Privacy Policy
Privacy Policy
Zillion Technology Solutions S.L.U. ("Zillion", "we", "us", or "our") is committed to protecting the privacy of hotel guests, platform users, and all individuals whose data we process. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights under applicable law.
Data Controller: Zillion Technology Solutions S.L.U. · CIF B24801383 · Calle Son Puig, Núm 8, Planta 2, Puerta 5, 07011 Palma de Mallorca (Illes Balears), Spain
Privacy contact: privacy@1zill.com
---
1. Who This Policy Applies To
This policy applies to:
- Hotel guests who interact with a Zillion-powered concierge (via WhatsApp, web widget, or other channels)
- Hotel staff and operators who use the Zillion platform
- Visitors to our website at 1zill.com
---
2. Data We Collect
2.1 Hotel Guests (Concierge & Messaging)
When a guest contacts a hotel through our concierge service, we may process:
- Phone number (WhatsApp ID)
- Display name (as provided by WhatsApp)
- Message content (text, images, audio)
- Conversation history and timestamps
- Language preference
- Support ticket details and resolution status
2.2 Hotel Operators & Platform Users
- Name, email address, and job title
- Login credentials (hashed passwords)
- Usage logs and activity within the platform
- IP address and browser/device information
2.3 Website Visitors
- IP address and approximate geolocation
- Pages visited and time spent
- Browser type and operating system
- Referral source
---
3. How We Use Your Data
We use personal data for the following purposes:
| Purpose | Legal Basis (GDPR Art. 6) |
|---|---|
| Delivering concierge and messaging services to hotel guests | Legitimate interests (Art. 6(1)(f)) / Contract performance |
| Processing guest support requests and tickets | Legitimate interests |
| Providing the hotel management platform to operators | Contract performance (Art. 6(1)(b)) |
| Improving service quality and AI response accuracy | Legitimate interests |
| Security, fraud prevention, and abuse detection | Legitimate interests / Legal obligation |
| Sending product updates to registered users | Consent (Art. 6(1)(a)) or Legitimate interests |
| Complying with legal obligations | Legal obligation (Art. 6(1)(c)) |
We do not sell personal data to third parties. We do not use guest message content for advertising purposes.
---
4. WhatsApp and Meta
Our concierge service uses the WhatsApp Business Platform (Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland) to deliver messages on behalf of hotels.
- Messages sent via WhatsApp are processed by Meta under their own [WhatsApp Business Terms of Service](https://www.whatsapp.com/legal/business-terms)
- Zillion acts as a data processor on behalf of the hotel (data controller) for guest messages
- Message content is stored in our systems only as long as necessary to provide the service
- We do not use WhatsApp conversations for advertising or profiling
---
5. AI Processing
Our platform may use artificial intelligence to generate suggested or automated responses to guest messages. When AI processing is used:
- Message content is sent to an AI language model provider (such as Anthropic or OpenAI) via encrypted API calls
- AI providers process data only for inference and do not retain conversation data for model training under our enterprise agreements
- Hotels can disable AI-assisted responses at any time from their dashboard
---
6. Data Retention
We retain personal data for as long as necessary:
- Guest conversations: 24 months from the last interaction, or as directed by the hotel
- Support tickets: 36 months from resolution
- Platform user accounts: Duration of the contract + 12 months
- Website logs: 90 days
Data may be retained longer where required by law (e.g., tax records: 7 years under Spanish law).
---
7. International Data Transfers
Zillion is based in Spain (EU). Some service providers (including AI processing and cloud infrastructure) may be located outside the EU/EEA. In such cases, we rely on:
- EU Standard Contractual Clauses (SCCs)
- Adequacy decisions by the European Commission
---
8. Your Rights Under GDPR
If you are located in the EU/EEA, you have the right to:
- Access the personal data we hold about you
- Rectify inaccurate or incomplete data
- Erase your data ("right to be forgotten") where applicable
- Restrict processing in certain circumstances
- Object to processing based on legitimate interests
- Data portability (receive your data in a structured format)
- Withdraw consent at any time (where processing is consent-based)
- Lodge a complaint with the Spanish Data Protection Authority (AEPD): aepd.es
To exercise any of these rights, contact us at privacy@1zill.com. We will respond within 30 days.
---
9. Cookies
Our website uses cookies for analytics and functionality. See our [Cookie Policy](/legal/cookies) for details.
---
10. Security
We implement industry-standard technical and organisational measures to protect personal data, including:
- Encryption in transit (TLS 1.3) and at rest
- Role-based access controls
- Regular security reviews
- Data minimisation practices
---
11. Changes to This Policy
We may update this policy periodically. Material changes will be communicated via email or a notice on our website. The current version is always available at 1zill.com/legal/privacy.
---
12. Contact
For privacy-related questions, requests, or complaints:
Zillion Technology Solutions S.L.U.
Calle Son Puig, Núm 8, Planta 2, Puerta 5
07011 Palma de Mallorca (Illes Balears)
Spain
Email: privacy@1zill.com
Last updated: March 17, 2026