Privacy

Privacy Policy

Last updated April 25, 2026.

Pimsley operates an AI voice receptionist for independent hotels. Running that service means we receive personal information about three groups of people: visitors to this website, employees and owners at hotels that buy our software, and guests of those hotels who call, text, or email a property we are answering for. This policy explains, in plain language, what we collect about each of those groups, why we collect it, how long we keep it, and who we share it with.

If anything in this policy is unclear, write to us at privacy@pimsley.io and a person will reply.

What we collect

Website visitors: Pimsley.io is a static marketing site. We do not set tracking cookies, run third-party analytics, or fingerprint you. Our hosting provider receives standard request logs (IP address, user agent, page requested, timestamp) for security and debugging; we do not link those logs to identities.
Hotel customers: When a hotel signs up for Pimsley, we collect the contact details of the people we work with (name, email, role, phone), the property’s rate sheet and policies, the property’s recorded greeting preferences, and credentials for the property management system the agent will use to make bookings.
Hotel guests: When a guest calls, texts, or emails a property we answer for, we record the conversation, transcribe it, store the metadata (caller number, call duration, time of day, intent), and write any resulting reservation back to that property’s PMS. We disclose recording to every caller before the conversation continues, in compliance with two-party consent laws.

Why we collect it

Service delivery: Most of what we collect is the literal raw material of the service: a conversation we recorded so that the AI receptionist could answer the phone, a rate quote so that the agent knew what to charge, a confirmation number we stored so that the guest could find their booking the next morning.
Debugging and quality: When a call goes wrong, we listen to it. We replay transcripts, we look at where the agent paused or misheard, and we feed those cases back into the prompts and tools that drive the agent. Access to recordings for debugging is restricted to Pimsley employees and is audit-logged.
Model improvement — with explicit consent only: We do not train models on your call recordings or transcripts by default. If a customer wants to opt their property in — for instance, to help us improve the agent’s handling of a specific accent or property type — the opt-in is signed, scoped, and reversible. Without that opt-in, your data is used only to deliver the service to you.

How long we keep it

Call recordings: Ninety days by default. Customers may extend retention up to one year by written request, or shorten it by configuring the agent to delete recordings after each call. Transcripts and metadata follow the same schedule.
Reservations and PMS data: The reservation lives in the property’s PMS, not in Pimsley. We retain the metadata required to attribute the booking (call ID, guest name, dates, room type, total) for the life of the customer relationship plus seven years, to support dispute resolution and tax recordkeeping.
Web logs: Hosting access logs are retained by our provider for thirty days, then deleted on a rolling basis.
Aggregated metrics: Once metrics are stripped of identifiers (call counts, response times, booking rates) we keep them indefinitely so that we can compare period over period.

Subprocessors

Pimsley is built on top of established infrastructure providers. The list below is the full set; we will update this page when it changes.

Vercel: Hosts this website and the customer-facing dashboard.
Neon: Postgres database where we store call metadata, reservations, and hotel configuration.
Cloudflare R2: Object storage for call recordings and audio assets.
Twilio: Telephony — phone numbers, inbound and outbound voice, SMS.
Vapi: Real-time voice orchestration that connects telephony to our AI agent and back.
Anthropic: The large language model that drives the conversation logic of the agent.
ElevenLabs: Text-to-speech voice generation for the agent’s spoken responses.
Upstash: Redis-compatible queue and rate-limiting layer for the voice pipeline.
Clerk: Authentication for the customer dashboard. Stores the email, name, and role of each user we invite.
Google Workspace: Internal email, calendar, and document storage for the Pimsley team.

Your rights

Access: You can ask us for a copy of the personal information we hold about you. For hotel customers this typically means an export of your account and call history; for guests, it typically means the recordings and transcripts of calls you placed to a property we answer for.
Deletion: You can ask us to delete your data. We honour deletion requests within thirty days, except where we are required to retain a record to defend a legal claim or to comply with tax law.
Portability: On request we will provide an export in a structured, common format (JSON for metadata, MP3 for recordings, CSV for reservation history).
Correction: If something we hold about you is wrong, we will fix it.

Contact for privacy concerns

Write to privacy@pimsley.io. That mailbox forwards to hello@pimsley.io and is read by a person, not a queue. We aim to acknowledge within one business day and resolve within thirty.