Privacy Policy

Effective date: April 28, 2026 · Last updated: May 21, 2026

This Privacy Policy explains how 72Knots.AI LLC ("72Knots", "we", "us") collects, uses, and protects information when you use our software products: Team BellDesk, BellDesk Guest, Team Valet, Ticketless Valet, and the related web services at our company site 72knots.ai and our product sites valetparking.ai and belldeskai.com (collectively, the "Services").

1. Who this Policy applies to

72Knots provides software to hospitality businesses (hotels, valet parking operators, residential properties). Our products serve two types of users:

• Employees of our customer businesses — hotel staff, valet operators, dispatchers, cashiers — who use Team BellDesk, Team Valet, and Ticketless Valet to perform their jobs.
• Hotel guests and parking customers — who interact with BellDesk Guest, ticketless retrieval pages, and similar guest-facing tools.

2. Information we collect

From employees: name, work email, employee number, role (valet, cashier, dispatcher, owner), assigned location, login credentials (passwords stored encrypted; PINs stored hashed), shift activity, and device identifiers from work-assigned tablets and phones.

From vehicles and operations: license plate numbers, vehicle make / model / color, photographs of vehicles documenting damage at arrival and departure, parking spot numbers, and timestamps. Photographs are captured directly through the in-app camera; we do not access your device's photo library.

From guests and parking customers: first name and last initial, mobile phone number (for SMS pickup notifications), payment card information (processed by Stripe — we do not retain full card numbers), country selected by the guest, vehicle details, and your room number when staying at a participating hotel.

From the BellDesk Guest app: when you use the BellDesk Guest mobile app, you may provide your first name (and optionally last name and phone number) directly during in-app setup, in addition to information collected at hotel check-in. You also select a country or region to set your language and regional preferences. If you allow push notifications, your device registers a token used solely to deliver alerts about your service requests, staff replies, and luggage status.

From all users: IP address, device type and operating system, app version, language preference, and crash diagnostics.

What we do NOT collect: we do not access device GPS or any location services, contacts, photo library, calendar, or health data.

3. AI-powered features

BellDesk Guest voice concierge: When you choose to use the voice feature, your voice is sent through an API to xAI (the company behind Grok), which converts your speech into text and identifies your request. We do not record, store, or retain audio of your voice. xAI's handling of audio sent to its API is governed by xAI's own privacy policy, which we encourage you to review at x.ai/legal/privacy-policy.

Vehicle photo analysis (valet apps): When a valet captures a photo of a vehicle, the image may be sent through an API to OpenAI for automatic recognition of the vehicle's license plate, color, make, model, and any visible damage. This is used to fill in ticket details faster. The image is processed by OpenAI under their API data-handling terms; we do not use the image for any purpose beyond ticket creation. OpenAI's policy is at openai.com/policies/privacy-policy.

4. How we use information

• Provide the Services and process transactions
• Authenticate users and protect against unauthorized access
• Send transactional notifications (vehicle ready, payment receipts, password resets)
• Interpret and respond to spoken and typed requests through our AI concierge
• Send push notifications about service updates, staff replies, and luggage status
• Generate reports and analytics for our customer businesses about their own operations
• Detect, prevent, and respond to fraud or technical problems
• Comply with legal obligations

5. Third-party services we use

We rely on the following service providers, each bound by their own privacy commitments:

• Stripe — payment processing
• Resend — transactional email delivery
• Twilio — SMS notifications
• xAI — voice processing for the BellDesk Guest concierge
• OpenAI — automatic vehicle photo analysis in the valet apps
• Amazon Web Services — backups and file storage
• DigitalOcean — application hosting
• Apple and Google — app distribution and push notifications

6. Data sharing

We do not sell your personal information. We share information only:

• With our customer business that owns the location where you are working or parking — for example, the hotel that employs you, or the valet operator handling your vehicle.
• With the third-party service providers listed above, only as needed to provide the Services.
• When required by law, subpoena, or to protect rights and safety.

7. Device permissions

Our apps may request the following device permissions:

• Camera — for scanning ticket barcodes, license plates, and documenting vehicle damage. Photos are captured directly in the app and are not selected from your photo library.
• Microphone (BellDesk Guest only) — for the voice concierge described in Section 3. Used only when you actively choose to speak.
• Push notifications (BellDesk Guest) — to alert you when a service request is updated, staff replies, or your luggage status changes. You can disable notifications at any time in your device settings.
• Secure storage — to remember your device's enrollment and keep you signed in.

You can revoke any of these permissions at any time in your device's system settings. We do NOT request location, contacts, photo library, or calendar permissions.

8. Data retention

Operational data (tickets, vehicles, transactions) is retained as long as the customer business maintains an active account, plus a reasonable period after for audit and legal compliance. Voice audio is not retained at any time. You can request deletion of your personal information at any time using the contact form below.

9. Your rights

Depending on where you live, you may have the right to access, correct, delete, or port your personal information; to opt out of certain uses; or to lodge a complaint with a data protection authority. California residents have specific rights under the CCPA. EU and UK residents have rights under the GDPR. Contact us using the form below to exercise these rights.

10. Children

Our Services are not directed to children under 13 and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us and we will delete it.

11. Security

We use industry-standard practices to protect information, including encryption in transit (HTTPS), encryption of sensitive fields at rest, hashed credentials, regular backups, and access controls. No system is perfectly secure, and we cannot guarantee absolute security.

12. International data transfers

Our servers are located in the United States. If you access the Services from outside the United States, your information will be transferred to and processed in the United States.

13. Changes to this Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. Significant changes will be communicated through the Services or by email.