Legal
Privacy Policy
RAYN handles guest, venue, booking and messaging data as part of a premium hospitality platform. This page explains what is collected, why it is processed, which sub-processors it is shared with, how it is processed by AI, how it moves across borders, and how long it is retained.
Who we are
RAYN is operated as a hospitality booking and intelligence platform. For the purposes of data protection and privacy compliance, RAYN acts as the data controller for personal data processed through the platform, except where the context makes a connected venue the controller for its own booking relationship, in which case RAYN acts as processor for that venue.
What data we collect
- Identity and contact data, including name, email address and phone number.
- Booking data, including reservation details, preferences, modifications, cancellations and special requests.
- Journey data, including table or area choice, browsing behaviour, WhatsApp and Instagram interaction, and website navigation signals.
- Payment data processed by our payment provider; RAYN stores a payment provider reference, not full card details.
- Technical data, including device, browser, IP address and session information used to operate and secure the platform.
Why we process it
- To process reservations and pre-arrival communication.
- To support direct website, WhatsApp and Instagram booking and enquiry flows.
- To provide venues with useful intelligence around demand, preference and booking behaviour.
- To improve platform performance, security and product quality.
- To comply with legal, financial and contractual obligations.
AI processing
To generate concierge replies and to extract booking and enquiry details, guest and prospect message content may be processed by a third-party large-language-model provider (Anthropic). This processing is used to operate the messaging experience and to draft responses; it is not used to make solely automated decisions that produce legal or similarly significant effects without human involvement. Message content sent for AI processing is subject to the retention windows below.
WhatsApp & Instagram messaging
Where you contact a venue or RAYN over WhatsApp, we process your phone number and the content of the conversation to handle your booking and pre-arrival communication. Where you contact us through Instagram direct messages, we process your Instagram username, identifier and the content of the conversation as a business enquiry. Message content is retained for the periods set out below and can be deleted on request.
International transfers
RAYN operates across the United Arab Emirates, the United Kingdom and India, and uses sub-processors located in the EU and the US. Personal data may therefore be transferred across borders — for example, a UK guest's data may be stored in the EU and processed for AI replies in the US. Where such transfers occur, they are carried out under an appropriate legal basis for each jurisdiction:
- United Arab Emirates — in accordance with the UAE Personal Data Protection Law (PDPL).
- United Kingdom & European Union — under UK GDPR / EU GDPR, using Standard Contractual Clauses, the UK International Data Transfer Addendum, or an adequacy decision where available.
- India — in accordance with the Digital Personal Data Protection Act, 2023 (DPDP).
Retention
We retain personal data only for as long as necessary for the purpose it was collected, then delete or anonymise it. The following retention windows are enforced by automated jobs:
| Data | Retention | What happens after |
|---|---|---|
| Booking and transaction records | Statutory minimum for financial recordkeeping | Retained anonymised where possible |
| Campaign message content | 90 days | Message content redacted; direct phone/email not stored |
| WhatsApp message content | 24 months | Message content scrubbed; delivery metadata retained |
| Instagram direct-message threads | 12 months | Conversation content and username emptied |
| Prospect enquiry / demo reply text | 12 months | Free-text scrubbed |
| Guest feedback free-text | 24 months | Free-text and identifiers scrubbed; anonymised rating retained |
| Website & product analytics | Per analytics provider retention | Retained in aggregated form |
| Marketing preferences | Until changed or withdrawn | Suppression retained to honour opt-out |
Your rights
Where applicable, you may request access, correction, deletion, restriction, portability or objection in relation to personal data processed by RAYN. You may also withdraw consent where processing depends on consent.
To exercise the right to erasure, contact us at the address below. We action verified deletion requests within 30 days: your identity and contact details are anonymised, and your free-text content across bookings, feedback, campaigns and messaging is scrubbed, while statutory-minimum financial records are retained in anonymised form.
Email: legal@rayn-co.com
Last updated: July 2026