Guest data privacy
How Rezi handles guest personal information, your obligations as a data controller, and how to respond to guest data requests.
When you use Rezi to manage guest communications and records, you are operating as a data controller under privacy laws like CCPA (California), GDPR (if you have EU guests), and similar regulations. Rezi is a data processor that processes data on your behalf. Understanding the distinction matters: you set the rules for what data is collected and why; Rezi provides the infrastructure to collect, store, and process it safely.
As the data controller, you are responsible for: informing guests that their data is being collected and how, obtaining any required consent for communications, responding to guest requests to access or delete their data, and retaining data only as long as legally required. Rezi's tools support all of these obligations but do not execute them automatically on your behalf.
What guest data Rezi holds
- Contact information: name, phone number, email address
- Reservation records: check-in and checkout dates, property, booking source
- Conversation history: all messages between guests and your Rezi AI or team
- Photos: images guests send by text, stored with the conversation
- Notes: internal team notes on guest records
Responding to guest data access requests
Under CCPA (California) and GDPR, guests have the right to request a copy of the data you hold about them. To fulfill a request, export the guest's contact record (PDF or JSON from the contact detail view) and their message history (conversation export). Compile these into a response and deliver it to the guest within the legal timeframe for your jurisdiction (typically 30 days).
Responding to guest deletion requests
Guests may request that you delete their personal data. Note that legal and regulatory retention requirements may override a deletion request in some cases. Delete data that is not subject to retention requirements, retain what legally must be kept, and inform the guest of what was deleted and what was retained (and why).
To delete a guest in Rezi: archive the contact record (which removes it from active views), then use the permanent delete option if the record no longer needs to be retained. Permanent deletion removes all associated records including messages and notes. This action cannot be undone.
Check your state and local laws before permanently deleting guest records. Some jurisdictions require retaining records related to a stay for a period of time in case of a dispute. When in doubt, archive rather than permanently delete.
Third-party data sharing
Rezi shares limited guest data with service providers as necessary to operate the platform: a messaging carrier for SMS and voice delivery (phone number and message content), and AI providers for message processing. Each provider operates under data processing agreements. We do not sell guest data to third parties or use it for advertising.
Does Rezi send marketing to my guests?
What if a guest asks to stop receiving messages from Rezi?
How do I handle a guest who threatens a privacy complaint?
Was this article helpful?