Privacy Policy

Last updated: May 30, 2026

InnTable ("we", "us", "our") takes your privacy seriously. This policy explains what information we collect, how we use it, and how we protect it when you use the InnTable app and related services.

⚠ Important Notice About Dietary Information

InnTable is designed for dietary preferences, lifestyle choices, and general food restrictions — not medical conditions. Please do not enter medical diagnoses, prescription medications, specific allergy severity levels, or any information you would normally share only with a doctor. If you have a life-threatening allergy or a medically managed condition, please speak directly with the hotel's kitchen staff and a qualified medical professional — do not rely solely on an InnTable-generated letter.

1. Information We Collect

We collect the following categories of information:

Account information: Your name, email address, and authentication credentials when you create an account.
Dietary profile data: Your dietary type (e.g., vegan, vegetarian), allergen flags, free-text dietary notes, preferred name, WhatsApp number (if provided), and cross-contamination tolerance setting. This data is used solely to generate your hotel dietary request letters.
Trip information: Hotel names, destinations, travel dates, and booking details you enter when creating a trip.
Loyalty programme data: Hotel loyalty programme memberships and status levels you choose to add.
Usage data: Information about how you use the app, including the number of hotel letters sent and app features accessed.
Device information: Device type, operating system version, and app version for troubleshooting purposes.

2. How We Use Your Information

To generate personalised dietary request letters for your hotel stays.
To send those letters on your behalf via email, with your email address as the Reply-To address so hotels reply directly to you.
To maintain your account and authenticate your identity.
To enforce subscription limits (free plan: 3 sends per month).
To improve the InnTable app and service.
To communicate with you about your account or important service updates.

We do not sell your personal information to third parties. We do not use your dietary data for advertising or marketing profiling.

3. How Your Data Is Stored

Your dietary profile, trip data, and personal details are stored in a secure database hosted by Supabase on servers located in the United States (AWS us-west-1, North California). Access to this data is protected by Row Level Security (RLS), meaning your data can only be accessed by your own account. InnTable staff have limited access to anonymised, aggregated data for service operation.

Hotel letters are generated using a third-party AI service (Anthropic Claude API). Your dietary profile data is transmitted to this service solely for the purpose of generating your letter. Anthropic processes this data under their own privacy and data retention policies. We do not store your letters on Anthropic's servers — letter content is generated in real time and stored only in our own database.

Email delivery is handled via Resend. Hotel contact email addresses are private operational data and are never disclosed to users of the app.

4. How We Share Your Information

We share your information only in the following limited circumstances:

With hotels, on your instruction: When you choose to send a letter, the content of that letter (your dietary preferences) is sent to your chosen hotel's food and beverage team. Your email address is included as the Reply-To field so the hotel can contact you directly.
With service providers: Supabase (database hosting), Anthropic (AI letter generation), Resend (email delivery), and RevenueCat (subscription management). These providers are contractually required to handle your data securely and only for the purposes we specify.
As required by law: We may disclose your information if required by applicable law, regulation, or legal process.

We do not share your dietary data with advertisers, data brokers, or any third party for marketing purposes.

5. Your Rights

You have the right to:

Access the personal data we hold about you.
Correct inaccurate or incomplete data.
Delete your account and associated data.
Export your dietary profile data.
Withdraw consent to data processing at any time by deleting your account.

To exercise any of these rights, contact us at hello@inntable.com.

6. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or compliance purposes.

7. Children's Privacy

InnTable is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us at hello@inntable.com and we will delete it promptly.

8. Security

We implement industry-standard security measures including encrypted data transmission (HTTPS/TLS), encrypted database storage, and row-level access controls. However, no method of electronic transmission or storage is 100% secure. We encourage you to use a strong password and keep your account credentials private.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For material changes, we will notify you via email or in-app notification. Continued use of InnTable after changes take effect constitutes acceptance of the updated policy.

10. Contact Us

If you have any questions about this Privacy Policy, please contact us:

InnTable
Email: hello@inntable.com
Website: inntable.com