← Weltrop

Privacy Policy

Last updated: March 2026

This Privacy Policy describes how Weltrop ("we", "our", "the Service"), operated at weltrop.com, collects, uses, stores, and protects personal data when hotels use our WhatsApp-native hotel management platform and when guests interact with hotels through that platform.

1. Who We Are

Weltrop is a SaaS platform that enables hotels to manage guest communication, check-ins, food and beverage orders, service requests, and feedback via WhatsApp. We act as a data processor on behalf of hotels (data controllers) for guest data, and as a data controller for hotel business data.

2. Data We Collect

2a. Guest Data

When a hotel uses Weltrop, the following guest data may be collected:

• Name and WhatsApp phone number — provided by the hotel at check-in to enable WhatsApp communication.
• Check-in and check-out dates — used to schedule automated messages and manage the stay lifecycle.
• Government-issued ID photos — uploaded during web check-in, required for hotel registration compliance under Indian law (Foreigners Act, 1946; hotel registration regulations).
• Address details — collected during web check-in for hotel registration records.
• Room preferences and assignment — recorded to facilitate hotel operations.
• Food and beverage orders — items ordered via WhatsApp during the stay.
• Service requests — details of requests made by guests (e.g. cab bookings, housekeeping, room service).
• Feedback and star ratings — submitted by guests after checkout via automated WhatsApp messages.
• WhatsApp message metadata — delivery and read receipts received from Meta's WhatsApp Cloud API.

2b. Hotel (Business) Data

• Hotel name, contact information, and configuration settings.
• Login credentials (passwords are stored as bcrypt hashes; never in plain text).
• WhatsApp Business Account credentials and phone number IDs.
• Billing information (processed by our payment provider; we do not store raw card data).

3. Why We Collect This Data

• Hotel operations: to enable automated guest messaging, order management, and service request routing.
• Legal compliance: Indian hotel registration laws require hotels to maintain records of guests' identity and address. ID photos and address data are collected to fulfil this legal obligation.
• Service delivery: to process food orders, route service requests to the correct department, and display information to hotel staff on the dashboard.
• Feedback and improvement: to collect post-checkout ratings and route positive reviews to Google.
• Platform security: to authenticate hotel staff and prevent unauthorised access.

4. WhatsApp and Meta

Guest messages are sent and received via the Meta WhatsApp Cloud API. By interacting with a hotel's WhatsApp number powered by Weltrop, guest messages are transmitted through Meta's infrastructure and are subject to Meta's Privacy Policy. Guests receive WhatsApp messages only if their phone number was registered with the hotel at check-in. Guests can opt out at any time by replying STOP to any message.

5. ID Photo Handling

Government-issued ID photos uploaded during web check-in are:

• Stored securely on encrypted servers.
• Accessible only to authorised hotel staff through the Weltrop dashboard.
• Automatically deleted 30 days after the guest's checkout date, in compliance with the Digital Personal Data Protection Act, 2023 (DPDP).
• Never shared with any third party other than the hotel where the guest is staying.

6. Data Sharing

We do not sell or rent personal data. Data is shared only in the following circumstances:

• Hotel staff: guest details, orders, requests, and feedback are visible to the hotel the guest is staying at, through the Weltrop dashboard.
• Meta Platforms, Inc.: messages are sent via Meta's WhatsApp Cloud API. Meta processes message content to deliver messages.
• Infrastructure providers: our hosting provider (Railway) stores data on secure servers. They are contractually prohibited from accessing or using data for their own purposes.
• Legal requirements: we may disclose data if required by applicable Indian law or a valid legal order.

7. Data Retention

• Active stay data (name, phone, room, orders, requests): retained for the duration of the stay plus 30 days, then deleted or anonymised.
• ID photos: automatically deleted 30 days after checkout.
• Feedback and star ratings: retained for up to 1 year for operational analysis, then deleted.
• Hotel business data: retained for the duration of the hotel's subscription plus 90 days after cancellation to enable data export.

8. Data Security

We implement the following security measures:

• All data in transit is encrypted using HTTPS/TLS.
• Dashboard access is protected by HMAC-signed session cookies with 8-hour expiry.
• Hotel passwords are stored as bcrypt hashes.
• The database is hosted on a persistent volume with access restricted to the application.
• Admin access requires separate credentials stored as environment variables, not in the database.

9. Guest Rights

Under the Digital Personal Data Protection Act, 2023 (DPDP) and applicable Indian law, guests have the right to:

• Access their personal data held by the hotel.
• Correct inaccurate data.
• Request deletion of their data, subject to legal retention requirements.

To exercise these rights, guests can message the hotel directly on WhatsApp or contact us at admin@weltrop.com. See our Data Deletion page for full instructions.

10. Hotel (Business) Rights

Hotels can request export or deletion of their account data by contacting admin@weltrop.com. On cancellation of subscription, hotel data is retained for 90 days to allow data export, then permanently deleted.

11. Cookies

Weltrop uses session cookies (hsession) solely for authenticating hotel staff on the dashboard. These cookies are HMAC-signed, HTTP-only, and expire after 8 hours. We do not use tracking cookies, analytics cookies, or advertising cookies.

12. Children's Privacy

Our service is not directed at children under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor's data has been collected, contact us and we will delete it.

13. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated to hotel operators by email. The updated policy will be published on this page with a revised date.

---

Contact Us

For any privacy-related questions, data requests, or concerns:
admin@weltrop.com
Weltrop Solutions | weltrop.com