Privacy Policy

    Last updated: February 8, 2026

    1. Introduction

    Kazza (MERCOVA SAS) (hereinafter "we", "our" or "us") is committed to protecting the privacy of users of our voice assistant service for hosts. This privacy policy explains how we collect, use, share and protect your personal information in accordance with the General Data Protection Regulation (GDPR) and the French Data Protection Act.

    2. Data Controller

    Kazza (MERCOVA SAS)

    Simplified Joint Stock Company

    Registered office: 66 AVENUE DES CHAMPS ELYSEES, 75008 PARIS

    Email: [email protected]

    SIRET: 981 846 694 00017

    EU VAT: FR70981846694


    For any questions regarding your personal data, you can contact us at: [email protected]

    3. Data Collected

    We collect the following categories of data:


    Identification data: Name, surname, email address, phone number.


    Property data: Name, address, property information (amenities, rules, access) you provide to configure the assistant.


    Call data:

  1. Voice recordings of conversations between travelers and the Kazza assistant
  2. Automatic call transcriptions
  3. Duration and timestamp of calls
  4. Caller phone number

  5. Billing data: Payment information processed by our provider Stripe (we do not store your card numbers).


    Technical data: IP address, browser type, operating system, connection data, usage logs.


    Usage data: Usage statistics, number of calls, consumption, preferences.

    4. Processing Purposes

    We process your data to:


  6. Provide our voice assistant service and answer your travelers' calls
  7. Manage your user account and subscription
  8. Process payments and billing
  9. Send you notifications about your calls (transfer SMS)
  10. Improve the quality of our voice assistant and services
  11. Ensure security and prevent fraud
  12. Comply with our legal and regulatory obligations
  13. Respond to your support requests
  14. 5. Legal Basis

    The processing of your data is based on:


    Contract performance: To provide our service, manage your account and subscription.


    Your consent: For call recording and transcription, for sending marketing communications.


    Our legitimate interest: To improve our services, ensure security, prevent fraud.


    Legal obligations: For billing, accounting, tax returns.

    6. Data Recipients

    Your data may be shared with the following providers, strictly within the scope of service provision:


    Voice processing:

  15. ElevenLabs (voice synthesis and processing) - United States

  16. Telephony:

  17. Twilio (call and SMS management) - United States

  18. Payments:

  19. Stripe (secure payment processing) - United States

  20. Hosting and infrastructure:

  21. Vercel (web hosting) - United States
  22. Supabase (database and authentication) - Singapore/EU

  23. Analytics:

  24. Google Analytics (anonymized visit statistics) - United States

  25. We never sell your personal data to third parties. All our providers are bound by GDPR-compliant contractual clauses.

    7. International Transfers

    Some of our data is processed outside the European Union (particularly in the United States). In this case, we ensure appropriate safeguards are in place:


  26. European Commission Standard Contractual Clauses
  27. Provider certification under the EU-US Data Privacy Framework (where applicable)
  28. Additional technical and organizational measures

  29. You can obtain a copy of the safeguards in place by contacting us.

    8. Data Retention

    Account data: Retained during your subscription and 3 years after last activity.


    Call recordings: Retained for 3 days then automatically and irreversibly deleted.


    Call transcriptions: Retained for 3 days then automatically deleted.


    Billing data: Retained for 10 years in accordance with accounting obligations.


    Technical data (logs): Retained for 12 months.


    Marketing contact data: Until withdrawal of consent or 3 years without activity.

    9. Your Rights

    Under GDPR, you have the following rights:


    Right of access: Obtain a copy of your personal data.


    Right to rectification: Correct inaccurate or incomplete data.


    Right to erasure: Request deletion of your data (right to be forgotten).


    Right to portability: Receive your data in a structured, readable format.


    Right to object: Object to processing for legitimate reasons.


    Right to restriction: Request restriction of processing in certain cases.


    Right to withdraw consent: At any time, without affecting the lawfulness of prior processing.


    Right to define post-mortem instructions: Define what happens to your data after your death.


    To exercise these rights, contact us at: [email protected]


    You can also file a complaint with the CNIL.

    10. Data Security

    We implement appropriate technical and organizational measures to protect your data:


  30. Encryption of data in transit (TLS/SSL) and at rest
  31. Secure authentication with password hashing
  32. Restricted access to personal data (principle of least privilege)
  33. Continuous monitoring of our systems and intrusion detection
  34. Regular security audits
  35. Staff training on data protection
  36. Backup and recovery procedures

  37. In the event of a data breach likely to result in a high risk to your rights, we will inform you as soon as possible.

    11. Cookies and Similar Technologies

    Our site uses cookies for:


    Strictly necessary cookies:

  38. User authentication and session
  39. Language preferences
  40. Security (CSRF protection)

  41. Analytical cookies (with your consent):

  42. Google Analytics (anonymized audience measurement)

  43. You can manage your cookie preferences at any time via your browser settings. Disabling certain cookies may affect site functionality.

    12. Minors

    Our service is intended for hospitality professionals and is not designed for minors under 18 years of age. We do not knowingly collect personal data concerning minors.

    13. Policy Modifications

    We may modify this privacy policy at any time. In case of substantial modification, we will inform you by email or via our service at least 30 days before the changes take effect.


    The last update date is indicated at the top of this document.

    14. Contact and Complaints

    For any questions regarding this policy or your personal data:


    Email: [email protected]

    Mail: MERCOVA SAS - 66 AVENUE DES CHAMPS ELYSEES, 75008 PARIS, France


    Supervisory authority:

    You can file a complaint with the CNIL:

    Commission Nationale de l'Informatique et des Libertés

    3 Place de Fontenoy - TSA 80715

    75334 Paris Cedex 07

    www.cnil.fr