Privacy Policy
Last updated: June 4, 2026
This Privacy Policy describes how Zerf (“Zerf”, “Innapp”, “we”, “us”, or “our”) collects, uses, and shares information when you use the Innapp platform, websites, and related services (the “Service”). Innapp helps hotels and resorts publish their property data so it can be discovered by AI assistants.
1. Information we collect
Account information
When you create an account, we collect your name, email address, and password (stored in hashed form). If you sign in using Google, we receive your name, email address, and profile picture from your Google account through Google’s OAuth service. We only request basic profile and email scopes and do not access any other Google data.
Hotel and property data
We collect the information you provide or import about your properties — including hotel descriptions, rooms, dining, amenities, deals, branding (logos, colors), and any URLs you submit for automated data extraction.
Usage and technical data
We automatically collect log data, device and browser information, IP address, and usage analytics to operate and improve the Service. We use cookies and similar technologies for authentication, preferences, and analytics.
2. How we use information
- To provide, maintain, and secure the Service and your account.
- To generate and host your hotel’s AI-accessible endpoint.
- To process the URLs you submit and extract structured property data.
- To communicate with you about your account, updates, and support.
- To analyze usage and improve the Service.
- To comply with legal obligations and prevent abuse or fraud.
3. How we share information
We do not sell your personal information. We share information only with service providers that help us operate the Service, and only as needed:
- Supabase — authentication, database, and file storage.
- Vercel — application and website hosting.
- Google — OAuth sign-in when you choose to log in with Google.
- Firecrawl — web scraping of the URLs you submit during onboarding.
- OpenAI and Anthropic — AI processing to extract and structure property data.
- Mapbox — mapping and location features.
- Analytics providers — aggregated usage measurement.
We may also disclose information to comply with the law, enforce our agreements, or protect the rights, safety, and property of Zerf, our users, or the public. If Zerf is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.
4. Data retention
We retain your information for as long as your account is active or as needed to provide the Service. You may request deletion of your account and associated data at any time (see Section 7). We may retain certain information where required by law or for legitimate business purposes.
5. Security
We use industry-standard measures — including encryption in transit, access controls, and database-level row security — to protect your information. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
6. International transfers
Your information may be processed and stored in countries other than your own. Where required, we rely on appropriate safeguards for such transfers.
7. Your rights
Depending on your location, you may have the right to access, correct, export, or delete your personal information, and to object to or restrict certain processing. To exercise these rights, contact us at hello@zerf.tech. We will respond within the timeframe required by applicable law.
8. Children’s privacy
The Service is not directed to individuals under 16, and we do not knowingly collect personal information from children.
9. Changes to this policy
We may update this Privacy Policy from time to time. We will post the revised version with an updated “Last updated” date and, where appropriate, notify you.
10. Contact us
If you have questions about this Privacy Policy, contact us at hello@zerf.tech.