google-site-verification: google741a6227dc74cf7d.html

Privacy Policy

Stitch hospitality, llc., Privacy Policy

Last Updated: 11.17.25 | Effective Date: 11.17.25

1. Introduction

Stitch Hospitality (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website at stitchhospitality.com, use our services, or otherwise interact with us.

This Privacy Policy applies to residents of California (under the California Privacy Rights Act, “CPRA”), residents of the European Economic Area, United Kingdom, and Switzerland (under the General Data Protection Regulation, “GDPR”), and all other users of our services.

Our Business: Stitch Hospitality provides custom n8n automation solutions exclusively for hotel sales departments, including event inquiry parsing and response, LinkedIn content management, lead prospecting workflows, and proposal generation services.

Contact Information:

  • Email: chris@stitchhospitality.com

2. Data Controller Information

For purposes of GDPR, Stitch Hospitality is the data controller responsible for your personal information.

For questions about this Privacy Policy or our data practices, contact us at chris@stitchhospitality.com

3. Personal Information We Collect

We collect the following categories of personal information:

3.1 Information You Provide Directly

Identifiers:

  • Full name
  • Email address
  • Phone number
  • Business name
  • Job title
  • Company address
  • IP address

Professional/Commercial Information:

  • Hotel or business name
  • Sales department information
  • Event inquiry details
  • Meeting and event requirements
  • Budget information
  • Hotel property details (room inventory, meeting space capacity, amenities)
  • Customer records and inquiries

Communication Data:

  • Email correspondence
  • Form submissions
  • Consultation notes
  • Support requests
  • Feedback and survey responses

Payment Information:

  • Billing name and address
  • Payment method details (processed by [PAYMENT PROCESSOR NAME])
  • Transaction history
  • Invoice records

3.2 Information Collected Automatically

Technical Information:

  • Device type and identifiers
  • Browser type and version
  • Operating system
  • IP address and geolocation data
  • Cookies and similar tracking technologies
  • Website usage data (pages visited, time spent, click patterns)
  • Referral source

Analytics Data:

  • Website interaction metrics
  • Feature usage statistics
  • Error logs and diagnostic data

3.3 Information from Third-Party Sources

We may receive information about you from:

  • Hotel management systems and property management systems
  • Business partners and referral sources
  • Public databases and social media platforms (LinkedIn)
  • Marketing and analytics partners

4. Purposes for Processing Personal Information

We process your personal information for the following purposes:

4.1 Service Delivery (Legal Basis: Contract Performance/Legitimate Interest)

  • Providing custom n8n automation solutions
  • Processing hotel event inquiries and RFPs
  • Generating proposals and responses
  • Managing LinkedIn content posting schedules
  • Lead prospecting and qualification
  • Email automation and communications
  • Technical support and maintenance

4.2 Business Operations (Legal Basis: Legitimate Interest)

  • Processing payments and invoices
  • Managing customer relationships
  • Responding to inquiries and requests
  • Maintaining accounts and records
  • Improving our services and workflows
  • Conducting quality assurance and testing

4.3 Marketing and Communications (Legal Basis: Consent/Legitimate Interest)

  • Sending promotional emails and newsletters
  • Providing product updates and announcements
  • Conducting market research
  • Analyzing customer preferences
  • Remarketing and advertising campaigns

4.4 Legal and Compliance (Legal Basis: Legal Obligation)

  • Complying with applicable laws and regulations
  • Responding to legal requests and court orders
  • Preventing fraud and security threats
  • Enforcing our terms of service
  • Protecting our legal rights

4.5 Analytics and Improvement (Legal Basis: Legitimate Interest)

  • Analyzing website usage and performance
  • Understanding user behavior and preferences
  • Testing new features and workflows
  • Improving automation accuracy and efficiency

5. Third-Party Service Providers and Disclosures

We share your personal information with the following categories of third parties:

5.1 Essential Service Providers

Technology Infrastructure:

  • n8n (Self-Hosted): Workflow automation platform [Note: Clients self-host their own instances]
  • Web Hosting Provider: WordPress
  • WordPress/Astra Theme: Website content management
  • EMAIL SERVICE PROVIDER: Gmail
  • VPS: Kamatera
  • Privacy: Iubenda

AI and Processing Services:

  • OpenAI/Anthropic (Claude): AI-powered text analysis, content generation, and inquiry processing
  • Gamma AI: Automated proposal generation

Data Storage and Database:

  • Google Sheets: Brand DNA storage, hotel data management, pricing structures
  • Supabase: Database operations and storage
  • Dropbox: Image hosting for proposals

Communication Tools:

  • Gmail API: Email automation
  • BOOKING SYSTEM – Calendly: Consultation scheduling

5.2 Payment Processors

  • Stripe: Payment processing and billing
  • We do not store complete credit card numbers

5.3 Analytics and Marketing

  • Google: Website analytics
  • Mailchimp: Email marketing campaigns
  • Google: Remarketing and advertising

5.4 Professional Services

  • Legal advisors and accountants
  • Business consultants
  • IT support and security providers

5.5 Business Transfers

In connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business, personal information may be transferred to successor entities.

5.6 Legal Requirements

We may disclose personal information when required by law, court order, or government regulation, or when necessary to protect our rights, safety, or property.

6. International Data Transfers (GDPR)

If you are located in the EEA, UK, or Switzerland, your personal information may be transferred to and processed in the United States and other countries that may not have equivalent data protection laws.

We ensure appropriate safeguards are in place for such transfers, including:

  • Standard Contractual Clauses approved by the European Commission
  • Data Processing Agreements with third-party processors

7. Data Retention

We retain personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

General Retention Periods:

  • Active Customer Data: Duration of business relationship plus 3 years
  • Prospective Customer Data: 2years from last interaction
  • Marketing Data: Until consent is withdrawn or 2 years of inactivity
  • Transaction Records: 7 years for accounting and tax purposes
  • Support Communications: 3 years
  • Website Analytics: 26 months

Criteria for Determining Retention:

  • Nature and sensitivity of the information
  • Potential risk of harm from unauthorized use or disclosure
  • Purposes for processing
  • Legal and regulatory requirements
  • Ability to achieve purposes through de-identification

Upon expiration of retention periods, we securely delete or anonymize personal information.

8. Your Privacy Rights

8.1 Rights Under CPRA (California Residents)

California residents have the following rights:

1. Right to Know: You can request:

  • Categories of personal information collected
  • Specific pieces of personal information we hold
  • Categories of sources from which information was collected
  • Business purposes for collecting information
  • Categories of third parties with whom information is shared

2. Right to Delete: You can request deletion of your personal information, subject to certain exceptions.

3. Right to Correct: You can request correction of inaccurate personal information.

4. Right to Opt-Out of Sale/Sharing: You can opt out of the sale or sharing of your personal information for cross-context behavioral advertising (see Section 9 below).

5. Right to Limit Use of Sensitive Personal Information: You can limit our use of sensitive personal information (see Section 10 below).

6. Right to Non-Discrimination: We will not discriminate against you for exercising your CPRA rights.

8.2 Rights Under GDPR (EEA, UK, Switzerland Residents)

If you are located in the EEA, UK, or Switzerland, you have the following rights:

1. Right of Access: You can request confirmation of whether we process your personal data and obtain a copy.

2. Right to Rectification: You can request correction of inaccurate or incomplete personal data.

3. Right to Erasure (“Right to be Forgotten”): You can request deletion of your personal data in certain circumstances.

4. Right to Restrict Processing: You can request restriction of processing in certain circumstances.

5. Right to Data Portability: You can receive your personal data in a structured, machine-readable format.

6. Right to Object: You can object to processing based on legitimate interests, direct marketing, or profiling.

7. Right to Withdraw Consent: Where processing is based on consent, you can withdraw consent at any time.

8. Right to Lodge a Complaint: You can lodge a complaint with your local data protection authority:

  • EU: [EU DPA CONTACT]
  • UK: Information Commissioner’s Office (ICO) – ico.org.uk
  • Switzerland: Federal Data Protection and Information Commissioner (FDPIC)

8.3 Rights for All Users

Regardless of location, you may:

  • Update your account information
  • Unsubscribe from marketing emails
  • Disable cookies through browser settings
  • Request information about our data practices

9. Sale and Sharing of Personal Information (CPRA)

9.1 Do We Sell Personal Information?

For monetary consideration: No, we do not sell personal information for monetary consideration.

For non-monetary consideration (CPRA “Sharing”): 

Option A (If you do share): We may share personal information with third-party advertising and analytics partners for cross-context behavioral advertising purposes. This may constitute “sharing” under CPRA. In the past 12 months, we have shared the following categories of personal information for these purposes:

  • Identifiers (cookies, IP address, device IDs)
  • Internet activity information
  • Geolocation data (city/state level)

9.2 Categories of Third Parties

Personal information may be shared with:

  • Advertising networks
  • Analytics providers
  • Social media platforms
  • Marketing technology providers

9.3 Opt-Out Methods

California residents can opt out of sharing by:

  1. Opt-Out Preference Signal: We recognize Global Privacy Control (GPC) signals
  2. Online Form: [OPT-OUT FORM URL]
  3. Email: chris@stitchhospitality.com with subject line “Do Not Share My Personal Information”
  4. Cookie Management: Adjust cookie preferences at [COOKIE SETTINGS URL]

We do not sell or share personal information of consumers under 16 years of age.

10. Sensitive Personal Information

10.1 What We Collect

Under CPRA, “sensitive personal information” includes specific categories requiring additional protections. We do not collect sensitive personal information as defined by CPRA, such as:

  • Social Security numbers
  • Driver’s license numbers
  • Precise geolocation
  • Racial or ethnic origin
  • Religious or philosophical beliefs
  • Health information
  • Sexual orientation
  • Citizenship or immigration status
  • Genetic data

10.2 Right to Limit Use

California residents can limit our use and disclosure of sensitive personal information to permitted purposes by contacting us at chris@stitchhospitality.com.

11. Automated Decision-Making and Profiling

11.1 Automated Processing

We use automated processing and artificial intelligence for:

Automation Workflows:

  • Event inquiry parsing and categorization
  • Lead qualification scoring
  • Email response generation
  • Proposal content generation
  • LinkedIn content scheduling

Analytics and Optimization:

  • Website personalization
  • Service recommendations
  • Workflow efficiency improvements

11.2 Human Oversight

While we use AI and automation tools (including OpenAI/Claude and Gamma AI), significant decisions affecting you are subject to human review and oversight. Our automation is designed to assist hotel sales departments, not replace human judgment.

11.3 Your Rights (GDPR)

If you are subject to GDPR, you have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects, except where:

  • Necessary for contract performance
  • Authorized by EU or member state law
  • Based on your explicit consent

You can request human review of automated decisions by contacting [PRIVACY EMAIL].

12. How to Submit Data Subject Access Requests (DSARs)

12.1 Submission Methods

To exercise your privacy rights, submit a request through:

Email: chris@stitchhospitality.com

  • Subject line: “Privacy Rights Request”
  • Include: Full name, email address, specific right(s) you wish to exercise

12.2 Verification Process

To protect your privacy, we must verify your identity before processing requests. We will:

  1. Request identifying information (name, email, phone number)
  2. Match information against our records
  3. May request additional documentation for higher-risk requests
  4. Use verification methods reasonably designed to ensure the requester is the consumer

For Authorized Agents:

  • If submitting on behalf of a consumer, provide written authorization
  • We may require direct consumer verification
  • Authorized agents must register with California Attorney General (CPRA)

12.3 Response Timeline

  • CPRA Requests: We will respond within 45 days, with possible 45-day extension
  • GDPR Requests: We will respond within 30 days, with possible 60-day extension
  • We will notify you if an extension is necessary

12.4 Fees

Requests are generally free. However, we may charge a reasonable fee for:

  • Manifestly unfounded or excessive requests
  • Multiple requests (GDPR)
  • Administrative costs exceeding $50

12.5 Appeal Process (CPRA)

If we deny your request, you have the right to appeal by:

  1. Submitting appeal to chris@stitchhospitality.com within 30 days
  2. Including original request reference number
  3. Explaining basis for appeal

We will respond to appeals within 45 days.

13. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Maintain website functionality
  • Remember your preferences
  • Analyze website usage
  • Deliver targeted advertising (if applicable)

Types of Cookies:

  • Essential: Required for website operation
  • Functional: Remember your preferences
  • Analytics: Understand usage patterns (Google)
  • Advertising: Deliver relevant ads 

Managing Cookies:

  • Browser settings: [LINK TO BROWSER COOKIE INSTRUCTIONS]
  • Cookie preference center: https://stitchhospitality.com/
  • Opt-out tools: NAI (networkadvertising.org), DAA (aboutads.info)

14. Data Security

We implement reasonable security measures to protect personal information, including:

Technical Safeguards:

  • Encryption in transit (TLS/SSL)
  • Encryption at rest for sensitive data
  • Secure database access controls
  • Regular security audits and updates

Organizational Safeguards:

  • Employee training on data protection
  • Access controls and authentication
  • Data processing agreements with vendors
  • Incident response procedures

Limitations: No method of transmission or storage is 100% secure. We cannot guarantee absolute security but maintain industry-standard protections.

Breach Notification: In the event of a data breach affecting your personal information, we will notify you without undue delay.

15. Children’s Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children under 16.

If we learn we have collected information from a child under 16, we will delete it promptly. If you believe we have collected such information, contact us at chris@stitchhospitality.com

16. Marketing Communications

You can opt out of marketing communications by:

Note: You will still receive transactional and service-related communications.

17. Third-Party Websites and Services

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

18. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated “Last Updated” date.

Material Changes:

  • We will provide prominent notice on our website
  • We will email registered users 
  • GDPR users: material changes require renewed consent where applicable

We encourage you to review this Privacy Policy regularly.

19. Contact Us

For questions about this Privacy Policy or our data practices: chris@stitchhospitality.com

20. Legal Basis for Processing (GDPR)

We process personal data under the following legal bases:

  • Contract Performance: Necessary to provide our services
  • Legitimate Interests: Business operations, fraud prevention, service improvement
  • Consent: Marketing communications, optional features
  • Legal Obligation: Compliance with laws and regulations

You can withdraw consent or object to processing based on legitimate interests at any time by contacting chris@stitchhospitality.com.

Acknowledgment

By using our services, you acknowledge that you have read and understood this Privacy Policy.

Document Version: 1.0
Approved By: CS/Founder
Next Review Date: 11.17.25

Scroll to Top