DATA PRIVACY

Last updated May 15, 2026

When a hotel, resort, or hospitality brand chooses VIVI, you are entrusting us with one of your most valuable assets — your guest conversations. You trust that the privacy and confidentiality of the data flowing through our AI agents will be protected, and that it will be used only to deliver the service you have chosen. This page explains, in plain language, how we treat that data. For the legal text, see our Privacy Policy and Terms & Conditions.

1. YOU OWN YOUR DATA

The conversations your VIVI agents have with your guests, the phone numbers your guests opt in with, the messages we send on your behalf, and the logs and metadata generated by your AI agents — all of it belongs to you, our customer.

  • We do not sell your data. Not to advertisers, not to data brokers, not to anyone.
  • We do not share your data with third parties for marketing. Not ours, not theirs.
  • We do not mine your data. We do not analyze your guest conversations to train external models, build marketing audiences, or generate insights for anyone other than you.
  • We do not share opt-in phone numbers with affiliates or partners. A phone number a guest gives to your property stays inside your account. It is never resold, rebundled, or made available to any other VIVI customer.

We process your data only to deliver the service you have chosen — running the AI agents, routing the messages, and holding the records you need to operate and to comply with your obligations as the business of record on the campaign. When your subscription ends, your data is removed from our systems according to a documented retention schedule. You may request deletion at any time.

2. TWO KINDS OF DATA, TREATED DIFFERENTLY

VIVI handles two very different categories of data. We keep them clearly separated and describe them in separate documents so no one has to guess.

Marketing-website data — covered by our Privacy Policy. When you browse vivi.bot, we collect the kind of analytics any modern marketing site collects: cookies, IP address, page-view events, referral sources, and form submissions when you ask us to contact you. This is the data covered by our Privacy Policy and our cookie banner. You can opt out of non-essential tracking at any time.

Platform and conversational data — covered by this page and our Terms & Conditions. When your VIVI AI agents talk to guests on your behalf, every part of that conversation — the phone number, the message content, the timestamps, the agent’s response, the routing metadata — is your business’s data, not ours. We are the processor of this data. You are the controller and owner. We hold it, secure it, route it, and surface it back to you in your VIVI dashboard. We do not use it for anything else.

This distinction matters: a carrier reviewer, a compliance auditor, or a prospect should be able to read our policies and reach exactly one conclusion — that VIVI does not share or sell consumer opt-in data, conversation content, or any phone number that an end user gives to one of our customers.

3. WE SECURE YOUR DATA AT REST AND IN TRANSIT

  • In transit. All data moving between guests, your dashboard, and our infrastructure is encrypted with industry-standard TLS.
  • At rest. All conversational data, message logs, and opt-in records are encrypted with AES-256 in our cloud infrastructure.
  • Carrier-grade messaging. SMS and MMS are delivered through Twilio, our contracted communications processor. Twilio operates under contract as our subprocessor and is bound by the same data-handling commitments described here. Twilio’s privacy notice is available at twilio.com/legal/privacy.
  • Access controls. Internal access to customer data is limited to the smallest number of VIVI personnel needed to support the service, gated by role-based permissions and logged for audit.

4. WE DEFEND YOUR DATA

We believe a customer’s data is the customer’s. When a government, law-enforcement agency, or any third party asks for data tied to your account, we direct them to you first.

  • We do not give any government direct or open-ended access to customer data.
  • We scrutinize every legal demand for validity and scope and narrow what we produce to the minimum required by law.
  • If we are compelled to disclose customer data, we notify you promptly and provide a copy of the demand — unless we are legally prohibited from doing so.

5. STANDARDS WE FOLLOW

VIVI is built to align with the privacy and consumer-protection standards that apply to hospitality SMS communications:

  • A2P 10DLC. Application-to-Person 10-Digit Long Code campaign requirements set by US wireless carriers.
  • CTIA Messaging Principles and Best Practices. Including opt-in consent, opt-out keywords (STOP, UNSUBSCRIBE, CANCEL, END, QUIT), HELP responses, and message-frequency disclosures.
  • TCPA. Telephone Consumer Protection Act consent rules for automated SMS to mobile numbers.
  • Hospitality-aligned handling. Guest data such as room number, stay dates, and PII is treated with the same level of confidentiality your property already maintains under its existing privacy program.

6. QUESTIONS ABOUT YOUR DATA

For specific data requests — access, correction, deletion, export — reach our privacy team at [email protected] or talk to your VIVI account contact. For the full legal text see the Privacy Policy and Terms & Conditions.

We will update this page when our data practices change. Material changes will be noted with a revised date at the top.