Privacy Policy
Effective Date: March 23, 2026
This Privacy Policy describes how Abra Hospitality, Inc. (“Abra,” “we,” “our,” or “us”) collects, uses, and shares information about you. It covers two contexts: (1) your use of abrahospitality.com and any subdomains or pages therein (the “Site”); and (2) Abra’s role as a software provider to hotel customers. Please read this policy carefully.
Note on hotel guest data. When Abra processes personal data on behalf of a hotel customer through its software platform—including hotel guest data—Abra does so as a data processor acting on that hotel’s instructions. That processing is governed by the Data Processing Addendum in Abra’s Master Services Agreement with each customer, not by this policy. This policy does not apply to hotel guests seeking information about how their data is handled; those individuals should contact the hotel directly.
1. Information We Collect
1.1 Information You Provide Directly
We collect information you choose to give us, including when you:
- Fill out a contact, demo request, or inquiry form (name, business name, job title, email address, phone number, and any message content you include);
- Subscribe to our email list or request product updates (email address and name); or
- Correspond with us by email or through the Site.
1.2 Information Collected Automatically
When you visit the Site, we and our service providers automatically collect certain technical and usage information, including:
- Log data: IP address, browser type and version, operating system, referring URL, pages viewed, and timestamps;
- Device information: device type, screen resolution, and language settings;
- Usage data: how you navigate the Site, which pages you visit, and how long you spend on them; and
- Cookies and similar technologies: as described in Section 4 below.
- Business visitor identification: We use a third-party service (RB2B) that may identify individual business visitors to the Site by matching device identifiers, cookies, and IP addresses against its data network. This service operates only for visitors located in the United States and may provide us with your name, business email address, job title, company name, and LinkedIn profile URL.
1.3 Information We Do Not Collect
We do not collect sensitive personal information such as government identification numbers, financial account details, health or medical information, biometric data, or precise geolocation through the Site.
2. How We Use Your Information
We use the information we collect for the following purposes:
| Purpose | Examples | Legal Basis |
|---|---|---|
| Respond to inquiries | Reply to demo requests, contact form submissions | Legitimate interest / contract performance |
| Send requested communications | Product updates, newsletter (if opted in) | Consent |
| Improve the Site | Analyze traffic patterns, fix errors, optimize pages | Legitimate interest |
| B2B visitor identification | Identify prospective business customers visiting the Site, enable sales outreach | Legitimate interest |
| Security and fraud prevention | Monitor for abuse, protect the integrity of the Site | Legitimate interest / legal obligation |
| Legal compliance | Respond to legal process, enforce our Terms | Legal obligation |
| Business transitions | Due diligence for mergers, acquisitions, or financing | Legitimate interest |
We do not use your information for automated profiling or make automated decisions that have legal or similarly significant effects on you.
3. How We Share Your Information
We do not sell, rent, or trade your personal information to third parties for their own marketing purposes. We share your information only in the following circumstances:
3.1 Service Providers
We share information with third-party vendors who perform services on our behalf, such as website hosting, analytics, email delivery, and CRM platforms. These vendors are contractually required to use your information only to provide services to us and to protect it appropriately. A list of our current sub-processors is available at abrahospitality.com/subprocessors.
3.2 Business Transfers
If Abra is involved in a merger, acquisition, financing, or sale of all or substantially all of its assets, your information may be transferred as part of that transaction. We will notify you by updating this policy or by other reasonable means before your information is transferred and becomes subject to a different privacy policy.
3.3 Legal Requirements
We may disclose your information if required to do so by law, court order, or governmental authority, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Abra, our customers, or the public.
3.4 With Your Consent
We may share your information for any other purpose with your prior consent.
4. Cookies and Similar Technologies
4.1 What We Use
We use cookies and similar technologies (such as pixels and local storage) to operate the Site, understand how visitors use it, and improve your experience. The categories of cookies we use are:
- Strictly necessary: Required for the Site to function (e.g., security, session management). These cannot be disabled.
- Analytics and performance: Help us understand traffic and usage patterns (e.g., Google Analytics). These are set only with your consent where required by law.
- Functional: Remember your preferences to improve your experience (e.g., language settings).
- Visitor identification: We use RB2B, a third-party B2B visitor identification service, which sets cookies and uses device identifiers to match Site visitors against its data network. This service is limited to visitors located in the United States and is used solely for business-to-business sales purposes. You can learn more about RB2B’s data practices at rb2b.com/privacy-policy.
4.2 Your Choices
Most browsers allow you to control cookies through their settings. You can also opt out of Google Analytics by installing the Google Analytics Opt-Out Browser Add-On. Note that disabling certain cookies may affect the functionality of the Site.
Where required by law (including for visitors from the EU/EEA/UK), we present a cookie consent banner through which you can accept or decline non-essential cookies. We honor opt-out signals such as the Global Privacy Control (GPC) where applicable.
5. Data Retention
We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, to comply with applicable legal obligations, and to resolve disputes or enforce our agreements. In general:
- Contact and inquiry data: retained for up to three (3) years from the date of last contact, unless you request deletion earlier.
- Email marketing data: retained until you unsubscribe or request deletion.
- Analytics and log data: typically retained in identifiable form for up to twenty-six (26) months, then aggregated or deleted.
When we no longer need your personal information, we delete it or de-identify it so that it cannot be associated with you.
6. Data Security
We maintain reasonable technical and organizational measures designed to protect your personal information against unauthorized access, loss, misuse, or alteration. These include encryption of data in transit (TLS), access controls limiting who can access personal data, and use of reputable cloud infrastructure providers.
No method of transmission or storage is completely secure. While we work hard to protect your information, we cannot guarantee absolute security. If you believe your information has been compromised, please contact us promptly at hello@abrahospitality.com.
7. Your Privacy Rights
7.1 General Rights
Depending on where you are located, you may have the following rights with respect to your personal information:
- Access: Request a copy of the personal information we hold about you.
- Correction: Request that we correct inaccurate or incomplete information.
- Deletion: Request that we delete your personal information, subject to certain exceptions (e.g., legal obligations).
- Restriction: Request that we limit our processing of your information in certain circumstances.
- Portability: Request that we provide your information in a structured, machine-readable format.
- Objection: Object to our processing of your information where we rely on legitimate interests as our legal basis.
- Withdraw consent: Where we process your information based on consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.
7.2 California Residents (CCPA/CPRA)
If you are a California resident, you have the right to know what personal information we collect, use, disclose, and sell; the right to delete your personal information; the right to correct inaccurate personal information; and the right to opt out of the sale or sharing of your personal information. We do not sell or share personal information as defined under the CCPA/CPRA. You have the right to non-discrimination for exercising your privacy rights.
To submit a CCPA request, please contact us using the information in Section 12. We will respond within 45 days. You may designate an authorized agent to make a request on your behalf.
7.3 EU/EEA/UK Residents (GDPR / UK GDPR)
If you are located in the European Union, European Economic Area, or United Kingdom, Abra acts as a data controller with respect to your personal information collected through the Site. Our legal bases for processing are: (a) performance of a contract or pre-contractual steps (for responding to your inquiries); (b) legitimate interests (for analytics and site improvement, subject to a balancing test); and (c) consent (for non-essential cookies and email marketing).
You have the right to lodge a complaint with your local supervisory authority if you believe we have processed your personal information in violation of applicable law. For EU residents, the lead supervisory authority contact list is available at edpb.europa.eu.
7.4 How to Exercise Your Rights
To exercise any of the rights described above, please contact us at hello@abrahospitality.com with the subject line “Privacy Request.” We will respond within the timeframe required by applicable law (generally 30–45 days). We may need to verify your identity before processing your request.
8. International Data Transfers
Abra is based in the United States, and the information we collect is processed and stored in the U.S. If you access the Site from outside the U.S., your information will be transferred to, processed, and stored in the U.S., which may have data protection laws different from those in your country.
For transfers of personal data from the EU/EEA or UK to the U.S., we rely on Abra’s participation in the EU–U.S. Data Privacy Framework (DPF) or, where required, on Standard Contractual Clauses (SCCs) as approved by the European Commission. By using the Site, you acknowledge this transfer and our use of appropriate safeguards.
9. Third-Party Sites
The Site may contain links to third-party websites or embedded content. This Privacy Policy does not apply to those sites. We encourage you to review the privacy policies of any third-party sites you visit. We have no control over, and are not responsible for, the privacy practices of third parties.
10. Abra as a Data Processor for Hotel Customers
In addition to operating the Site, Abra provides a software platform to hotel customers. In that context, Abra acts as a data processor: it processes personal data—which may include hotel guest information such as names, contact details, reservation history, and preferences—solely on behalf of and under the instructions of each hotel customer (the data controller).
10.1 Legal Basis and Governing Documents
Abra’s processing of hotel customer data is governed by the Data Processing Addendum (DPA) attached to each customer’s Master Services Agreement. The DPA specifies the subject matter, duration, nature, and purpose of processing, the types of personal data involved, and the rights and obligations of both parties. In the event of any conflict between this Privacy Policy and a customer’s DPA, the DPA controls for matters relating to that customer’s data.
10.2 What Abra Does With Hotel Customer Data
Abra processes hotel customer data only to deliver the services described in the applicable agreement. Abra does not sell, share, or use hotel customer data for its own marketing or analytics purposes. Abra may use de-identified or aggregated data derived from its platform for service improvement and product development, provided that such data cannot reasonably be used to identify any individual.
10.3 Subprocessors
Abra engages third-party subprocessors to help deliver its software platform. A current list of subprocessors that may process hotel customer data is maintained at abrahospitality.com/subprocessors. Abra provides hotel customers with 30 days’ prior notice of material changes to its subprocessor list, as described in the DPA.
10.4 Security and Breach Notification
Abra maintains technical and organizational security measures appropriate to the risk of processing hotel customer data, including encryption in transit and at rest, logical access controls, and use of reputable cloud infrastructure providers. In the event of a confirmed personal data breach affecting hotel customer data, Abra will notify the affected customer without undue delay as required by applicable law and the applicable DPA.
10.5 Data Subject Rights
If you are a hotel guest seeking to exercise rights over your personal data (such as access, correction, or deletion), please contact the hotel directly. The hotel, as data controller, is responsible for responding to such requests. Abra will assist its hotel customers in fulfilling data subject requests as required under the applicable DPA.
10.6 International Transfers of Hotel Customer Data
Hotel customer data is primarily processed and stored in the United States. Where hotel customers are located in the EU/EEA or UK and transfer personal data to Abra, such transfers are made pursuant to Standard Contractual Clauses or Abra’s participation in the EU–U.S. Data Privacy Framework, as specified in the applicable DPA.
11. Updates to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will revise the “Last Updated” date at the top of this page and, where appropriate, notify you by email or by a notice on the Site. We encourage you to review this policy periodically. Your continued use of the Site after any update constitutes acceptance of the revised policy.
We will review this policy at least annually and whenever we make material changes to our data practices.
12. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Abra Hospitality, Inc.
Attn: Privacy
1215 S. Kihei Road, Suite O #244
Kihei, HI 96753
Email: hello@abrahospitality.com
Website: www.abrahospitality.com
© 2026 Abra Hospitality, Inc. All rights reserved.