1. Introduction
Welcome to StayCore AI (hereinafter referred to as "we" or "us"). We understand the importance of your personal information and are committed to protecting its security. This Privacy Policy applies to all personal information you provide through the StayCore AI mobile application and related services.
Operator: This service is operated by Walling Tech Limited (Chongqing Walling Zhilv Technology Co., Ltd.).
Please read and understand this Privacy Policy carefully before using our services. If you do not agree with any part of this Privacy Policy, you should immediately stop using our services.
2. Information We Collect
2.1 Information You Actively Provide
- Email Address: Used for account registration, login verification, password reset, and account security
- Business Contact Numbers: Hotel front desk phone numbers, guest contact phone numbers, feedback callback numbers, and other phone numbers you voluntarily submit, used for hotel information display, guest-service follow-up, and issue handling
- Hotel Name: Used to initialize your hotel workspace
- Hotel Photos: Used for AI photo retouching, content generation, and other features
- Brand VI Information: Including logos and color schemes, used to generate brand-consistent marketing content
- Chat Content: Used for guest service communication (e.g., check-in guide, complaint handling)
2.2 Automatically Collected Information
- Device Information: Device model, operating system version, device unique identifier, used for multi-device management and push notifications
- Usage Data: Credit consumption records, tool usage frequency, used to provide a better service experience
- Voice Data: Collected temporarily only when you use voice translation and similar features; not persistently stored after processing
2.3 Information We Do Not Collect
We do not collect sensitive personal information such as your ID number, bank card number, precise geographic location (GPS), contacts, or SMS content.
Smart Guest Profiling: when this feature is used, we do not collect, transmit, or store guest names, document numbers, phone numbers, ID-document photos, face photos, or other direct identifiers. Only redacted service profile fields such as nationality, age range, gender, and room type are used to generate service suggestions.
3. How We Use Information
The information we collect is used solely for the following purposes:
- Providing, maintaining, and improving our services
- AI content generation (OTA listings, rate cards, check-in guides, etc.)
- Guest communication services (chat, complaint handling, inbound tourist assistant)
- Account security management (email verification codes, password login, multi-device management)
- Processing business contact numbers you voluntarily submit for hotel information display, guest-service follow-up, and feedback callback
- Credits and membership service management
- Sending service-related notifications (e.g., system updates, security reminders)
Important Statement: We do not use your personal information for advertising, user profiling, or any commercial purpose unrelated to the services.
4. Information Storage and Security
4.1 Storage Method
Your personal information is stored on our secure servers. We adopt the following technical measures to protect your information:
- Transport layer encryption: All data transmission uses TLS 1.2+ encryption
- Storage encryption: Sensitive information (e.g., API keys) is encrypted with AES-256
- Access control: Strict identity authentication and permission management
- Security auditing: Regular security checks and vulnerability scanning
4.2 Retention Period
We retain your personal information only for the period necessary to fulfill the purposes stated in this Privacy Policy. Upon account deletion, we will delete or anonymize your personal information within a reasonable period.
5. Information Sharing
We do not sell, rent, or otherwise provide your personal information to third parties, except in the following circumstances:
- AI Service Providers: We use third-party AI services for content generation, transmitting only necessary processing data (e.g., photos, copywriting materials), without transmitting your account information
- Legal Requirements: When required by law or government authorities
- Safety Protection: When necessary to protect the personal or property safety of you or the public
6. Third-Party SDK List
To provide complete services, our application integrates the following third-party SDKs. All SDKs are initialized only after you agree to this Privacy Policy and complete login. Data collection is strictly limited to what is necessary for the SDK to provide its services.
6.1 JPush (Aurora Push)
- Provider: Shenzhen Hexun Huagu Information Technology Co., Ltd.
- Purpose: Push business notifications such as orders, complaints, and chat messages to your device
- Information Collected: Device identifier (Registration ID), OS version, device model, network status
- Collection Method: Automatically collected by the SDK after user login
- Privacy Policy: https://www.jiguang.cn/license/privacy
6.2 Third-Party AI Services
- Purpose: Content generation and processing features such as OTA listing generation, hotel photo AI retouching, poster design, city exploration map, and phone translation
- Information Collected: Only the materials you actively upload (hotel photos, brand colors, copy, text awaiting translation)
- Collection Method: Triggered only when you actively use the corresponding features, invoked through our backend proxy; the frontend never connects directly to any third-party AI endpoint. No account information, contacts, or location is transmitted
- Transmission Security: TLS 1.2+ encrypted throughout; no persistent storage after processing
6.3 Amap SDK (AutoNavi)
- Provider: AutoNavi Software Co., Ltd.
- Purpose: City exploration maps, hotel address lookup, nearby attraction display, and launching external map navigation
- Information Collected: Hotel coordinates, destination coordinates, POI keywords, and other map query parameters that you actively enter, select, or confirm. The App currently does not request device GPS permissions
- Collection Method: Triggered when you actively open map-related features, search for places, or start navigation
- Privacy Policy: https://lbs.amap.com/pages/privacy/
6.4 Alibaba Cloud Content Moderation (Green SDK)
- Provider: Alibaba Cloud Computing Co., Ltd.
- Purpose: Identify illegal or non-compliant content in user-generated content (forum, chat, complaint, avatar) to ensure platform safety
- Information Collected: Text or image content awaiting moderation (called by our backend; frontend does not connect directly)
- Privacy Policy: https://help.aliyun.com/document_detail/158676.html
6.5 WeChat Pay SDK
- Provider: Tenpay Payment Technology Co., Ltd.
- Purpose: Membership subscription and credit top-up payments
- Information Collected: Necessary payment information (order amount, order number); no bank card information
- Collection Method: Triggered only when you actively initiate a payment
- Privacy Policy: https://pay.weixin.qq.com/
6.6 Alipay SDK
- Provider: Alipay (China) Network Technology Co., Ltd.
- Purpose: Membership subscription and credit top-up payments
- Information Collected: Necessary payment information (order amount, order number); no bank card information
- Collection Method: Triggered only when you actively initiate a payment
- Privacy Policy: https://render.alipay.com/
6.7 Apple In-App Purchase (StoreKit) — iOS Only
- Provider: Apple Inc.
- Purpose: Membership subscription and credit top-up on iOS
- Information Collected: Handled independently by Apple; we do not access your Apple ID or payment credentials
- Data We Receive: Only the purchase receipt token (transactionId / receipt) returned by Apple, which our server uses to verify transaction authenticity with Apple and grant the corresponding subscription benefits or credits. We do not receive your Apple ID, payment method, card information, or full transaction details
- Server-to-Server: We use Apple's App Store Server API to validate receipts and receive App Store Server Notifications V2 to synchronize subscription lifecycle events (auto-renewal, refunds, upgrades, downgrades, etc.)
SDK List Update Notice: This list will be updated alongside product feature updates. If third-party SDKs are added or changed, we will update this page and notify you in the application.
7. Cookies and Similar Technologies
Our mobile application does not use cookies. Guest-facing H5 web pages may use localStorage to store essential information such as language preferences to enhance the user experience. We do not use any third-party tracking technologies.
8. Your Rights
You have the following rights regarding your personal information:
- Access and Correction: You can access and correct your personal profile in "Settings"
- Deletion: You can delete your account and all associated data via "Settings → Account Security → Delete Account"
- Withdrawal of Consent: You may withdraw consent to this Privacy Policy at any time, although this will prevent further use of our services
- Export: To export your personal data, please contact us using the information below
9. Protection of Minors
StayCore AI is a professional tool for hospitality industry practitioners and is not intended for users under 18 years of age. If we discover that we have collected personal information from a minor without verifiable guardian consent, we will delete such information as soon as possible.
10. Multi-Jurisdiction Supplement
The App provides services to hotel operators across multiple regions. The following supplements apply by region:
10.1 Mainland China Users
Your personal information processing activities are governed by the Personal Information Protection Law, the Data Security Law, the Cybersecurity Law, and related implementing regulations of the People's Republic of China. You are entitled to rights including the right to be informed, the right to decide, the right of access and copy, the right of correction and deletion, the right to withdraw consent, the right to data portability, and the right to request explanations.
10.2 Hong Kong SAR Users
Your personal data processing activities are governed by the Personal Data (Privacy) Ordinance (PDPO, Cap. 486). You may, in accordance with the Ordinance, request access to or correction of your personal data, or withdraw consent.
10.3 Southeast Asia Users
- Singapore: Personal Data Protection Act 2012 (PDPA)
- Thailand: Personal Data Protection Act B.E. 2562 (2019) (PDPA)
- Malaysia: Personal Data Protection Act 2010 (PDPA)
- Indonesia: UU Pelindungan Data Pribadi (UU PDP)
- Vietnam: Decree 13/2023/ND-CP on Personal Data Protection (PDPL)
The data-subject rights you are entitled to under the laws of your country / region remain effective. Please exercise them via the contact channels below.
10.4 Other Regions
If your region has applicable local data protection laws, the rights you are entitled to under such laws remain effective. Please exercise them via the contact channels below.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Updated policies will be announced in the application; major changes will require you to re-confirm via a pop-up. Continued use of our services after changes means you accept the updated Privacy Policy.
12. Contact Us