Hallostay Legal Documentation

Company Information

Privacy & Security Policy

Effective Date: July 31, 2025

Hallostay, operated by Zosani Co., Ltd., is a Thai company providing AI-powered guest communication and automation tools for hotels and hospitality businesses. We process personal and platform data solely for automation and integration purposes. Our services interface with Meta’s APIs, LINE Official Account APIs, e-mail systems and webchat widgets using secure, scoped tokens and comply with the Thai Personal Data Protection Act B.E. 2562 (PDPA) and other applicable laws. Where relevant for international guests, we also align with principles from the EU General Data Protection Regulation (GDPR).

1. Categories of Data

• OAuth & API Data: Encrypted access tokens, page/account identifiers and configuration for connected channels (e.g. Facebook, Instagram, LINE Official Account, email inboxes).
• Guest Communication Data: Messages and content sent via:
  • Hotel webchat widgets on websites or booking engines
  • LINE Official Accounts (1:1 chat, menus, quick replies)
  • Facebook and Instagram messaging (inbox, comments, story replies)
  • Email channels connected to Hallostay (e.g. info@hotel, reservations@hotel)
• Booking & Stay Data: Names, contact details, stay dates, room preferences, service requests, upsell choices and feedback, where Hallostay acts as processor for the hotel.
• System Logs: Device IP addresses, request headers, timestamps, error logs and session identifiers, used for security and troubleshooting.
• Client & User Data: Contact details, login information and business data provided by hotel clients and their staff/users.

2. Purposes of Processing

• Automated handling of guest messages across webchat, LINE, email, Facebook and Instagram.
• Providing AI-generated replies, FAQ answers, booking assistance and upsell offers for hotel services.
• Routing service requests (e.g. housekeeping, room service, spa, transport) to staff dashboards and internal tools.
• Providing analytics and insights to hotels to improve guest experience and conversions.
• Maintaining secure API connections, verifying webhooks and monitoring system health.
• Preventing abuse, fraud and unauthorised access to the platform.

3. Legal Basis

We process personal data on the following legal bases under Thai law (PDPA) and, where applicable, international data protection principles:

• Performance of contracts with our hotel and hospitality clients.
• Legitimate interest in operating, securing and improving the Hallostay platform.
• Compliance with legal and regulatory obligations.
• Consent, where explicitly obtained (e.g. for specific marketing messages or optional data uses).

4. Roles & Responsibilities

• For hotel guests, the hotel is typically the data controller and Hallostay acts as data processor.
• For platform users (hotel staff, admins), Zosani Co., Ltd. may act as data controller for account and usage information.
• Data processing agreements or equivalent clauses can be entered into with hotel clients where required.

5. Data Subject Rights

Subject to applicable law, individuals may have the right to:

• Request access to personal data that we hold as controller.
• Request correction of inaccurate or incomplete information.
• Request deletion or anonymisation of personal data, where legally permissible.
• Withdraw consent where processing is based on consent.
• Object to or restrict certain processing activities.

Requests can be directed to: hallo@pabot.dk. For guest data where the hotel is controller, we may ask the guest to contact the hotel directly, and we will assist the hotel in handling the request.

6. Retention & Deletion

Data is retained only as long as necessary to deliver the service, comply with contractual obligations, or meet legal requirements. When a hotel disconnects Hallostay or requests deletion, we anonymise or delete data related to that hotel within 7 business days unless a longer retention period is required or permitted by law.

7. Data Processors & Transfers

We may use selected sub-processors (e.g. hosting providers, analytics tools, communication APIs, cloud infrastructure) to process data on our behalf. Sub-processors are bound by contract and appropriate safeguards. Where data is transferred outside Thailand, we implement reasonable measures to protect the data in line with PDPA and applicable international standards.

8. Security Measures

• All external communication is encrypted via HTTPS (TLS 1.2+).
• Restricted access to tokens, secrets and credentials using server-side controls and firewall rules.
• Role-based access control (RBAC) for admin and staff accounts.
• Segregation of client data in databases and logs where appropriate.
• Regular monitoring, logging and review of platform activity and security events.

Platform Terms of Use

Effective Date: July 31, 2025

1. Authorized Usage

Hallostay is designed for hotels, resorts, serviced apartments and similar hospitality businesses in Thailand and internationally. The platform may only be used by business clients and their authorised staff for legitimate guest communication, booking and service management needs.

2. Supported Channels & Permissions

Hallostay supports multiple communication channels, including:

• Embedded webchat widgets on hotel or partner websites.
• LINE Official Accounts for chat with guests.
• Facebook Pages and Instagram Business accounts messaging (inbox, comments, replies).
• E-mail channels (e.g. forwarding and replying via hotel inboxes connected to Hallostay).

To operate these channels, Hallostay may require the following permissions and integrations, depending on configuration:

• Meta (Facebook/Instagram) permissions such as pages_show_list, pages_manage_metadata, pages_manage_engagement, pages_messaging, instagram_basic, instagram_manage_messages.
• LINE Official Account Messaging API credentials for sending and receiving chat messages.
• IMAP/SMTP or API access to designated email inboxes (e.g. reservations, info, sales).
• Webhook subscriptions for messages, comments, reactions and other relevant events.

Permissions are used solely to provide the contracted Hallostay services.

3. Client Responsibilities

• Ensure that all connected channels (websites, LINE OA, Meta assets, email inboxes) are legally controlled by the client.
• Configure AI replies, FAQ texts, templates and booking flows in accordance with hotel policies and local law.
• Provide clear guest communication about booking conditions, cancellation rules and pricing.
• Refrain from using Hallostay to send unsolicited marketing, spam, harassment or illegal content.

4. Intellectual Property

All Hallostay platform code, conversation flows, templates, technical documentation and designs are the exclusive property of Zosani Co., Ltd. No ownership rights are transferred to clients. Clients receive a limited right to use the platform as described in their subscription or service agreement.

5. Compliance & Service Changes

• We may adjust features and integrations to comply with changes in Meta, LINE or email provider policies.
• We may suspend or limit specific channels if violations of third-party policies or abuse are detected.
• Planned major changes will, where possible, be communicated in advance to affected clients.

6. Indemnity

Clients agree to indemnify Zosani Co., Ltd. and Hallostay from claims, damages or fines arising from unlawful use of the platform, misuse of external APIs or violation of data protection and marketing regulations by the client.

Terms of Use for Hallostay

Last updated: July 2025

1. Introduction

These Terms of Use (“Terms”) govern your access to and use of the Hallostay services (“Hallostay”, “we”, “us”, “our”), operated by Zosani Co., Ltd., a company incorporated in Thailand. By accessing or using Hallostay via hallostay.app or related domains, you agree to these Terms.

2. Service Description

Hallostay provides a software platform and related tools that enable hotels and hospitality businesses to:

• Handle guest communication via webchat widgets on hotel websites.
• Communicate with guests through LINE Official Accounts, including templates and AI replies.
• Manage Facebook and Instagram messaging, comments and enquiries.
• Process and reply to guest emails through connected inboxes (e.g. reservations, info).
• Assist with bookings, changes, upgrades and upsell of services (e.g. room upgrades, spa, transfers, F&B).
• Route tasks and orders to staff dashboards and internal systems (e.g. housekeeping, room service).

The exact scope of services depends on the modules and subscription plan chosen by the client.

3. Account Registration & Security

• Clients must create an account and designate admin users to configure their hotels and channels.
• Each user is responsible for keeping login credentials confidential.
• Clients must immediately notify us and/or reset passwords if unauthorised access is suspected.
• We may require multi-factor authentication or similar measures for sensitive access.

4. Use of Webchat, LINE & Email Channels

• Webchat widgets must be implemented on websites where the client has control and legal rights.
• LINE Official Accounts must follow LINE’s own terms, and clients remain responsible for their LINE content and subscriber management.
• Email channels connected to Hallostay must belong to the client; Hallostay will not send or reply from email addresses without the client’s authorisation.
• Clients must ensure that guest communication via these channels does not violate local law or advertising rules.

5. User Responsibilities

• Use Hallostay only for legitimate business purposes related to guest communication and service delivery.
• Ensure that AI-generated replies and templates are regularly reviewed and adjusted where needed.
• Obtain any required consents from guests for marketing messages and data processing.
• Not attempt to reverse engineer, resell or copy the Hallostay platform or its components.

6. Fees, Billing & Cancellation

• Fees are charged in accordance with the agreed subscription or service contract.
• Invoices are typically issued in THB or another agreed currency and payable by the stated due date.
• Clients may cancel with written notice as specified in the commercial agreement; if not specified, a 30-day notice period applies.
• Upon cancellation, access will end at the end of the notice period, and data will be handled according to the retention policy above.

7. Privacy & Confidentiality

We treat client and guest data as confidential and handle it in accordance with the Privacy & Security Policy section of this document. We will not disclose such data to third parties except as necessary to deliver the service, comply with law or with the client’s consent.

8. Disclaimer of Warranties

Hallostay is provided “as is” and “as available”. While we aim for high uptime and quality, we do not guarantee uninterrupted service or that AI-generated content will always be fully accurate or appropriate. The client is responsible for supervising and configuring critical communication flows.

9. Limitation of Liability

To the maximum extent permitted by applicable law, Zosani Co., Ltd. shall not be liable for indirect, incidental, special, consequential or punitive damages arising out of or in connection with the use of Hallostay. Our total aggregate liability for direct damages is limited to the total amount paid by the client for Hallostay services in the 12 months preceding the event giving rise to the claim.

10. Governing Law & Jurisdiction

These Terms and any dispute arising out of or in connection with Hallostay shall be governed by and construed in accordance with the laws of the Kingdom of Thailand. Any disputes that cannot be resolved amicably shall be submitted to the competent courts of Thailand.

11. Amendments to Terms

We may revise these Terms from time to time. Material changes will be communicated in advance, for example by email or notices on hallostay.app. Continued use of Hallostay after the effective date of the updated Terms constitutes acceptance of the changes.

12. Contact Information

If you have any questions about these Terms, the Privacy & Security Policy or how Hallostay handles data, please contact us at hallo@pabot.dk.