Hallostay – Global Master Agreement & Legal Pack

Master Terms DPA SLA Privacy AI Governance
Last updated: February 2026  •  Intended use: Global B2B SaaS for hospitality  •  Language: English (global standard)

Part A – Master Service Terms (Global B2B SaaS)

How to read: These are the core “commercial + legal” terms. The annexes below (DPA/SLA/Privacy/Sub-processors/AI/Security) are incorporated by reference and form part of the Agreement.

1. Parties, Contract Formation & Order Documents

These Master Service Terms (the “Agreement”) are entered into between:

  • Provider: Zosani Co., Ltd. (trading as “Hallostay”) (“Hallostay”, “Provider”, “we”, “us”).
  • Customer: The legal entity identified in the accepted order, proposal, quotation, click-accept flow, or statement of work (“Customer”, “you”).

The Agreement becomes binding when (i) Customer signs or accepts an order, (ii) Customer clicks “I agree”, or (iii) Customer accesses or uses the Services after being presented these terms. If the person accepting does not have authority to bind Customer, Customer must not use the Services.

Explanation (why this clause matters)

Enterprise buyers need clear contract formation: which documents govern, who is bound, and how acceptance happens (signature vs. clickwrap vs. use).

2. Definitions

Key terms used throughout this Agreement:

  • “Services” means Hallostay’s cloud-based software platform, dashboards, mobile/QR experiences, APIs, integrations, AI modules, and related support/documentation.
  • “End Users” means guests, visitors, customers, and Customer’s staff who interact with the Services.
  • “Customer Data” means any data submitted, transmitted, generated, or processed by Customer or End Users through the Services, including messages, booking inquiries, metadata, and configuration.
  • “Applicable Law” means laws, regulations, and binding rules applicable to either party in connection with the Services, including data protection, marketing, hospitality, and telecommunications rules.
  • “Documentation” means user guides, onboarding docs, API docs, and in-product explanations made available by Hallostay.

3. Service Description & Scope

Hallostay provides hospitality-oriented messaging and automation services, typically including:

  • Multi-channel messaging (e.g., website chat, social messaging, messaging APIs, email routing where enabled).
  • AI-assisted responses, routing, and automation workflows (e.g., inquiry qualification, booking capture, FAQ automation).
  • In-stay guest experience modules (e.g., QR concierge, service requests, staff task routing, upsell journeys).
  • Analytics and reporting for operational visibility (e.g., response time, lead conversion, revenue attribution where configured).
  • Integrations and APIs configured by Customer or with Customer’s approval (e.g., CRM, PMS, booking engine, payment providers).

The exact features available depend on Customer’s subscription plan, enabled modules, technical environment, and third-party channel permissions. Hallostay may update the Services over time in accordance with Section 20 (Changes).

Explanation (avoiding scope disputes)

This prevents “you promised feature X” disputes. It clarifies the Services are plan/module-based and depend on third-party channel approvals.

4. Eligibility, Customer Responsibilities & Acceptable Use

4.1 Business Use Only

The Services are offered exclusively for business-to-business use. Customer confirms it is acting in a commercial capacity and not as a consumer.

4.2 Customer Responsibilities

  • Customer is responsible for all activity under its accounts, including staff access and permissioning.
  • Customer must keep credentials secure, implement strong passwords, and enable multi-factor authentication where available.
  • Customer must ensure End Users are informed appropriately (e.g., privacy notices, required disclosures) for the jurisdictions involved.
  • Customer is responsible for the accuracy and legality of content, prompts, knowledge base material, automation rules, and messages sent via the Services.

4.3 Acceptable Use Restrictions

Customer must not, and must not allow others to:

  • Use the Services to send spam, unlawful marketing, or unsolicited bulk messages contrary to Applicable Law or channel rules.
  • Transmit malware, attempt unauthorized access, probe security, bypass rate limits, or interfere with platform integrity.
  • Use the Services to harass, discriminate, defame, or engage in harmful or illegal conduct.
  • Process sensitive data categories where prohibited or where Customer lacks a lawful basis (e.g., certain biometric, health, or children’s data), unless explicitly enabled and contractually agreed.
  • Reverse engineer, decompile, or attempt to derive source code except where permitted by mandatory law.
Explanation (channel risk + compliance)

Messaging channels (social platforms, telecom providers, email) are strict. This clause allows Hallostay to protect itself from bans and compliance exposure caused by Customer’s campaigns.

5. Account Security & Incident Reporting

Customer must notify Hallostay promptly if it suspects unauthorized access, credential compromise, or security incident related to Customer accounts or connected channels. Security reporting contact: security@hallostay.app (replace if needed).

6. Subscription Term, Renewal & Termination

6.1 Initial Term

Unless otherwise stated in an Order, the initial subscription term is twelve (12) months starting on the Start Date (“Initial Term”).

6.2 Commitment / Non-Cancellable Term

During the Initial Term, Customer is committed for the full term and may not terminate for convenience. This is priced as a committed B2B service (including onboarding, setup, and capacity planning).

6.3 Renewal

After the Initial Term, the subscription renews automatically for successive twelve (12) month periods unless properly non-renewed (“Renewal Term”).

6.4 Notice of Non-Renewal (Month 11 Rule)

To prevent renewal, Customer must provide written notice of non-renewal no later than the end of month eleven (11) of the then-current term. Notices must be sent to hello@hallostay.app from an authorized Customer email.

6.5 Termination for Cause

Either party may terminate for material breach if the breach is not cured within thirty (30) days after written notice. Hallostay may terminate immediately for serious violations (e.g., repeated unlawful messaging, deliberate security abuse, sanctions violations).

Explanation (enterprise procurement expectations)

Enterprise buyers want explicit renewal and termination mechanics. “Month 11 rule” is common for annual SaaS contracts and reduces last-minute surprises.

7. Fees, Invoicing, Taxes & Payment

7.1 Fees

Customer shall pay the subscription fees and any additional fees set out in the applicable Order (e.g., setup fees, add-ons, extra properties, premium support).

7.2 Billing & Payment

Fees are typically billed in advance (monthly/quarterly/annually as agreed). Invoices must be paid within the payment term stated on the invoice.

7.3 Taxes

Fees are exclusive of applicable VAT, GST, withholding, sales, or similar taxes. Customer is responsible for taxes except taxes based on Hallostay’s net income. If withholding is required, Customer shall gross up payments unless prohibited by law.

7.4 Late Payment & Suspension

If invoices are overdue, Hallostay may apply interest/collection costs as permitted by law and may suspend Services after reasonable notice until payment is made. Suspension does not relieve Customer from payment obligations.

8. Intellectual Property & Feedback

8.1 Provider IP

Hallostay retains all rights, title, and interest in and to the Services, including software, algorithms, UI, templates, and know-how. Customer receives a limited, non-exclusive, non-transferable right to access and use the Services during the subscription term for internal business purposes.

8.2 Customer Data Ownership

As between the parties, Customer retains ownership of Customer Data. Customer grants Hallostay the right to host, process, transmit, display, and otherwise use Customer Data solely to provide, secure, and improve the Services in accordance with this Agreement and the DPA.

8.3 Feedback License

If Customer provides feedback, suggestions, or ideas, Customer grants Hallostay a worldwide, perpetual, irrevocable, royalty-free license to use and incorporate that feedback into the Services without restriction, provided it does not identify Customer or disclose Customer Confidential Information.

9. Confidentiality

Each party may receive non-public business, technical, or commercial information (“Confidential Information”). Each party shall (i) protect it with reasonable care, (ii) use it only for the purposes of the Agreement, and (iii) disclose it only to those with a need-to-know under confidentiality obligations.

Confidentiality survives termination for five (5) years, and for trade secrets as long as they remain trade secrets under Applicable Law.

10. Warranties & Disclaimers (B2B SaaS)

10.1 Limited Warranty

Hallostay warrants it will provide the Services in a professional manner consistent with generally accepted industry standards for SaaS providers.

10.2 Disclaimers

Except as expressly stated, the Services are provided “as is” and “as available”. Hallostay disclaims all implied warranties to the maximum extent permitted by law, including merchantability, fitness for a particular purpose, and non-infringement.

10.3 AI Disclaimer

AI outputs may be incomplete, inaccurate, or inappropriate in certain contexts. Customer remains responsible for human oversight and verifying outputs before relying on them for critical decisions (e.g., pricing, refunds, legal claims, safety issues).

Explanation (AI responsibility clarity)

This is essential globally: AI is probabilistic. Without this, Customer can claim “the AI said it, so you owe me damages”.

11. Limitation of Liability

To the maximum extent permitted by Applicable Law:

  • Neither party is liable for indirect, incidental, special, consequential, or punitive damages (including lost profits, lost revenue, business interruption, or loss of goodwill).
  • Hallostay’s total aggregate liability for all claims related to the Services is capped at the total fees paid by Customer in the twelve (12) months preceding the event giving rise to the claim.

Nothing limits liability for fraud, intentional misconduct, or where liability cannot be limited by law.

12. Indemnification

12.1 Customer Indemnity

Customer shall defend and indemnify Hallostay against claims arising from (i) Customer’s unlawful use, (ii) Customer Data content, (iii) violations of marketing/telecom rules, or (iv) Customer’s breach of this Agreement.

12.2 IP Infringement (Provider)

Hallostay will defend Customer against third-party claims that the Services (excluding Customer Data and third-party components) infringe intellectual property rights, and will pay damages awarded, provided Customer promptly notifies Hallostay and cooperates.

Hallostay may modify the Services, obtain a license, or terminate and refund unused prepaid fees for the affected portion if necessary.

13. Export Controls, Sanctions & Restricted Use

Customer represents it is not subject to sanctions and will not use the Services in violation of export control or sanctions laws (e.g., UN, EU, US OFAC where applicable). Hallostay may suspend access to comply with legal obligations.

14. Force Majeure

Neither party is liable for failure or delay due to events beyond reasonable control (e.g., natural disasters, war, government actions, major internet outages, or third-party platform disruptions). The affected party shall use reasonable efforts to mitigate.

15. Dispute Resolution & Governing Law (Global Default)

Default global option (recommended): Arbitration under SIAC Rules seated in Singapore, language English.
If you prefer Thailand law/courts, replace this section accordingly.

The parties will attempt good-faith negotiation for thirty (30) days before initiating formal proceedings.

16. Notices

Legal notices must be sent by email to the addresses specified in the Order or in the Contact section. Notices are deemed received when sent, unless a bounce/undeliverable notice is received.

17. Assignment

Customer may not assign without Hallostay’s prior written consent. Hallostay may assign to an affiliate or in connection with merger/acquisition/asset sale, provided it does not materially reduce Customer protections.

18. Survival

Sections relating to fees owed, confidentiality, IP, liability limitations, dispute resolution, and data handling survive termination.

19. Entire Agreement & Order of Precedence

This Agreement, including Annexes, constitutes the entire agreement between the parties and supersedes prior discussions. In case of conflict: (1) signed Order/Statement of Work, (2) Master Terms, (3) Annexes, (4) Documentation.

20. Changes to Services & Terms

Hallostay may update the Services to improve performance, comply with law, or respond to third-party platform changes. Hallostay may update these Terms; material changes will be notified (e.g., email or in-app notice) before taking effect. Continued use after the effective date constitutes acceptance.

21. Contact

Provider details (fill in):
Zosani Co., Ltd. • Registered address: [INSERT] • Company registration no.: [INSERT]

Part B – Data Processing Agreement (DPA) – Annex 1

Purpose: This DPA is designed to be globally acceptable and to meet the requirements of GDPR Article 28, plus PDPA-style processor obligations, with transfer safeguards.

1. Roles & Scope

For Customer Data containing Personal Data:

  • Customer is the Controller (or equivalent role under local law).
  • Hallostay is the Processor (or equivalent role under local law).

Hallostay processes Personal Data only to provide the Services, maintain security, prevent fraud/abuse, provide support, and comply with law.

Explanation (why “roles” are critical)

Enterprise due diligence starts with roles. If roles are unclear, procurement stops. This section anchors responsibility: Customer is Controller for guest data.

2. Details of Processing

2.1 Subject Matter

Processing of Personal Data within Customer Data, including messages, booking inquiries, guest contact details, and service request interactions.

2.2 Duration

Processing occurs during the Agreement term and any additional limited retention period described in the Privacy Policy and Section 10 (Deletion/Return).

2.3 Nature & Purpose

  • Hosting and storing Customer Data in the platform.
  • Transmitting messages across configured channels and endpoints.
  • Providing AI-assisted suggestions/responses and automation workflows configured by Customer.
  • Displaying data in dashboards, logs, and reports for Customer operations.
  • Security monitoring, incident prevention, and troubleshooting.

2.4 Categories of Personal Data

  • Identity & Contact: name, email, phone, nationality where provided, messenger IDs, social handles.
  • Booking & Stay: dates, room type, number of guests, preferences, requests, special notes.
  • Conversation Content: messages, attachments, intents, topics, timestamps, routing actions.
  • Technical: IP addresses, device identifiers, cookies (where enabled), event logs, audit logs.
  • Staff/Admin: user accounts, permissions, login history, billing contacts.

2.5 Categories of Data Subjects

  • Guests and prospective guests.
  • Customer’s staff and contractors using the platform.
  • Visitors interacting with Customer’s channels and websites.

3. Customer Instructions & Lawful Basis

Customer instructs Hallostay to process Personal Data as necessary to provide the Services configured by Customer. Customer is responsible for ensuring a lawful basis for processing and providing required notices (e.g., consent or legitimate interest notices where applicable).

If Hallostay reasonably believes an instruction violates Applicable Law, Hallostay may refuse or pause that instruction and will inform Customer where appropriate.

4. Confidentiality of Processing

Hallostay ensures persons authorized to process Personal Data are bound by confidentiality obligations and receive appropriate training.

5. Security Measures (TOMs)

Hallostay implements commercially reasonable technical and organizational measures (“TOMs”) aligned with industry standards, including:

  • Encryption in transit: TLS/HTTPS for external traffic; secure API connections where applicable.
  • Encryption at rest: Encryption for stored data where feasible and proportionate.
  • Access controls: least-privilege, role-based access, logging of admin actions.
  • Credential protection: salted hashing for passwords; no plaintext password storage.
  • Logging & monitoring: event logging for security and auditability.
  • Backups & recovery: backups on a recurring basis and restoration procedures.
  • Vulnerability management: patching and security updates where practicable.
Explanation (how auditors evaluate TOMs)

Auditors want “what do you do, in what areas, and why.” This list is intentionally broad but realistic so you can comply operationally.

6. Sub-Processors

Hallostay may engage Sub-Processors to provide infrastructure, AI services, monitoring, email delivery, messaging connectivity, or similar services. Hallostay will impose contractual obligations on Sub-Processors that are substantially similar to this DPA.

Hallostay maintains a Sub-Processor list and update mechanism as described in Part E (Sub-Processor Framework).

7. Assistance with Data Subject Requests (DSARs)

Considering the nature of the Services, Hallostay will provide reasonable assistance to Customer to respond to data subject requests (access, deletion, correction), including exporting or deleting relevant data where technically feasible and legally permitted.

Hallostay is not responsible for determining whether a request is valid; Customer remains responsible for verification and response obligations as Controller.

8. Personal Data Breach Notification

A “Personal Data Breach” means a security incident leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data.

  • Hallostay will investigate and use reasonable efforts to contain and remediate confirmed breaches.
  • Hallostay will notify Customer without undue delay after becoming aware of a confirmed breach affecting Personal Data processed on behalf of Customer.
  • Hallostay will provide available information reasonably necessary for Customer to meet legal notification obligations.

Customer remains responsible for notifying authorities and data subjects, unless agreed otherwise in writing.

9. International Data Transfers

Customer acknowledges data may be processed in multiple regions depending on hosting and Sub-Processors. Where required by law, Hallostay supports recognized transfer safeguards, such as:

  • EU Standard Contractual Clauses (SCCs) and supplementary measures, as appropriate.
  • UK IDTA/Addendum where applicable.
  • Other lawful mechanisms recognized by Applicable Law.
Explanation (global-ready transfers)

This is what “global” means legally: cross-border is assumed, and you reference recognized safeguards without locking yourself into a single region.

10. Return, Deletion & Retention

Upon termination, Hallostay will, within a commercially reasonable period (typically within 60 days), delete or anonymize Personal Data processed on behalf of Customer, unless retention is required or permitted by law (e.g., financial records, security logs, dispute defense).

Customer is responsible for exporting data it needs before termination and before deletion timelines expire.

11. Audits & Compliance Evidence

Upon reasonable written request (no more than once annually unless a breach occurs), Hallostay will provide available security/compliance information (e.g., security overview, policies, summaries of controls) and may allow audits subject to:

  • 30 days prior written notice.
  • Scope limited to systems relevant to Customer Data.
  • No disruption to other customers or platform security.
  • Customer bearing its own costs and signing reasonable confidentiality obligations.

Note: If you later get SOC 2 / ISO 27001, you can replace audit language with “provide report instead of audit” (enterprise-preferred).

Part C – SLA & Uptime Policy – Annex 2

Purpose: Sets expectations for uptime, maintenance, support response times, and service credits (optional). This is what enterprise customers ask for immediately.

1. Definitions

  • “Uptime” means the percentage of time the core Services are operational and available for use, excluding permitted downtime.
  • “Permitted Downtime” includes scheduled maintenance (with notice), emergency maintenance, and failures caused by Customer systems or third-party platforms outside Hallostay control.
  • “Monthly Measurement Period” means a calendar month.

2. Availability Targets

Component Target Monthly Uptime How Measured What It Means (Explanation)
Core Web App / Dashboard 99.7% Provider monitoring + logs Users can access the platform and core functionality during the month.
API (where enabled) 99.5% API health checks API endpoints respond successfully, excluding Customer/3rd-party causes.
QR Guest Experience (where enabled) 99.7% Availability of QR endpoints Guest pages load and submit requests as intended.
Explanation (what SLA does NOT cover)

Messaging delivery on third-party platforms (social networks, telecom carriers, email providers) is not fully controllable. SLA covers Hallostay’s platform availability, not the availability of external channels.

3. Scheduled Maintenance

  • Planned maintenance: Hallostay will provide at least 48 hours notice where practicable, and schedule to minimize business impact.
  • Emergency maintenance: May occur without prior notice to protect security/stability; Hallostay will notify as soon as reasonably possible.

4. Support & Incident Response Times

Support channels depend on plan (e.g., email, ticketing, in-app chat). Default contact: support@hallostay.app.

Severity Definition Initial Response Target Ongoing Updates Explanation
P1 – Critical Core platform unavailable for most users; widespread outage. 1 hour Every 4 hours (or as agreed) “All hands” incident. Work starts immediately and status is communicated.
P2 – High Major feature degraded; significant business impact; workaround limited. 4 hours Daily (or as agreed) Priority fix, hotfix if needed, and transparent updates.
P3 – Medium Non-critical bug; partial impact; workaround exists. 24 hours Weekly (or as agreed) Tracked for a scheduled fix with realistic timelines.
P4 – Low Minor issue; cosmetic; feature request. 3 business days As needed Handled in backlog and roadmap discussions.

5. Service Credits (Optional – Enterprise Only)

If Customer’s paid plan includes service credits, and Hallostay fails to meet availability targets (excluding Permitted Downtime), Customer may request credits as follows:

Monthly Uptime Credit % of Monthly Fee How to Claim
Below 99.7% but ≥ 99.0% 5% Request within 30 days after the month ends
Below 99.0% but ≥ 98.0% 10% Same
Below 98.0% 20% Same

Credits are Customer’s sole and exclusive remedy for SLA failure, unless otherwise required by law.

Part D – Global Privacy Policy – Annex 3

Purpose: This explains how Hallostay handles Personal Data globally. It is written to work across multiple regimes (GDPR/PDPA/CCPA/LGPD/etc.).

1. Who We Are

Hallostay (operated by Zosani Co., Ltd.) provides a B2B platform for hospitality businesses. In most cases, Hallostay processes guest-related data on behalf of Customer as a Processor. In some limited cases (account admin, billing, security), Hallostay may act as a Controller.

2. Scope of This Policy

This Policy applies to:

  • Visitors to Hallostay websites and landing pages.
  • Customer admin users and staff accounts.
  • End Users interacting with Customer’s Hallostay-enabled channels, to the extent Hallostay acts as Processor.

3. Personal Data We Collect

Category Examples Why We Use It Explanation
Account & Admin Name, email, role, permissions Account setup, access control, support Needed so Customer can manage staff and permissions.
Guest/End User (Processor) Messages, booking inquiries, preferences Provide Services to Customer Processed under Customer’s instructions and legal basis.
Technical & Usage IP, device, event logs, cookies (where enabled) Security, reliability, analytics Helps detect abuse, debug issues, improve performance.
Billing Company details, invoices, tax info Payments, compliance Required for accounting and legal records.

4. Legal Bases (Global Summary)

Hallostay uses one or more of the following bases depending on jurisdiction:

  • Contract necessity (to provide the Services).
  • Legitimate interests (security, fraud prevention, service improvement).
  • Legal obligations (tax/accounting, compliance requests).
  • Consent (where required for certain cookies/marketing, typically controlled by Customer in guest context).

5. How We Use Data (Purpose Limitation)

  • Deliver the Services and support operations (messaging, routing, reporting).
  • Maintain platform security and prevent abuse.
  • Provide support and incident response.
  • Maintain financial and compliance records.
  • Improve the Services (e.g., reliability, UX), including aggregated analytics that do not identify individuals.

6. International Transfers

Hallostay may process data in multiple countries. Where legally required, we use recognized safeguards such as SCCs/IDTA or similar mechanisms.

7. Retention

Data Type Default Retention Explanation
Customer Data (Processor) During contract + deletion window (typically 60 days) Allows export/transition; then delete/anonymize unless required by law.
Security & Audit Logs Up to 24 months Needed for investigations, platform integrity, and audit trails.
Billing/Financial Up to 7 years (or as required) Meets accounting and tax record requirements.

8. Data Subject Rights

Rights vary by jurisdiction. Where applicable, individuals may have rights to access, correct, delete, restrict, or object. For guest data, requests should generally be directed to the Customer (the Controller). Hallostay will assist Customer as Processor where feasible.

9. Cookies

Hallostay may use cookies or similar technologies for authentication, security, and analytics. Where legally required, consent mechanisms will be provided. Customer is responsible for cookie compliance on Customer sites where Customer embeds Hallostay widgets, unless otherwise agreed.

10. Contact

Privacy contact: privacy@hallostay.app

Part E – Sub-Processor Framework & List – Annex 4

Purpose: Enterprise customers need to know who can touch the data, how you choose them, and how you notify changes.

1. What is a Sub-Processor?

A “Sub-Processor” is a third party engaged by Hallostay to process Personal Data on behalf of Customer (e.g., hosting providers, monitoring vendors, AI infrastructure providers).

2. Sub-Processor Due Diligence (How We Select Vendors)

  • Security review: assess security posture, encryption, access controls, audit reports where available.
  • Contractual controls: DPA clauses, confidentiality, breach notification, and deletion obligations.
  • Minimum access principle: only vendors necessary for the function, with least-privilege access.
  • Ongoing review: recurring evaluation and re-approval.
Explanation (why buyers care)

Procurement teams want “governance”: not just a list, but how you prevent random vendors from getting access and what protections are in place.

3. Notification of Changes & Objection Rights

Hallostay will provide notice of intended new Sub-Processors or material changes by updating the Sub-Processor list and, where feasible, providing email or in-app notice. Customers may object within 30 days on reasonable data protection grounds.

If Customer objects and the parties cannot resolve, Hallostay may offer a reasonable alternative or allow termination of the affected Services (if feasible) without penalty for the remainder of the term for that specific module, except where prohibited by contractual commitments already incurred.

4. Sub-Processor List (Publish & Keep Updated)

Public URL (recommended): https://hallostay.app/subprocessors.html (create this page).
Below is a template list. Replace with your actual vendors and regions.

Vendor Category Purpose Data Potentially Processed Primary Processing Location(s)
[Cloud Provider] Hosting / Infrastructure Compute, storage, networking Customer Data, logs [Region(s)]
[AI Provider] AI / NLP AI responses, classification Conversation text (as configured) [Region(s)]
[Monitoring Provider] Observability Performance monitoring Technical logs/metrics [Region(s)]
[Messaging Channel Providers] Connectivity Deliver/receive messages Message metadata & content Global / per provider

Tip: keep the list strictly factual (who/what/where/why). Avoid marketing statements on the subprocessors page.

Part F – AI Ethics & Governance Policy – Annex 5

Purpose: This reduces AI risk in global markets and helps pass enterprise governance checks (including “human oversight”).

1. AI Principles (What We Commit To)

Principle Commitment Explanation
Human Oversight AI supports decisions; humans remain responsible. Prevents “black-box automation” for critical guest outcomes.
Transparency AI involvement is disclosed where appropriate. Helps compliance and guest trust, especially in regulated regions.
Privacy by Design Minimize data, protect data, restrict access. Aligns with global privacy expectations and audits.
Safety & Abuse Prevention Rate limits, monitoring, and misuse restrictions. Protects channels and reduces platform bans.
Fairness Reduce discriminatory behavior where feasible. Bias risk exists; governance reduces harm and liability.

2. Human-in-the-Loop Requirements (Mandatory Escalation)

Customer must configure escalation to staff for the following categories (and Hallostay may enforce safe defaults):

  • Refunds, chargebacks, or financial disputes.
  • Safety, security, medical, or emergency-related messages.
  • Harassment, discrimination, or threatening content.
  • Complaints implying legal claims or severe reputational risk.
  • Room availability conflicts or overbooking scenarios.
Explanation (why this is non-negotiable)

Global AI governance standards expect that AI cannot be the final decision-maker for high-risk outcomes. This clause shifts responsibility to a controlled workflow and reduces liability.

3. Prohibited and High-Risk Uses

Customer must not use Hallostay AI for:

  • Autonomous decisions producing legal or similarly significant effects without human review.
  • Biometric identification or “sensitive category” profiling unless explicitly enabled and legally justified.
  • Political persuasion, disinformation campaigns, or unlawful surveillance.
  • Children’s data processing where prohibited or without proper safeguards.

4. AI Output Quality, Monitoring & Drift

Hallostay may provide tools for logging, sampling, and review of AI outputs. Customer should monitor:

  • Accuracy and hallucination risk (especially on policies and pricing).
  • Tone and hospitality quality.
  • Bias and unfair treatment patterns.
  • Model drift due to changing guest patterns or updated knowledge bases.

5. AI Explainability (Practical Standard)

Where feasible, Hallostay provides explanation via visible logs: inputs, output, timestamps, routing decisions, and which automation/prompt produced the result. Customer acknowledges full “model interpretability” is not guaranteed for all AI systems.

6. AI Safety Incident Handling

If AI behavior creates risk (e.g., wrong refund promises, dangerous guidance), Customer shall disable the relevant automation, notify Hallostay, and cooperate in remediation. Hallostay may suspend risky features to protect End Users and platform integrity.

Part G – Security & Compliance Addendum – Annex 6

Purpose: This is your “security story” in writing: controls, governance, incident response, BCP/DR, and audit posture.

1. Security Program Overview

Hallostay maintains a security program designed to protect confidentiality, integrity, and availability of the Services and Customer Data. Controls are aligned with widely recognized frameworks (e.g., ISO 27001 concepts, SOC 2 principles, NIST/CIS guidance), scaled to business size and risk.

2. Core Security Controls (What We Do)

Control Area Control Explanation
Access Role-based access control; least privilege; admin logging Reduces “everyone has access” risk; supports audits.
Authentication Strong passwords; MFA where available Prevents account takeover and credential stuffing risk.
Encryption TLS in transit; encryption at rest where feasible Protects data against interception and storage compromise.
Secure SDLC Change management; review/testing before deployment Reduces regressions and security bugs.
Monitoring Logs, alerting, anomaly detection Faster detection and containment of incidents.
Backups Regular backups + restoration procedures Protects against accidental deletion and outages.
Vendor Management Sub-processor due diligence + contracts Prevents “weak vendor” from breaking the whole chain.

3. Incident Response

Hallostay maintains incident response procedures covering detection, containment, eradication, recovery, and post-incident review. For confirmed incidents impacting Customer Data, Hallostay will:

  • Notify Customer without undue delay and provide reasonably available facts.
  • Contain and remediate with commercially reasonable urgency.
  • Provide a post-incident summary, including root cause and remediation steps where appropriate.

4. Business Continuity & Disaster Recovery (BCP/DR)

Hallostay designs services for resilience and maintains recovery procedures. Target objectives (where feasible):

Metric Target Explanation
RTO (Recovery Time Objective) 4 hours Time to restore service after a major outage (target, not guaranteed).
RPO (Recovery Point Objective) 1 hour Maximum tolerable data loss window (target, not guaranteed).

5. Penetration Testing & Vulnerability Management

Hallostay conducts periodic security testing, vulnerability scanning, and applies patches/updates in a reasonable timeframe based on severity and risk. Independent penetration testing may be performed annually or as appropriate for the platform maturity and enterprise requirements.

6. Customer Security Responsibilities

Customer is responsible for:

  • Managing staff access rights and removing access when staff leave.
  • Securing Customer endpoints (e.g., webhook receivers, CRM integrations, admin devices).
  • Configuring privacy notices and consent mechanisms where required.
  • Ensuring safe use of automations and AI (including human escalation rules).
Explanation (shared responsibility)

Enterprise security is “shared responsibility”: even the best SaaS can’t protect a Customer’s leaked credentials or insecure webhooks.

Signature / Order Form Reference

These Terms are incorporated into and govern all Orders, proposals, quotes, statements of work, and click-accept subscriptions for Hallostay, unless explicitly overridden by a signed writing from both parties.

Order Form Fields (Template)

Field Value Explanation
Customer Legal Name [INSERT] Entity signing (hotel owner, management company, brand, etc.).
Billing Address [INSERT] Invoice compliance and tax rules depend on correct data.
Service Plan / Modules [INSERT] Defines scope and prevents “feature assumptions”.
Number of Properties [INSERT] Pricing and setup time depends on properties.
Start Date [INSERT] Begins the committed term.
Term 12 months (default) Enterprise commitment model.
Fees & Billing Cycle [INSERT] Monthly/annual; currency; taxes.

If you want, you can add a simple signature block below for “DocuSign style”. Otherwise, use your separate commercial terms page.

Important: This document is a strong enterprise-grade template. For high-stakes deployments (e.g., regulated markets or very large chains), have local counsel review jurisdiction-specific add-ons (especially governing law, consumer/marketing rules, and cross-border transfer specifics).