Legal
How Fluno collects, uses, stores, and protects personal data — for the hotels who use Fluno and the guests whose conversations pass through it.
Last updated: 31 May 2026 · Effective: on public launch
Fluno ("Fluno", "we", "us", "our") provides an AI-powered guest-messaging service that hotels connect to channels such as WhatsApp, Instagram, Facebook, web chat, and voice. This Privacy Policy explains what personal data we handle, why, how long we keep it, who we share it with, and the rights you have.
This policy works alongside our Terms of Service. Where this policy and the Terms describe the same topic, they are read together.
Fluno handles two kinds of personal data, in two different roles:
If you are a guest who messaged a hotel using Fluno, please direct data requests to that hotel in the first instance; we will support them in responding.
Your name, work email, phone number, hotel name and address, and billing details needed to operate your subscription.
Messages exchanged with guests over connected channels, the contact identifiers those channels provide (e.g. phone number or handle), and booking-related details shared in conversation (dates, room type, guest count).
Operational telemetry such as latency, error rates, model usage, and aggregated product analytics (no guest PII).
We do not collect or store guest payment-card details — those flow directly through your payment provider. Voice calls are transcribed and the audio is discarded; we keep the transcript only.
We do not use personal data for advertising, and we do not sell it (see §8).
We process personal data under India's Digital Personal Data Protection Act, 2023 — principally on the basis of (a) the hotel's instructions and our contract with the hotel, (b) the consent the hotel obtains from its guests, and (c) our legitimate need to secure, support, and bill the service. Where consent is the basis, it can be withdrawn at any time (see §11).
All guest and hotel data is stored on Amazon Web Services in the Mumbai region (ap-south-1). Databases, conversation logs, and backups stay within India; we do not replicate data outside India. A guest messaging from abroad is still processed in Mumbai and the reply returns by the same path.
| Data type | Retention | Why |
|---|---|---|
| Conversation messages | 90 days active · 12 months archive | Follow-up context; audit & dispute resolution |
| Booking records | 7 years | Indian hospitality & tax compliance |
| Guest contact details | While account active | Deleted within 30 days of account closure |
| Audio recordings | Not stored | Transcript only is kept |
| AI model logs | 30 days | Debugging; PII redacted before review |
| Backups | 30 days, encrypted | Disaster recovery; rolling deletion |
We do not sell, rent, or trade personal data, and we do not share one hotel's data with another. We share data only with the sub-processors needed to run the service, each under a signed Data Processing Agreement covering residency, access controls, and breach notification.
| Sub-processor | Purpose | Residency |
|---|---|---|
| Amazon Web Services | Infrastructure | Mumbai, India |
| Anthropic | LLM inference | ZDR — no data retained |
| OpenAI | LLM inference (fallback) | ZDR — no data retained |
| WhatsApp Business API | Messaging gateway | India |
| Twilio | SMS fallback | Singapore (encrypted in transit) |
We notify customers 30 days before adding a new sub-processor.
Your guest conversations are never used to train Fluno's models or our LLM providers' models. Our providers have signed Zero Data Retention agreements, so prompts are not retained by them. If we ever offer an optional AI-improvement program, it will be strictly opt-in with clear scope.
Data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Passwords are never stored in plain text. Production access is limited to a documented list of engineers reviewed quarterly, protected by single sign-on and hardware security keys, and every access is logged. Support staff can read your data only after you raise a ticket, scoped to your account.
You can, at any time:
Email support@tryfluno.com; we respond within 7 working days.
Our marketing site uses no third-party cookies, no fingerprinting, and no
remarketing pixels. The product app uses one essential session cookie
(fluno_session) that expires when you log out.
Fluno is a business tool for hotels and is not directed at children. We do not knowingly collect data from anyone under 18; if we learn we have, we delete it.
We may update this policy as the service evolves or the law changes. Material changes will be notified by email or in-dashboard before they take effect, and the "last updated" date above will change.
All privacy & data requests: support@tryfluno.com
Data Protection Officer (DPO): Paras Khushalani
Postal: Fluno, c/o RPK Agrotech Exports Pvt Ltd, Plot No 351, Sector No 1/A, Gandhidham — 370201, Gujarat, India
We aim to respond to privacy inquiries within 2 working days. You also have the right to complain to the Data Protection Board of India.