correct — request correction of inaccurate personal information
• ✓Right to opt out — we do not sell or share personal information for cross-context behavioral advertising, but you may still submit an opt-out request
• ✓Right to non-discrimination — we will not discriminate against you for exercising your privacy rights

Exercising your rights

Property owners may exercise rights on their own behalf or on behalf of their guests by emailing privacy@motel4.ai. We will respond to verifiable requests within 45 days. Guest deletion requests are routed through the property owner (data controller). Upon account termination, all associated data is deleted within 30 days, with the exception of billing records retained for legal compliance.

Subprocessors

We use the following categories of third-party service providers to deliver the service: telephony infrastructure (call routing and phone number provisioning), speech-to-text and AI model providers (transcript generation and AI responses), cloud hosting (application and database hosting), and payment processing (subscription billing). A current list of subprocessors is available upon request. We notify customers before adding new subprocessors that handle personal information.

Security measures

We protect personal information with AES-256 encryption at rest, TLS 1.2+ encryption in transit, role-based access controls, and audit logging of all data access. We do not provide persistent administrative access to production databases. For more detail, see our Data Processing Agreement.

Children's privacy

Our service is not directed at individuals under the age of 13. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 13, we will take steps to delete it promptly.

Changes to this policy

We may update this privacy policy from time to time. Material changes will be communicated at least 30 days before they take effect, by email to the address on your account. Continued use of the service after the effective date constitutes acceptance of the updated policy. This policy was last updated on May 17, 2026.