Privacy Policy

Last Updated: December 2025

This Privacy Policy explains how hostU, Inc. (d/b/a Hero by hostU) (“Hero by hostU,” “we,” “us”) collects, uses, stores, and protects personal and business information when visitors access our website or when customers use the Hero by hostU platform and related services (the “Service”).

By accessing the website or using the Service, you agree to the practices described in this Privacy Policy.

Google API Data Use Disclosure

Hero by hostU’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Hero by hostU only accesses, uses, stores, and transfers Google user data as necessary to provide the Service and in accordance with this Privacy Policy.

1. Information We Collect

We collect information in three primary categories.

1.1 Information Provided Directly by Customers

This includes any information a Customer or Authorized User submits or transmits through the Service, such as:

  • Email content and communication history

  • Inquiries, drafts, replies, and message metadata

  • Uploaded documents (leases, PDFs, images, forms)

  • Property information and unit data

  • Tenant information provided through property management system (PMS) integrations

  • Any content entered into the system by a Customer Admin or Authorized User

  • Account registration information (name, email, role, property affiliation)

This collectively constitutes Customer Data.

1.2 Information Collected Automatically

When users access our website or platform, we may collect:

  • IP address

  • Browser and device information

  • Log data and usage activity

  • Session timestamps

  • Diagnostic and performance metrics

These logs help us secure, maintain, and improve the Service.

1.3 Information from Third-Party Integrations

If a Customer connects an integration (e.g., Entrata, Yardi, AppFolio, Gmail, Outlook), we may receive:

  • Unit availability, pricing, and property records

  • Tenant or prospect communications

  • Work orders or leasing-related data

  • Customer-specific configuration information

  • Additional PMS or email metadata authorized by Customer settings

We only access data that the Customer has explicitly enabled.

2. How We Use Information

We use Customer Data and other collected information for the following purposes.

2.1 Service Delivery

To operate and provide the Hero by hostU platform, including:

  • Drafting responses using AI

  • Surfacing property data

  • Supporting leasing and operational workflows

  • Routing communications

  • Maintaining system functionality

2.2 Customer-Specific Model Performance

Hero by hostU may process Customer Data solely to improve that Customer’s model performance and accuracy within their own account.

Hero by hostU does not use Customer Data, including Google user data, to train or improve generalized or shared AI models.

Google user data is not retained by third-party AI providers beyond what is required to provide the Service.

2.3 Use of Google Workspace Data

If a Customer connects a Google Workspace account (including Gmail), Hero by hostU accesses and processes email content and metadata solely to provide the Service, including:

  • Understanding communication context to generate relevant draft responses

  • Identifying message threads and updates

  • Supporting inbox workflows configured by the Customer

Hero by hostU does not send emails automatically. All messages require explicit user review and approval before being sent.

2.4 Communication

We may contact Customer Admins regarding:

  • Account updates

  • Service notifications

  • Security alerts

  • Product improvements

2.5 Security, Fraud Prevention & Compliance

We use data to:

  • Detect and prevent unauthorized access

  • Enforce platform policies

  • Comply with legal obligations

2.6 Website Analytics

We may use aggregated analytics to understand website usage patterns and improve the user experience.

3. How We Share Information

We do not sell Customer Data.

We do not share Customer Data with third parties except as described below.

3.1 Subprocessors

We may share Customer Data with trusted service providers who support the operation of Hero by hostU, such as:

  • Cloud hosting providers

  • Supabase (database infrastructure)

  • OpenAI (AI model inference)

  • Cloudflare (security and hosting)

  • Monitoring and logging tools

These subprocessors only use information to provide services on our behalf, are bound by confidentiality obligations, and are prohibited from using Customer Data, including Google user data, for any other purpose.

A current list of subprocessors is available upon request.

3.2 Third-Party Integrations

When a Customer connects an integration (e.g., Entrata, Yardi, AppFolio, Gmail), we access and process data from those systems only as authorized by the Customer.

We do not share Customer Data back to those third parties unless necessary to perform an action explicitly enabled by the Customer (such as sending an email).

3.3 Legal Requirements

We may disclose information if legally required or necessary to:

  • Comply with law or legal process

  • Respond to lawful requests from public authorities

  • Protect rights, property, or safety

  • Enforce our agreements or policies

4. Data Security

We use industry-standard technical and organizational security measures, including:

  • Encryption in transit and at rest

  • Role-based access control

  • Tenant-level data isolation

  • Secure API credential handling

  • Audit logging

  • Regular monitoring

Customers are responsible for:

  • Securing admin credentials

  • Configuring access permissions for their property team

  • Managing authorized users

4.1 Limited Human Access to Customer Data

Hero by hostU does not allow employees or contractors to access Customer Data, including Google user data, except in the following limited circumstances:

  • When explicitly authorized by the Customer for support or troubleshooting

  • When necessary to investigate security incidents, abuse, or service failures

  • When required to comply with applicable law or legal process

Any such access is logged, limited in scope, and subject to confidentiality obligations.

5. Data Retention

We retain Customer Data only as long as necessary to:

  • Provide the Service

  • Meet legal obligations

  • Fulfill Customer instructions

Upon termination, Customer Data is deleted according to our retention schedule unless legal retention requirements apply.

6. Children’s Privacy

The Service is intended for business use by adults.

We do not knowingly collect information from children under 13.

7. Customer Rights & Choices

Because Hero by hostU currently serves only U.S.-based customers, U.S. privacy laws apply, including the California Consumer Privacy Act (CCPA), where applicable.

Depending on your jurisdiction, you may request to:

  • Access certain personal information

  • Correct inaccuracies

  • Delete certain information

  • Restrict certain types of processing

Requests must be submitted by the Customer Admin or authorized representative.

8. International Use

At this time, Hero by hostU is intended for use within the United States.

If we expand into the EU or UK in the future, GDPR and UK GDPR provisions will apply and this policy will be updated accordingly.

9. Third-Party Links

Our website may contain links to third-party sites. We are not responsible for their privacy practices.

10. Changes to This Privacy Policy

We may update this Privacy Policy periodically.

We will post the updated version with a revised “Last Updated” date.

Continued use of the Service constitutes acceptance of changes.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, you may contact us at:

hostU, Inc. (d/b/a Hero by hostU)
New York, NY
admin@joinhostu.com