PRIVACY AND COOKIE POLICY

Last updated July 27, 2025

This Privacy and Cookie Policy for AirROI LLC ("Company," "we," "us," or "our") describes how and why we might collect, store, use, and/or share ("process") your personal information when you use our services ("Services"), including when you:

Visit our website at https://www.airroi.com, or any website of ours that links to this Privacy and Cookie Policy.
Use AirROI. AirROI empowers Airbnb hosts, property managers, and investors with AI-driven analytics, market research, and dynamic pricing to maximize return on investment.
Access or use our Enterprise API services for integration with your applications or platforms.
Engage with us in other related ways, including any sales, marketing, or events.

Questions or concerns? Reading this Privacy and Cookie Policy will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at admin@airroi.com.

WHAT INFORMATION DO WE COLLECT?
HOW DO WE PROCESS YOUR INFORMATION?
WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?
WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
WHAT IS OUR STANCE ON THIRD-PARTY WEBSITES?
DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
HOW DO WE HANDLE YOUR SOCIAL LOGINS?
HOW LONG DO WE KEEP YOUR INFORMATION?
HOW DO WE KEEP YOUR INFORMATION SAFE?
DO WE COLLECT INFORMATION FROM MINORS?
WHAT ARE YOUR PRIVACY RIGHTS?
CONTROLS FOR DO-NOT-TRACK FEATURES
DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
DO OTHER REGIONS HAVE SPECIFIC PRIVACY RIGHTS?
DO WE MAKE UPDATES TO THIS POLICY?
HOW CAN YOU CONTACT US ABOUT THIS POLICY?
HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

1. WHAT INFORMATION DO WE COLLECT?

Personal information you disclose to us

In Short: We collect personal information that you provide to us.

We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, participate in activities on the Services, or otherwise contact us.

Personal Information Provided by You. The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:

Identifiers: Names, phone numbers, mailing addresses, email addresses, job titles, usernames, passwords, API keys, and client IDs.
Contact Information: Contact preferences, contact or authentication data.
Financial Information: Billing addresses, debit/credit card numbers, payment history, and subscription information.
Business Information: Company name, business type, industry sector, and business registration details.
Sensitive Information: When necessary, with your consent or as otherwise permitted by applicable law, we process financial data.

Payment Data. We may collect data necessary to process your payment if you choose to make purchases, such as your payment instrument number and the security code associated with your payment instrument. All payment data is handled and stored by Stripe.

Social Media Login Data. We may provide you with the option to register with us using your existing social media account details, like your Facebook or X (formerly Twitter) account. If you choose to register in this way, we will collect certain profile information about you from the social media provider, as described in the section called HOW DO WE HANDLE YOUR SOCIAL LOGINS? section below.

All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.

Information automatically collected

In Short: Some information—such as your Internet Protocol (IP) address and/or browser and device characteristics—is collected automatically when you visit our Services.

We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include:

Device and Usage Information: IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information.
Cookies and Similar Technologies: We may use cookies and similar tracking technologies to collect and store your information.

The information we collect includes:

Log and Usage Data. Service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services.
Device Data. Information about your computer, phone, tablet, or other device you use to access the Services.
Location Data. Information about your device's location, which can be either precise or imprecise.

Google API

Our use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Enterprise API Usage Data

When you use our Enterprise API services, we automatically collect:

API Request Data: Endpoint accessed, request parameters, response codes, timestamps, and data volume.
Performance Metrics: Response times, error rates, and usage patterns.
Authentication Data: API key usage, OAuth tokens, and authentication attempts.
Application Information: Your application name, version, and integration details.
Usage Analytics: Frequency of API calls, data access patterns, and feature utilization.
Security Logs: IP addresses, request headers, and potential security events.

This information is collected to:

Monitor and ensure API performance and reliability
Detect and prevent abuse or unauthorized access
Comply with rate limiting and usage quotas
Provide usage analytics and billing
Improve our API services and develop new features
Ensure compliance with our Terms of Service

2. HOW DO WE PROCESS YOUR INFORMATION?

In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law.

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:

To facilitate account creation and authentication.
To deliver and facilitate delivery of services to you.
To respond to user inquiries and offer support.
To send administrative information to you.
To fulfill and manage your orders.
To enable user-to-user communications.
To request feedback.
To send you marketing and promotional communications. You can opt out of our marketing emails at any time.
To deliver targeted advertising to you.
To protect our Services.
To identify usage trends.
To determine the effectiveness of our marketing and promotional campaigns.
To save or protect an individual's vital interest.
To monitor API usage and enforce usage limits.
To detect and prevent API abuse, fraud, or security threats.
To provide technical support for API integrations.
To analyze API performance and optimize service delivery.
To comply with legal obligations and regulatory requirements.
To enforce our Terms of Service and API usage policies.

3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?

In Short: We only process your personal information when we believe it is necessary and we have a valid legal reason to do so under applicable law.

If you are located in the EU or UK, this section applies to you.

We may rely on the following legal bases:

Consent.
Performance of a Contract.
Legitimate Interests.
Legal Obligations.
Vital Interests.

If you are located in Canada, this section applies to you.

We may process your information if you have given us specific permission (express consent) or in situations where your permission can be inferred (implied consent). You can withdraw your consent at any time.

4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

In Short: We may share information in specific situations and with specific third parties.

We may need to share your personal information in the following situations:

Business Transfers.
When we use Google Maps Platform APIs.
Affiliates.
Business Partners.
API Service Providers: We may share API usage data with third-party service providers who help us operate, monitor, and improve our API services.
Security and Compliance Partners: We may share information with security firms and compliance auditors to ensure the integrity and compliance of our services.
Legal and Regulatory Authorities: We may disclose API usage information when required by law, subpoena, or other legal process, or to protect our rights and the security of our services.

5. WHAT IS OUR STANCE ON THIRD-PARTY WEBSITES?

In Short: We are not responsible for the safety of any information that you share with third parties that we may link to or who advertise on our Services.

Our Services may contain links to third-party websites, online services, or mobile applications. We cannot guarantee the safety and privacy of data you provide to any third-party websites.

6. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

In Short: Yes, we use cookies and similar tracking technologies to collect and store your information.

What are cookies?

Cookies are small data files that are placed on your computer or mobile device when you visit a website. Cookies set by the website owner are called "first-party cookies." Cookies set by parties other than the website owner are called "third-party cookies."

Why do we use cookies?

We use first- and third-party cookies for several reasons:

Essential Cookies: Necessary for our Website to operate.
Performance and Functionality Cookies: Enhance the performance and functionality of our Website.
Analytics and Customization Cookies: Collect information that is used either in aggregate form to help us understand how our Website is being used.
Advertising Cookies: Make advertising messages more relevant to you.

How can you control cookies?

You have the right to decide whether to accept or reject cookies. You can set or amend your web browser controls to accept or refuse cookies. If you choose to reject cookies, you may still use our Website though your access to some functionality may be restricted.

For more information on how to control cookies, please see your browser's help menu.

What about other tracking technologies?

We may use other, similar technologies like web beacons (sometimes called "tracking pixels" or "clear gifs"). These are tiny graphics files that contain a unique identifier that enable us to recognize when someone has visited our Website.

Do we serve targeted advertising?

Third parties may serve cookies on your computer or mobile device to serve advertising through our Website. These companies may use information about your visits to provide relevant advertisements about goods and services.

Google Analytics

We may use Google Analytics to track and analyze the use of the Services. You can opt out of being tracked by Google Analytics by visiting https://tools.google.com/dlpage/gaoptout.

7. HOW DO WE HANDLE YOUR SOCIAL LOGINS?

In Short: If you choose to register or log in to our Services using a social media account, we may have access to certain information about you.

We offer you the ability to register and log in using your third-party social media account details. We will use the information we receive only for the purposes described in this Privacy and Cookie Policy.

8. HOW LONG DO WE KEEP YOUR INFORMATION?

In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this Privacy and Cookie Policy unless otherwise required by law.

No purpose in this policy will require us keeping your personal information for longer than the period of time in which users have an account with us.

API Data Retention

For Enterprise API users:

API usage logs are retained for 24 months for security and compliance purposes
Performance metrics are retained for 12 months
Aggregated usage statistics may be retained indefinitely in anonymized form
Upon account termination, API-related data will be deleted within 90 days, except where longer retention is required by law

9. HOW DO WE KEEP YOUR INFORMATION SAFE?

In Short: We aim to protect your personal information through a system of organizational and technical security measures.

However, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure.

API Security Measures

For our Enterprise API services, we implement additional security measures including:

Encryption of API communications using TLS 1.2 or higher
API key rotation capabilities and secure key storage requirements
Rate limiting and DDoS protection
Regular security audits and penetration testing
IP allowlisting options for enterprise customers
Comprehensive audit logging of all API access
Anomaly detection for unusual usage patterns

10. DO WE COLLECT INFORMATION FROM MINORS?

In Short: We do not knowingly collect data from or market to children under 18 years of age.

If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data.

11. WHAT ARE YOUR PRIVACY RIGHTS?

In Short: Depending on your state or country of residence, you may have certain rights regarding your personal information.

In some regions, you have rights under applicable data protection laws, including:

Right to Access.
Right to Rectification.
Right to Erasure.
Right to Restrict Processing.
Right to Data Portability.
Right to Object to Processing.
Right to Withdraw Consent.

Withdrawing your consent: You can withdraw your consent at any time by contacting us.

Opting out of marketing and promotional communications: You can unsubscribe from our marketing communications at any time.

Account Information

If you would like to review or change the information in your account or terminate your account, you can:

12. CONTROLS FOR DO-NOT-TRACK FEATURES

Most web browsers and some mobile operating systems include a Do-Not-Track ("DNT") feature. We do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online.

13. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

In Short: Yes, if you are a resident of certain states, you may have specific rights regarding access to your personal information.

We have collected the following categories of personal information in the past twelve (12) months:

Identifiers
Personal information as defined in the California Customer Records statute
Protected classification characteristics
Commercial information
Biometric information
Internet or other similar network activity
Geolocation data
Audio, electronic, visual, or similar information
Professional or employment-related information
Education Information
Inferences drawn from other personal information
Sensitive personal information

Your Rights

You have rights under certain U.S. state data protection laws, including:

Right to know what personal information we have collected about you.
Right to request deletion of your personal information.
Right to correct inaccuracies in your personal information.
Right to opt out of the sale or sharing of your personal information.
Right to non-discrimination for exercising your rights.
Right to data portability for API users (export your API usage data).
Right to request information about automated decision-making processes.

Enterprise API Users - Additional Rights

If you are an Enterprise API user, you also have the right to:

Request detailed API usage reports
Export your API configuration and integration settings
Request audit logs of API access for your account
Receive notification of any security incidents affecting your data

How to Exercise Your Rights

To exercise these rights, you can contact us by:

Emailing us at admin@airroi.com

14. DO OTHER REGIONS HAVE SPECIFIC PRIVACY RIGHTS?

In Short: Yes, you may have additional rights based on the country you reside in.

Australia and New Zealand

You have the right to request access to or correction of your personal information.

Republic of South Africa

You have the right to request access to or correction of your personal information.

15. DO WE MAKE UPDATES TO THIS POLICY?

In Short: Yes, we will update this policy as necessary to stay compliant with relevant laws.

The updated version will be indicated by an updated "Last updated" date at the top of this Privacy and Cookie Policy.

16. HOW CAN YOU CONTACT US ABOUT THIS POLICY?

If you have questions or comments about this policy, you may contact us:

By email: admin@airroi.com

17. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

Based on the applicable laws of your country or state of residence, you may have the right to request access to the personal information we collect from you, correct inaccuracies, or delete your personal information. To request to review, update, or delete your personal information, please:

Email us at: admin@airroi.com

Note: This Privacy and Cookie Policy applies to all users of our Services, including Enterprise API users, and explains how we collect, use, disclose, and safeguard your information. Please read this policy carefully. If you do not agree with the terms of this policy, please do not access the Services.

International Data Transfers

For Enterprise API users accessing our services from outside the United States:

Your data may be transferred to and processed in the United States where our servers are located
We implement appropriate safeguards for international data transfers, including standard contractual clauses where required
By using our API services, you consent to the transfer of your information to the United States
We comply with applicable data localization requirements where mandated by law

Financial Services Compliance

If you use our services for financial or investment purposes:

We may collect additional information to comply with Know Your Customer (KYC) and Anti-Money Laundering (AML) requirements
We maintain appropriate data security standards for financial data
We do not sell or share personal information collected for financial compliance purposes
Financial compliance data is retained according to applicable regulatory requirements