View all results No results

• Featured
• Nightlife
• Restaurants

• Home
• Explore
• My account
• Add a Listing

Add a listing

Sign in or Register

0

Add a listing

Privacy Policy

Last updated: March 1, 2026

HiLucy (“we,” “us,” or “our”) operates the hilucy.com website and the HiLucy mobile application (collectively, the “Service”). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service.

By using the Service, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Information You Provide

We collect information you voluntarily provide when using the Service:

• Account information — name, email address, phone number, and password when you register
• Guest check-in data — first name, last name, nationality, document type and number, home address, check-in and check-out dates, room number, and number of guests
• Service requests — details of concierge requests you submit, including transportation bookings, activity reservations, trip planning preferences, and special instructions
• Chat messages — messages you send to our AI concierge via WhatsApp or the in-app chat, including any file attachments (images, documents)
• Payment information — billing details processed through Stripe; we do not store full credit card numbers on our servers
• Booking data — activity bookings, appointment reservations, and rental agreements including dates, times, guest counts, and service preferences

1.2 Information Collected Automatically

When you use the Service, we automatically collect:

• Device information — device type, operating system, browser type, and unique device identifiers
• Usage data — pages visited, features used, and interaction patterns
• IP address — used for security, fraud prevention, and approximate location
• Cookies and session data — session identifiers, authentication tokens, and display preferences (see Section 6)

1.3 Information From Third Parties

We may receive information about you from third-party services you interact with through our platform:

• WhatsApp (Meta) — phone number, message content, and delivery status when you communicate with our AI concierge
• Acuity Scheduling — appointment details when you book services through our scheduling integration
• Stripe — transaction status and payment confirmations

2. How We Use Your Information

We use the information we collect for the following purposes:

• Providing the Service — processing your bookings, fulfilling service requests, coordinating with hospitality staff, and delivering AI concierge assistance
• Communication — sending booking confirmations, service updates, check-in instructions, and responding to your inquiries via WhatsApp or email
• Personalization — remembering your preferences, language, and past interactions to provide a better guest experience
• Payment processing — processing transactions, managing billing, and handling refunds through our payment provider
• Safety and security — detecting and preventing fraud, verifying identity, and protecting against unauthorized access
• Legal compliance — meeting guest registration requirements under local hospitality regulations
• Service improvement — analyzing usage patterns to improve our AI concierge, service quality, and user experience

3. AI-Powered Services

HiLucy uses artificial intelligence to power its concierge service. When you interact with our AI concierge:

• Your messages are processed by our AI system (powered by OpenAI) to understand your requests and generate helpful responses
• Conversation history is stored to maintain context across your interactions and provide continuity of service
• The AI may store preferences and facts you share (such as dietary restrictions or transportation preferences) to personalize future interactions
• Your conversations may be reviewed to improve AI quality and accuracy, but are not used to train third-party AI models
• The AI may search our knowledge base and external sources (such as flight or hotel availability) on your behalf to fulfill your requests

4. How We Share Your Information

We do not sell your personal information. We share your data only in the following circumstances:

4.1 Service Providers

We share information with third-party service providers who help us operate the Service:

• Stripe — payment processing (subject to Stripe’s Privacy Policy)
• Meta / WhatsApp — message delivery (subject to WhatsApp’s Privacy Policy)
• OpenAI — AI language processing (subject to OpenAI’s Privacy Policy)
• Acuity Scheduling — appointment management
• Pinecone — secure vector database for AI knowledge retrieval
• Google — translation and location services

4.2 Hospitality Partners

When you stay at or interact with a property using HiLucy, we share relevant information with the property’s staff to fulfill your requests. This includes your name, room number, service requests, and any details needed to provide the services you requested.

4.3 Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of HiLucy, our users, or others.

5. Data Retention

We retain your information for as long as your account is active or as needed to provide services. Specific retention periods:

• Account data — retained until you request account deletion
• Chat and conversation history — retained for up to 12 months after your last interaction, then automatically deleted
• Service request records — retained for up to 24 months for operational and quality purposes
• Guest registration records — retained for up to 5 years as required by local hospitality regulations in Mexico
• Financial transaction records — retained for up to 7 years to comply with tax and accounting regulations
• Anonymized analytics — may be retained indefinitely in aggregated, non-identifiable form

6. Cookies

We use cookies and similar technologies to operate the Service:

• Essential cookies — authentication tokens and session identifiers required for the Service to function (e.g., hilucy_guest_token, WordPress login cookies)
• Preference cookies — store your display preferences such as language and chat display settings (e.g., hilucy_guest_color, hilucy_guest_name), with a 30-day expiry
• Analytics cookies — help us understand how the Service is used to improve performance

You can configure your browser to refuse cookies, but some features of the Service may not function properly without them.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

• All data transmitted between your device and our servers is encrypted using TLS/SSL (HTTPS)
• Passwords are stored using secure one-way hashing algorithms
• Payment data is processed by PCI-DSS compliant providers (Stripe) and is not stored on our servers
• Access to personal data is restricted to authorized personnel on a need-to-know basis
• We conduct regular security reviews of our systems

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you
• Correction — request correction of inaccurate or incomplete data
• Deletion — request deletion of your account and personal data (see our Account Deletion page)
• Data portability — request an export of your data in a machine-readable format
• Restriction — request that we limit processing of your data in certain circumstances
• Objection — object to processing of your data for certain purposes
• Withdraw consent — withdraw consent at any time where processing is based on your consent

To exercise any of these rights, contact us at [email protected]. We will respond to your request within 30 days.

9. Children’s Privacy

The Service is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children under 16. If you believe we have collected data from a child under 16, please contact us at [email protected] and we will promptly delete it.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States and Mexico, where our servers and service providers are located. These countries may have data protection laws that differ from your jurisdiction. By using the Service, you consent to such transfers.

Where required, we ensure appropriate safeguards are in place for international data transfers, including contractual protections with our service providers.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the “Last updated” date. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at:

• Email: [email protected]
• Website: https://hilucy.com
• Account Deletion: https://hilucy.com/delete-account