Concierly Logoconcierly

Privacy Policy

Last updated: April 13, 2026

1. Introduction

Concierly ("we," "our," or "us") operates Atrium, a hotel operations platform designed to streamline housekeeping, maintenance, food & beverage, inventory, procurement, complaints, and security patrol workflows. This Privacy Policy explains how we collect, use, and protect your personal information when you use Atrium.

2. Information We Collect

We collect information to provide and improve Atrium. The categories of data we collect include:

  • Account information — your name, email address, role, and hotel affiliation.
  • Hotel operational data — room status, task assignments, inventory records, procurement orders, and other data entered into the platform.
  • Usage data — device type, browser, IP address, pages visited, and feature usage patterns.
  • Cookies — essential cookies for authentication and preferences, and analytics cookies for understanding usage patterns.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide, maintain, and improve the Atrium platform.
  • Process tasks, assignments, and operational workflows.
  • Send notifications related to your account and hotel operations.
  • Analyze usage to improve platform performance and features.
  • Provide customer support and respond to inquiries.

4. Data Sharing

We do not sell your personal data. We may share information in the following circumstances:

  • Service providers — trusted third parties that assist with hosting, analytics, and infrastructure (e.g., Supabase, Vercel).
  • Legal requirements — when required by law, regulation, or legal process.
  • Business transfers — in connection with a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction.

5. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption of data in transit (TLS) and at rest.
  • Role-based access controls limiting data visibility.
  • Regular security audits and vulnerability assessments.
  • SOC 2 compliant infrastructure through our hosting providers.

While we implement these measures to protect your information, no method of electronic storage or transmission is completely secure. We cannot guarantee absolute security and shall not be held liable for unauthorized access resulting from sophisticated cyberattacks, zero-day vulnerabilities, or compromises of third-party infrastructure beyond our reasonable control.

6. Data Breach Notification

In the event of a data breach affecting your personal information, we will:

  • Notify affected hotel administrators without undue delay and, where required by applicable law (including GDPR), within 72 hours of becoming aware of the breach.
  • Notify relevant supervisory authorities as required by law.
  • Provide details of the nature of the breach, the categories of data affected, and the measures taken or proposed to address the breach.
  • Take immediate steps to contain and remediate the incident.

Concierly acts as a data processor on behalf of subscribing hotels (data controllers). Hotel administrators are responsible for notifying their own staff and guests as required by applicable data protection regulations.

7. Data Retention

  • Active accounts — your data is retained for as long as your account remains active.
  • Deleted accounts — personal data is removed within 30 days of account deletion.
  • Backups — residual data in backups is purged within 90 days.

8. Cookies & Tracking

Atrium uses cookies to provide core functionality and understand usage:

  • Essential cookies — required for authentication, session management, and user preferences.
  • Analytics cookies — used to understand usage patterns and improve the platform.

We do not use third-party advertising cookies.

9. Your Rights

You have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete information.
  • Delete your account and associated personal data.
  • Export your data in standard formats.
  • Opt out of non-essential communications.

10. International Transfers

Your data may be processed in regions where our servers and service providers are located. We ensure adequate protections are in place through standard contractual clauses and compliance with applicable data protection regulations.

11. Children's Privacy

Atrium is not directed at children under the age of 16. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email and through an in-app notice. Your continued use of Atrium after such changes constitutes acceptance of the updated policy.

13. Data Processing Agreements

Concierly acts as a data processor on behalf of subscribing hotels, which act as data controllers for their staff and guest data. Hotel administrators are responsible for ensuring lawful grounds for data processing and obtaining necessary consents under applicable data protection laws.

  • For hotels that require a Data Processing Agreement (DPA) under GDPR or other regulations, contact us at hello@concierly.io.
  • We will notify hotel administrators of any changes to our sub-processors (e.g., hosting, analytics, or notification providers) with reasonable advance notice, allowing them to object if the change affects their data protection obligations.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us at hello@concierly.io.

We value your privacy

We use essential cookies to make our site work. With your consent, we may also use functional cookies to enhance your experience with features like our booking calendar. You can manage your preferences at any time.