Security & privacy

Guest data privacy

How Rezi handles guest personal information, your obligations as a data controller, and how to respond to guest data requests.

Updated June 10, 2026 3 min read

When you use Rezi to manage guest communications and records, you are operating as a data controller under privacy laws like CCPA (California), GDPR (if you have EU guests), and similar regulations. Rezi is a data processor that processes data on your behalf. Understanding the distinction matters: you set the rules for what data is collected and why; Rezi provides the infrastructure to collect, store, and process it safely.

As the data controller, you are responsible for: informing guests that their data is being collected and how, obtaining any required consent for communications, responding to guest requests to access or delete their data, and retaining data only as long as legally required. Rezi's tools support all of these obligations but do not execute them automatically on your behalf.

What guest data Rezi holds

  • Contact information: name, phone number, email address
  • Reservation records: check-in and checkout dates, property, booking source
  • Conversation history: all messages between guests and your Rezi AI or team
  • Photos: images guests send by text, stored with the conversation
  • Notes: internal team notes on guest records

Responding to guest data access requests

Under CCPA (California) and GDPR, guests have the right to request a copy of the data you hold about them. To fulfill a request, export the guest's contact record (PDF or JSON from the contact detail view) and their message history (conversation export). Compile these into a response and deliver it to the guest within the legal timeframe for your jurisdiction (typically 30 days).

Responding to guest deletion requests

Guests may request that you delete their personal data. Note that legal and regulatory retention requirements may override a deletion request in some cases. Delete data that is not subject to retention requirements, retain what legally must be kept, and inform the guest of what was deleted and what was retained (and why).

To delete a guest in Rezi: archive the contact record (which removes it from active views), then use the permanent delete option if the record no longer needs to be retained. Permanent deletion removes all associated records including messages and notes. This action cannot be undone.

Check your state and local laws before permanently deleting guest records. Some jurisdictions require retaining records related to a stay for a period of time in case of a dispute. When in doubt, archive rather than permanently delete.

Third-party data sharing

Rezi shares limited guest data with service providers as necessary to operate the platform: a messaging carrier for SMS and voice delivery (phone number and message content), and AI providers for message processing. Each provider operates under data processing agreements. We do not sell guest data to third parties or use it for advertising.

Does Rezi send marketing to my guests?
No. Rezi does not send any marketing communications to your guests. All messages sent through Rezi to guests originate from you or your AI agent configuration. Rezi has no visibility into or ability to contact your guests independently.
What if a guest asks to stop receiving messages from Rezi?
If a guest replies STOP to an SMS, they are opted out of messages from that number. Transactional messages (check-in instructions, booking confirmations) remain permitted by law; marketing messages are stopped. The opt-out status is logged on the guest record automatically.
How do I handle a guest who threatens a privacy complaint?
Take any privacy complaint seriously. Review what data you hold about the guest, confirm it is appropriate and accurate, and respond to their specific concern. If they are requesting data access or deletion, process the request per the steps above. For formal complaints, consult with a privacy attorney familiar with your jurisdiction's requirements before responding.

Was this article helpful?

Related articles