Login
Get a Demo

Privacy Policy

Directful , Inc. (“Directful”, “we”, and/or “us”) value the privacy of individuals who access or use directful.com (https://www.directful.com/), including all of its related applications, dashboards, or platforms, who purchase any products from Directful, or who sign up for any services. 

This privacy policy (“Privacy Policy”) explains how we collect, use, and share data or about any individual or entity who accesses or uses the Services (“Client” or “you”) or their devices. By using our Services, you agree to the collection, use, disclosure, and procedures this Privacy Policy describes. Beyond the Privacy Policy, your use of our Services is also subject to our Terms of Service

Directful provides various online service tools to the hospitality industry. These tools include but not limited to CRM, loyalty, messaging, marketing and review management.  (“Services”) Members of the hospitality industry that engage us to provide these online service tools are our “Clients”.

Data We Collect

  • Data you give to us directly. When our Client’s contract to use our Service, we ask for personally identifiable information such as your first and last name, mobile phone number(s), physical address(es), email addresses(es) and login credentials of Client or client staff authorized to use the Services. If a Client’s guest or patron elects to use our messaging service, our Client will also collect and share with us, under a contractual service agreement the end user’s personal contact information such as their name and mobile phone number(s)  this is required in order to process and provide these services on behalf of the Client.
  • Data we collect from you automatically. When Clients use our application or messaging, we automatically collect non-personally identifiable information regarding the Clients’ browser and log files, operating system, internet protocol (IP) address, domain name internet service provider, geographic location, date/time stamp, and click stream data, including the pages visited while on our web application. We collect this information through the use of cookies or other tracking technologies as described in the Site & Services Technology section below.  If we can identify you from any of this information, it is considered personally identifiable.

The following are the categories and specific types of personal information that we may collect to provide the Services as mentioned above:

  • Consumer Data: Client shall provide consumer data (end user) to us to be processed on behalf of Client according to the Services agreement.
  • Basic Identifying Information: This is personal contact information including company name, company representative full name, job title, postal address, e-mail address, phone number, username/handle, account ID, assigned ID, Client number, login credentials, account security and verification records, website or social media handle, or other similar identifiers.
  • Device Information and Other Unique Identifiers: Includes device identification numbers, application identification numbers, advertising identifiers, device location information, mac address, hardware model, internet Agency, and mobile carrier.
  • Internet or Other Network Activity: Includes browsing or search history, and information regarding your interactions with our websites, mobile applications, emails, or advertisements.
  • Geolocation Data: Includes information that permits us to determine your location, such as if you manually provide location information or enable your mobile device to send us precise location information.
  • Demographic Data: Includes age, gender, race, ethnicity, some of which may include characteristics of protected classifications under state or federal law.
  • User Content/Support & Service Communications: Includes your communications with us and any other content you provide to us regarding Services (such as social media connections, photos, videos, audio recordings, media uploads, feedback, comments, product reviews, testimonials, support emails, support/service communications such as text messages and other content).
  • InferencesInferences drawn from or created based on any of the information identified above. Site & Services Technology: We use cookies and similar tracking technologies to track the activity on our Service and obtain certain personally identifiable and non-personally identifiable information.
  • Site & Services Technology: We use cookies and similar tracking technologies to track the activity on our Service and obtain certain personally identifiable and non-personally identifiable information. 

Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device.  

You can refuse all cookies or to indicate when a cookie is being sent through your browser settings. However, if you do not accept cookies, some portion of our Services or this website may not function properly.

Examples of Cookies we use: 

  • Session Cookies. We use Session Cookies to operate our Service. This allows users to be recognized within our Website as you navigate and engage with webpages. 
  • Preference Cookies. We use Preference Cookies to remember your preferences and various settings.  
  • Security Cookies. We use Security Cookies for security purposes. 
  • Social Media Cookies. Social media features can be hosted by a third party or hosted directly on our Website.  These features may collect your IP address, information on which web properties you engage with and may enable a cookie so the feature can function properly. Your interactions with social media features on this Website are governed by the privacy policy of that specific social media platform. If you choose to follow, like, friend, share, or comment on our social media websites, or otherwise share information on these social networking websites, we may receive information about you. We may use this information to communicate with you. 

Tracking technologies also used are cross-device tracking, beacons, tags, and scripts to collect and track information and to improve and analyze our Service.  We do not support “Do Not Track” signals. You can disable or enable Do Not Track from the settings page of your browser. 

  • Cross-Device Tracking. We may use your personally identifiable and non-personally identifiable information for cross-device marketing.  This allows delivery of advertisements over multiple devices specific to your product and service interests and this information is also used for reporting and marketing analytics. 
  • Web Beacons. This collects non-personal identifiable information about your visit to our Website and may track the delivery and the effectiveness of communications we send to you.  You may change use of web beacons within your browser. 
  • Google Analytics/Advertising. We use all of Google Analytics and Advertising services which includes Google Analytics AdWords and/or DoubleClick cookies to track user activity.  This information may be used to contextualize and personalize the ads of its own advertising network . Non-personally identifiable information is used to track activity, evaluate use of this site, prepare and share reports with other Google services. You can opt-out of having your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on HERE. This add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about website visit activity.  
  • Javascript. Is used to support Web Technologies as defined above and may collect personally identifiable and non-personally identifiable information.  This enhances the function of the Website and tracks, records and analyzes user engagement, login and submission of consent forms on the Website or through our Services.  

Purposes for which Personal Data is Used & Processed on Behalf of Client  

We use the data that we collect to process and provide Services on behalf of our Client for the following purposes (subject to applicable law and as outlined in our service and data processing agreement): 

Contractual Services:

  • The purposes for which the Client provided data for processing  as outlined in the Directful -Client signed service agreement; 
  • To verify Client accounts and authenticate credentials. 

 Client Services & Support: 

  • To provide our Services to Clients, including any notifications, transactional records or updates relating to the Services; 
  • To process and respond to Client inquiries and comments via email, phone or text; 
  • To improve the Directful Services or to develop new Services; 
  • To address any issues with our Services or technical problems. 

 Analytics:  

  • To evaluate and analyze aggregate or de-identify data, we share aggregated or de-identified data relating to Clients and end users of the Directful Services with any third party for any purpose; 
  • To analyze how Clients use Directful’s Services; 
  • To analyze and audit advertising via counting ad impressions, verifying ad positioning and quality and auditing compliance with legal specifications and standards; 

General Marketing/Advertising: 

  • To provide advertising or marketing services to Clients regarding Services or related Services; 
  • To allow us to personalize and enhance the Clients experience using the Services; 
  • To provide contextual advertising.  

Storage, Safety & Security: 

  • To store and/or host personal data ; 
  • To verify, maintain, and/or improve the quality and/or safety of Client’s products, services, systems or infrastructure. 

Sharing & Processing Data on Behalf of Client 

Data  will be shared with  third parties in accordance with this notice, subject to applicable law. Please note that an end user can choose not to share certain data. See Your Choices Regarding Client and End User Data. All data collected for our Services will be shared and processed for a business purpose on behalf of our Client as described below:  

  • Third Parties and Service Providers. We may share consumer data, basic identifying information, device information, unique identifiers, internet or other network activity, geolocation data,  user content and support and service communications, with third parties or service providers to perform necessary business functions in connection with our Services for example, such as our hosting service provider and service providers that assist with the transmission of data or to perform any of the actions or activities allowed under this notice. We share data about Client and end users  required to perform their functions and in accordance with our agreements with them. Data provided to third-party service providers is processed under strict contractual requirements for the sole purpose of providing our Services. We do not permit our third-party service providers to use the data we share with them for their marketing purposes. 

In order for Directful to continue to improve your experience with the platform, application, the Services and associated services, you permit Directful to collect information that includes: transaction details, account details, and other personal information from third parties, including  property management system, central reservation system, social media accounts you connect to Directful. 

  • Client Subsidiaries and Affiliates. We may share consumer data, basic identifying information, device information, unique identifiers, internet or other network activity, user content, support and service communications, inferences and site and services technology information with Client owners, subsidiaries, licensees, affiliates, successors, or other entities related to our Client for the purposes of managing the Services offered at Client sites. This is required for a business purpose in order to provide our Services. 
  • Directful Subsidiaries. We may also share your data with any subsidiaries of ours for purposes consistent with this notice. Any subsidiary of ours will be required to maintain that data in accordance with this notice. 
  • Aggregated or De-identify Data. We may share non-identifiable aggregated or de-identified data relating to Clients and end users of the Directful Services  with third parties for analytic reporting. 
  • Business Changes. If we become involved in a merger, acquisition, sale of assets, divestiture, joint venture, securities offering, financing, bankruptcy, reorganization, liquidation, dissolution, or other transaction or if the ownership of all or substantially all of our business otherwise changes, we can share or transfer all data collected including consumer data, basic identifying information, device information, unique identifiers, internet or other network activity, user content, support and service communications, inferences and site and services technology information (including, without limitation, in connection with due diligence for any such transaction) to a third party or parties in connection therewith and it can be used subsequently by such third party or parties. 
  • Investigations and Law. To the extent permitted by applicable law, we may disclose data about Client and end users to third parties to: 
  • Comply with law, in response to subpoenas, warrants, or court orders, or in connection with any legal process or cooperate with government or law enforcement agencies or officials or private parties, including laws outside of the client and end users’ country of residence; 
  • Protect our rights, reputation, safety and property or in an emergency, or that of our users or others 
  • To resolve disputes; 
  • Protect against legal liability; 
  • Establish or exercise our rights to defend against legal claims; or 
  • To investigate, prevent or take action regarding suspected illegal activities, suspected fraud, the rights, reputation, safety or property of us, client and end users or others, violation of our policies or agreements or as otherwise required by law. 
  • For any other purpose disclosed by Client or Directful to provide our Services. 

Data obtained for Services will not be sold, shared or disclosed for any other purpose other than for the specific purposes of performing Services under the Client Services agreement.  All data collected and processed is done so in order to provide Services by Directful on behalf of the Client.

Data Protection 

Directful implements responsible and sophisticated technical and physical controls that are designed to prevent unauthorized access to or disclosure of your content and data collected. 

Directful continually monitors the evolving privacy regulatory and legislative landscape to identify changes and determine what tools our customers might need to meet their compliance needs. 

Maintaining customer trust is an ongoing commitment. We strive to inform you of the privacy and data security policies, practices, and technologies we’ve put in place. These commitments include: 

  • Access: As a Client, you maintain full control of your content and responsibility for configuring access to Directful Services and resources. Directful Maintains the right to monitor and maintain content of user data to help improve the user experience. We provide resources for you to configure access control permissions for any of the Services you utilize Directful environment. We have an advanced set of access, encryption, and logging features to help you do this effectively. We may access content to provide and maintain the Service and to improve and develop the quality of Directful machine-learning/artificial-intelligence technologies. Use of your content is necessary for continuous improvement of your Directful customer experience, including the development and training of related technologies. 
  • Storage: Your content is stored and backed up securely in certified Tier 1 Cloud providers such as AWS (Amazon Web Services), Google Cloud and Microsoft Azure in US Regions in compliance with PCI, GDPR, SOC 1, 2, 3, CCPA, PIPEDA. We will not move or replicate your content outside of defined cloud providers and US Regions without your consent, except as legally required and as necessary to maintain Directful Services. 
  • Security: Directful holds the confidentiality, integrity, and availability of your content in the highest regard. We use various security measures to protect content that we collect, and we have implemented security measures as part of Directful’s program to protect content it controls. All content stored in the Directful platform is encrypted. Directful conducts background checks on employees, utilizes web application firewalls, employs secure coding practices based on industry best practices, and performs vulnerability scans and application penetration tests on its environment as part of its risk management process. Unfortunately, no security measures are perfect or impenetrable and content transmission over the Internet cannot be guaranteed to be 100% secure. We cannot and do not ensure or warrant the security of any content you transmit to Directful and you do so at your own risk 
  • Security Assurance: We have developed a security assurance program that uses best practices for privacy and data protection to help you operate securely with Directful. 

International Transfers 

We operate in and use service providers located in the United States. If you are located outside the U.S., your Personal Data may be transferred to the U.S. The U.S. does not provide the same legal protections guaranteed to Personal Data in the European Union. Accordingly, your Personal Data may be transferred to the U.S. pursuant to the Standard Contractual Clauses, or other adequacy mechanisms, or pursuant to exemptions provided under EU law. Contact us for more information regarding the mechanisms to ensure adequate protection of data subject to EU Law. 

Retention 

We will retain the personal information for as long as reasonably necessary for the purposes described in this notice, as agreed upon in our services agreements, while we have a legitimate business need to do so, or as required by law (for example, for legal, tax, accounting or other purposes), whichever is the longer. 

To determine the appropriate retention period for the personal information, we will consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of the personal data, the purposes for which we use the personal information and whether we can achieve those purposes through other means, and the applicable legal requirements. 

Changes to Our Privacy Policy 

We may change this Privacy Policy from time to time. Changes will be posted on this page with the effective date. Please visit this page regularly so that you are aware of our latest updates. Your use of the Service following notice of any changes indicates acceptance of any changes. 

Contact Information

You may contact us via email at legal@directful.com. Or, you may write to us at the address listed below.

Directful , Inc.
Attn: Privacy Officer
4101 Dublin blvd, STE F #3007
Dublin, CA 94568

Last update: May 19, 2025

Let's Chat About Your Hotel's Growth:​

See Directful in Action

Schedule a quick call to see how peers like the AD1 Global or Curator Collection are using Directful to unmask data. We’ll show you the tools, answer your questions, and you’ll leave with actionable insights for your strategy.

  • Win back past guests
  • Increase repeat bookings
  • Boost direct bookings and revenue
  • Get expert advice on your current tech stack​

"P.S. We’re happy to chat even if you’re just exploring your options. We love helping hotels!"