Privacy Policy

Last updated: May 6, 2026

DirectBookAI is operated by AI Agents Lab LLC (500 4th St NW, Suite 102, Albuquerque, NM 87102, USA). "We," "our," and "us" refer to AI Agents Lab LLC. This Privacy Policy explains exactly what data we collect, why we collect it, who we share it with, how long we keep it, and what controls you have. It applies to our website, our hotelier dashboard, and our ChatGPT app (the MCP server at mcp.directbookai.com).

If you have questions, contact our privacy team at privacy@directbookai.com.

1. Who this policy applies to

  • Hoteliers who create an account on directbookai.com to list their property.
  • End users of AI assistants (ChatGPT, Claude, Gemini, and similar) who interact with hotels through our MCP server.
  • Website visitors who browse directbookai.com.

2. Data we collect

2.1 Account data (hoteliers)

Name, email address, password hash, and business information, collected through our authentication and billing provider Clerk.

2.2 Hotel data (hoteliers)

Property descriptions, photos, amenities, address, contact details, pricing rules, booking-engine URL and configuration, theme preference, and any review imports. Provided by you through the dashboard.

2.3 Subscription data (hoteliers)

Subscription tier, plan features, and billing email. Subscriptions and payments are managed entirely by Clerk Billing. We never see, receive, or store any card number, CVV, expiry date, or other raw payment-instrument data β€” Clerk Billing handles all of that on its own infrastructure. We only learn the resulting subscription state (active plan, renewal date, cancellation status) through Clerk webhooks.

2.4 MCP usage data (end users of AI assistants)

When an AI assistant calls our get_hotel_info tool, we record an anonymous demand-analytics event in our hotel_stats table. The table has the following columns and no others:

| Column | Type | What we store | |---|---|---| | hotel_id | UUID | The internal ID of the hotel that was looked up | | date | DATE (YYYY-MM-DD) | The day of the request, in UTC | | visits | INTEGER | Per-day counter, incremented on each call | | locales | TEXT[] | Distinct values of _meta["openai/locale"] seen that day (e.g., "en", "es") | | countries | TEXT[] | Distinct values of _meta["openai/userLocation"].country seen that day (e.g., "US", "ES") β€” country only, never region or city | | source | TEXT | Value of _meta.source, defaulting to "mcp" |

These three _meta keys are the only fields we read from the AI assistant's request metadata. Every other field β€” including any conversation ID, request ID, user ID, account ID, IP address, precise location, user-agent, or free-text content β€” is discarded in memory and never persisted, logged, or transmitted anywhere.

We do not record user identifiers, conversation history, IP addresses, precise location, payment data, health data, government identifiers, or the natural-language text of the AI conversation outside the specific tool argument.

The other five MCP tools (get_hotel_prices, search_hotels_by_city, discover_hotels, ask_hotel, get_hotel_contact) do not write any analytics row. They read from Supabase, return the response, and retain nothing.

2.5 Tool input and output (real-time, not stored long-term)

The arguments passed to each tool by the AI assistant are processed in memory to produce a response. See Section 3 for the complete per-tool breakdown of every input received, every output returned, and every third-party call made. Tool inputs are not retained beyond the anonymous usage event described in 2.4.

2.6 Cookies and logs

  • Cookies: authentication, locale preference, and cookie-consent state. See our Cookie Policy.
  • Analytics: we do not currently run any third-party web analytics (no Google Analytics, no Plausible, no Segment) on directbookai.com. If we add one in the future, we will update Β§5 and the Cookie Policy first and ask for your consent where required.
  • Server logs: standard HTTP request logs (path, status, timing, user-agent) retained for security and debugging. IP addresses in logs are truncated to /24 (IPv4) or /48 (IPv6) within 7 days.

2.7 Support correspondence

Emails you send to support@directbookai.com or privacy@directbookai.com, including any attachments and metadata.

3. ChatGPT App / MCP tool inputs and outputs

Our ChatGPT app exposes six tools. Each tool receives only the specific arguments listed below β€” we do not receive the rest of your ChatGPT conversation, prior messages, or any content not passed as an argument to a tool. A seventh tool, send_email_to_hotel, exists in the source code but is disabled in production; it is not registered with the MCP server and cannot be invoked.

3.1 get_hotel_info

  • Inputs (from the AI assistant): hotelId (string β€” hotel name, full or partial).
  • Outputs (to the AI assistant): hotel internal id, name, stars, average rating, full description, website URL, picture URL, GIF URL, visual format, city + city ID, region, country code, country name, latitude/longitude, chain name, amenities list, tags list, booking-engine name + booking-engine ID, currency code, widget theme tokens, and any currently-active promotions for that hotel.
  • Third-party calls: Supabase (read-only, server-side).
  • Side effect: writes one row/increment to the hotel_stats analytics table described in Β§2.4. No user identifier is involved.

3.2 get_hotel_prices

  • Inputs (from the AI assistant): hotelName (string); optional city, country, checkIn (YYYY-MM-DD), checkOut (YYYY-MM-DD), adults (number, default 2), currency (default "EUR"), board (room_only / breakfast / half_board / full_board), locale (en/es/fr/de/it).
  • Outputs (to the AI assistant): the cheapest available room rate matching the requested board type, pulled live from the hotel's own booking engine β€” including price per night, total, currency, room name, board, source label, check-in / check-out dates, number of nights, and adult count; plus any active promotions for that hotel and the locale-specific labels for the widget.
  • Third-party calls:
    • Supabase (read-only) to look up the hotel's booking-engine configuration.
    • Our internal price service at https://hotel-prices.superairouter.com/scrape (operated by us on DigitalOcean) β€” for hotels with a configured direct booking engine. Request payload: { engine, hotel_id, check_in, check_out, adults, children, currency, lang, config }. No user data leaves our infrastructure.
    • Our internal aggregator at ${PRICE_API_URL}/api/prices (operated by us on DigitalOcean) β€” fallback for hotels without a direct engine. Request payload: { hotel_name, city, country, check_in, check_out, adults, currency }. No user data leaves our infrastructure.
  • Side effect: none.

3.3 search_hotels_by_city

  • Inputs: city (string), optional country (string).
  • Outputs: an array of hotel records from our database, each containing the same fields documented in Β§3.1 plus a country_name for the city overall.
  • Third-party calls: Supabase (read-only).
  • Side effect: none.

3.4 discover_hotels

  • Inputs: query (natural-language text), optional maxResults (number, default 5).
  • Outputs: hotels ranked by semantic similarity to the query, each record containing the Β§3.1 fields plus a match_score percentage (similarity * 100).
  • Third-party calls:
    • OpenAI Embeddings API (text-embedding-3-small) β€” the raw query text is transmitted to OpenAI to generate an embedding vector for vector search. OpenAI processes this query under its own API data-usage terms and does not use API inputs to train its models by default.
    • Supabase + pgvector (read-only) to rank hotels against the embedding.
  • Side effect: none.
  • If you do not want query text sent to OpenAI, do not use natural-language discovery β€” use search_hotels_by_city instead.

3.5 ask_hotel

  • Inputs: hotelName (string), question (string β€” the guest's natural-language question).
  • Outputs: the hotel name, stars, location, the guest's question echoed back, the hotel's short description, the hotel's full description (which may include policies, house rules, and check-in/out times), amenities list, tags list, and website URL.
  • Third-party calls: Supabase (read-only).
  • Side effect: none. The question is included in the response payload sent back to the AI assistant but is not stored, logged, sent to OpenAI, or transmitted to any third party.

3.6 get_hotel_contact

  • Inputs: hotelName (string).
  • Outputs: hotel name, phone number, email address, website URL, street address, ZIP / postal code, city name, country name. These are the hotel's business contact details (which the hotel publishes), not those of any individual guest.
  • Third-party calls: Supabase (read-only).
  • Side effect: none.

3.7 What the widget loads in your browser

When ChatGPT renders one of our widgets, the widget runs inside an iframe in your browser. The widget's Content Security Policy (CSP) allows it to load resources from only one domain:

  • https://ezgqfsfmawiwdvbivszo.supabase.co β€” hotel photos and theme assets stored in our Supabase Storage bucket. Supabase acts as our processor under a data-processing agreement (see Β§5).

The widget does not load images, fonts, or scripts from any other third-party domain. There are no third-party trackers, no analytics pixels, no advertising beacons, and no embedded content from social networks or aggregators.

If a hotel-info widget displays a "View on Google Maps" link, the link opens in a new browser tab when you click it β€” Google only learns about you if you click. The widget itself does not contact Google to render the page.

3.8 Summary

No tool other than discover_hotels sends user-supplied text to OpenAI's APIs. No tool sends user-supplied text to any other third-party AI provider. All other tools read only from our own Supabase database and, for get_hotel_prices, from our own internal price service hosted on DigitalOcean.

4. How we use your data β€” and how we don't

4.1 Purposes and legal bases

| Purpose | Data used | Legal basis (GDPR) | |---|---|---| | Provide the hotelier dashboard and MCP service | Account, hotel, subscription data | Contract (Art. 6(1)(b)) | | Manage subscriptions and billing | Subscription data | Contract | | Distribute hotel data to AI assistants (core service) | Hotel data | Contract | | Generate semantic search results | The query text from discover_hotels | Contract β€” only when the user invokes that tool | | Aggregated demand analytics for hoteliers | MCP usage data (Section 2.4) | Legitimate interest (Art. 6(1)(f)) β€” helping hoteliers understand demand for their property | | Security, abuse prevention, fraud detection | Server logs, account data | Legitimate interest | | Customer support | Support correspondence | Contract / legitimate interest | | Legal compliance (tax, accounting, law-enforcement requests) | Account, subscription data | Legal obligation (Art. 6(1)(c)) | | Aggregate, non-identifying product improvement | Analytics | Legitimate interest |

4.2 What we do not do with your data

  • We do not sell personal data.
  • We do not share or rent personal data for cross-context behavioral advertising.
  • We do not use your data, your hotel data, or any tool input to train, fine-tune, or evaluate AI models β€” ours or any third party's.
  • We do not retain the natural-language text of discover_hotels queries or ask_hotel questions beyond the duration of the request (only the anonymous event in Section 2.4 is kept).
  • We do not profile end users or build advertising audiences.
  • We do not make automated decisions producing legal or similarly significant effects about you (see Section 11).

5. Recipients and sub-processors

We share data only with the following service providers, each acting as a processor under a data-processing agreement:

| Recipient | Purpose | Data shared | Region | |---|---|---|---| | Clerk (incl. Clerk Billing) | Authentication, account management, subscription billing, and all card-payment processing. Clerk Billing handles every aspect of payments end-to-end on our behalf, including transactional emails relating to your account (sign-up, verification, billing receipts). | Account data, billing email, subscription state | USA | | Supabase | PostgreSQL database, file storage (hotel photos), pgvector similarity search. Supabase Storage URLs are also loaded directly by the widget iframe in your browser (see Β§3.7). | Account, hotel, MCP analytics | USA / EU | | Vercel | Web app hosting, serverless functions, and edge delivery for directbookai.com. | All directbookai.com traffic in transit | Global edge | | OpenAI | Embedding generation for discover_hotels only β€” no other tool calls OpenAI. | Natural-language query text from discover_hotels | USA | | DigitalOcean | Hosting for our MCP server (mcp.directbookai.com) and our internal price service (hotel-prices.superairouter.com, plus the aggregator API). | MCP tool inputs in transit; price-search arguments | USA |

We do not currently use Mailgun, Resend, Google Analytics, Unsplash, Google Fonts, or any other third-party analytics, image-CDN, or email-marketing provider that would receive end-user request data on our behalf. If we add any such service in the future, this section will be updated before that service is enabled in production.

AI assistants (ChatGPT, Claude, Gemini, etc.) receive hotel data and tool outputs as part of the core service. They are independent controllers of any conversation data on their side and have their own privacy terms.

We may also disclose data when required by law, court order, or to protect our rights, property, or safety, or those of our users or the public.

6. International data transfers

We are based in the United States. Data may be transferred to and processed in the USA and other countries where our sub-processors operate. For transfers from the EU/UK/Switzerland, we rely on the EU Standard Contractual Clauses (SCCs) and equivalent UK/Swiss safeguards, supplemented with technical and organizational measures. Copies are available on request to privacy@directbookai.com.

7. Data retention

| Data category | Retention period | |---|---| | Account data (active account) | For the lifetime of your account | | Account data (after deletion request) | Purged within 30 days of confirmed deletion request, except where law requires longer retention (see below) | | Hotel data | Lifetime of the account; deleted with the account | | Subscription / billing records | 7 years (US/EU tax and accounting law) | | Card-payment data | Held exclusively by Clerk Billing under its retention policy β€” never by us | | hotel_stats rows (Section 2.4) | 12 months, then deleted or aggregated into non-identifying statistics | | Tool inputs / outputs (Section 3) | Not retained beyond the request, except as the anonymous hotel_stats row in Β§2.4 | | Server logs | 30 days; IPs truncated within 7 days | | Support correspondence | 24 months after last contact | | Cookies | See Cookie Policy | | Backups | Encrypted; rotated out within 35 days |

8. Your rights and controls

Regardless of where you live, you can:

  • Access the personal data we hold about you (via dashboard export or email request).
  • Correct inaccurate data through your dashboard or by emailing us.
  • Delete your account and all associated personal data β€” purge within 30 days.
  • Export your data in a portable JSON format from the dashboard, or by request.
  • Object to or restrict processing based on legitimate interest.
  • Withdraw consent at any time where processing is based on consent (e.g., non-essential cookies).
  • Manage cookies through the cookie-consent banner or your browser settings.
  • Lodge a complaint with a supervisory authority.

EU/UK/EEA residents (GDPR): all rights above, plus the right to complain to your national Data Protection Authority.

California residents (CCPA/CPRA): rights to know, delete, correct, and opt out of "sharing" or "selling." We do not sell or share personal information for cross-context behavioral advertising.

End users of AI assistants: because MCP tool calls are anonymous (no user identifier is collected), we cannot tie an event back to an individual to action a request. If you want to confirm what we do receive in those calls, see Section 3 β€” it is exhaustive.

To exercise any right, email privacy@directbookai.com from the address on file. We respond within 30 days.

9. Security

We use industry-standard safeguards:

  • TLS 1.2+ for all data in transit.
  • Encryption at rest (Supabase, Vercel storage, Clerk).
  • Row-Level Security in Supabase, gated by Clerk-issued JWTs.
  • Principle-of-least-privilege access for staff.
  • Regular dependency and security review.

No system is perfectly secure. If we discover a breach affecting your personal data, we will notify you and the relevant authorities within 72 hours where required by law.

10. Children's privacy

DirectBookAI is a B2B service for hotel operators and is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact privacy@directbookai.com and we will delete it.

11. Automated decision-making

We do not make decisions producing legal or similarly significant effects about you using solely automated means. Vector similarity in discover_hotels ranks hotels but does not make decisions about people.

12. Changes to this policy

We will post any updates to this page and update the "Last updated" date at the top. For material changes, we will notify account holders by email at least 14 days before the change takes effect.

13. Contact

  • Privacy questions / data-subject requests: privacy@directbookai.com
  • General support: support@directbookai.com
  • Postal address: AI Agents Lab LLC, 500 4th St NW, Suite 102, Albuquerque, NM 87102, USA