Privacy Policy
Last updated: 27 March 2026
AskWhisper is a brand name of Amodamo BV, Krekelstraat 95, 2660 Hoboken, Antwerp, Belgium — VAT BE0797.635.552.
This policy explains what personal data we collect, why we collect it, who we share it with, and what rights you have under the EU General Data Protection Regulation (GDPR).
1. Who We Are
AskWhisper is a brand name of Amodamo BV, a company incorporated under Belgian law (VAT BE0797.635.552), with its registered office at Krekelstraat 95, 2660 Hoboken, Antwerp, Belgium.
We operate a hospitality technology platform that enables hotels, aparthotels, B&Bs, and other accommodation providers to automate and personalise guest communications — including check-in, digital key delivery, upselling, and messaging via WhatsApp.
In GDPR terms, Amodamo BV acts as a data controller with respect to the personal data of our platform users (hotel staff and administrators), and as a data processor with respect to the personal data of end guests — which is processed on behalf of our hotel clients who are themselves data controllers for their guests.
2. Data We Collect
Platform Users (Hotel Staff and Administrators)
When you create an account or use our platform, we may collect the following categories of personal data:
- Your name and job title
- Your email address and phone number
- Your username and hashed password
- Technical usage data such as your IP address, browser type, pages visited, and session duration
- Any correspondence you send us, such as support requests
Guest Data (Processed on Behalf of Hotel Clients)
When our platform processes data on behalf of a hotel client, that hotel is the data controller for their guests' personal data. We process this data only as instructed by the hotel, under a separate Data Processing Agreement (DPA). Typical categories include:
- Guest names and contact details
- Reservation information
- WhatsApp message history between the hotel and the guest
If you are a hotel guest who has received a message through our platform, the hotel is responsible for the lawful basis of that communication. Please contact the hotel directly for questions about your booking data.
3. Legal Bases and Purposes
Under GDPR, we must have a valid legal basis for every processing activity. The following sets out our purposes and the legal basis for each.
Contract performance (Article 6(1)(b) GDPR): We process account and contact data to create and manage your account, to deliver platform features, and to send transactional communications such as confirmations and security alerts.
Legitimate interests (Article 6(1)(f) GDPR): We analyse aggregated usage data to improve and develop our platform. We also process data for fraud prevention and platform security. These interests do not override your privacy rights.
Legal obligation (Article 6(1)(c) GDPR): We retain financial and billing records to comply with Belgian accounting law.
Marketing communications: We send newsletters and marketing communications on one of two bases: either because we have a legitimate interest arising from a previous business interaction with you (every communication includes a clear and easy opt-out); or because you have given us your explicit consent, which you may withdraw at any time by clicking the unsubscribe link in any email or by contacting us at info@askwhisper.com.
4. WhatsApp and Meta Integration
A core feature of our platform is the ability to send WhatsApp messages on behalf of hotel clients, using Meta's Business Messaging API.
To enable this feature, we access:
- The WhatsApp Business Account connected by the hotel client
- The phone numbers of guests as provided by the hotel
- Message content as composed or templated by the hotel and/or our platform
We do not store your WhatsApp credentials. We do not use guest WhatsApp data for our own marketing purposes. We do not sell or rent WhatsApp message data to any third party.
We do store message logs for operational and support purposes. At present these are retained indefinitely. We are reviewing this practice and intend to introduce a defined retention limit in the near future. If you wish to request deletion of message data relating to you, please contact us at info@askwhisper.com.
Messages sent via WhatsApp are also subject to Meta's own privacy policy and terms of service. We recommend reviewing WhatsApp's Privacy Policy directly.
5. Who We Share Data With
We do not sell personal data. We share it only in the following circumstances.
Sub-processors
We use a limited number of trusted third-party service providers to operate our platform. All sub-processors are contractually bound to process data only as instructed and to maintain appropriate security standards.
| Sub-processor | Purpose | Location | Transfer Safeguards |
|---|---|---|---|
| Onfact (Infinwebs BV) | Invoicing and billing | Belgium (EEA) | N/A — within EEA |
| Hotjar (Hotjar Ltd) | Website analytics and session recording | Malta (EEA) | N/A — within EEA |
| Attio (Attio Limited) | CRM | United Kingdom | EU adequacy decision for UK |
| MongoDB Atlas (MongoDB Inc) | Primary database platform (EU region cluster) | United States | Standard Contractual Clauses (GDPR Art. 46) |
| Resend (Plus Five Five Inc) | Transactional email delivery | United States | Standard Contractual Clauses (DPA) |
| Google Analytics (Google Ireland / Google LLC) | Website analytics | United States | EU-US Data Privacy Framework + SCCs |
Meta (WhatsApp Business API)
Guest phone numbers and message content are transmitted to Meta Platforms Ireland Limited for delivery via WhatsApp. This is a necessary part of the WhatsApp integration feature.
Hotel Clients
Guest data processed through the platform is shared with the relevant hotel client as the data controller. Platform user data (hotel staff accounts) is not shared with other hotel clients.
Legal Disclosures
We may disclose personal data to competent authorities such as courts, regulators, or law enforcement when required by applicable law, a binding legal order, or to protect our legitimate legal interests.
Business Transfers
In the event of a merger, acquisition, or sale of all or part of our business, personal data may be transferred to the acquiring entity, subject to equivalent privacy protections.
6. International Transfers
Our primary database is stored on servers within a European region. However, some sub-processors are located outside the EEA. Where personal data is transferred outside the EEA, we ensure that appropriate safeguards are in place as required by GDPR Chapter V.
For transfers to the United Kingdom, we rely on the European Commission's adequacy decision.
For transfers to the United States (Resend, MongoDB Inc, Google LLC), we rely on Standard Contractual Clauses (SCCs) approved by the European Commission. Where applicable, we also rely on the EU-US Data Privacy Framework adequacy decision.
7. How Long We Keep Data
We retain personal data only for as long as necessary for the purposes described in this policy, or as required by applicable law. Financial and billing records are retained for seven years in accordance with Belgian accounting law.
You have the right to request the deletion of any personal data we hold about you at any time. Please contact us at info@askwhisper.com to make such a request. We will respond within one calendar month and will delete or anonymise your data unless we are required by law to retain it.
8. Security
We implement technical and organisational measures appropriate to the risk, including:
- Encryption of data in transit (TLS) and at rest
- Access controls and role-based permissions
- Regular security reviews
- Staff training on data protection
- Incident response procedures
In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the Belgian Data Protection Authority (GBA / APD) within 72 hours and will notify affected individuals without undue delay where required by GDPR.
Full details of our security measures are available in our Security Policy.
No method of internet transmission or electronic storage is 100% secure. We encourage users to use strong, unique passwords and to contact us immediately if they suspect any unauthorised access to their account.
9. Your Rights
Under the GDPR, you have the following rights with respect to your personal data. To exercise any of these rights, please contact us at info@askwhisper.com. We will respond within one calendar month.
- Right of access: You can request a copy of the personal data we hold about you.
- Right to rectification: You can ask us to correct inaccurate or incomplete personal data.
- Right to erasure: You can ask us to delete your personal data where there is no compelling reason for us to continue processing it.
- Right to data portability: You can request your data in a structured, machine-readable format to transfer to another service, where processing is based on consent or contract.
- Right to restriction: You can ask us to pause processing of your data in certain circumstances, for example while we verify its accuracy.
- Right to object: Where we process data on the basis of legitimate interests, you have the right to object. We will stop unless we have compelling legitimate grounds that override your interests.
- Right to withdraw consent: Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
- Right to complain: You have the right to lodge a complaint with the Belgian Data Protection Authority (GBA / APD) at dataprotectionauthority.be, by email at contact@apd-gba.be, or by post at Rue de la Presse 35, 1000 Brussels, Belgium.
We will not charge a fee for exercising your rights unless the request is manifestly unfounded or excessive.
If your request relates to data held by a hotel (for example your booking record), please contact the hotel directly, as they are the data controller for that data.
10. Cookies
Our website uses cookies and similar tracking technologies.
Strictly necessary cookies are required for the site and platform to function correctly. These cannot be disabled.
Google Analytics (Google LLC, United States) places cookies on your device to help us understand how visitors use our website, such as which pages are visited and how long sessions last. This data may be transferred to the United States. Google LLC participates in the EU-US Data Privacy Framework. These cookies are only placed with your consent.
Hotjar (Hotjar Ltd, Malta) places cookies to record anonymised session replays and gather feedback about how visitors interact with our website. These cookies are only placed with your consent.
You can manage or withdraw your consent to non-essential cookies at any time via your browser settings. Disabling certain cookies may affect the functionality of our website.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will post the updated policy on this page with a revised "Last Updated" date and notify platform users by email or in-platform notification at least 14 days before changes take effect.
Your continued use of the platform after the effective date constitutes acknowledgement of the updated policy.
12. Contact Us
If you have any questions, concerns, or requests relating to this Privacy Policy or the way we handle your personal data, please contact us:
AskWhisper / Amodamo BV
Krekelstraat 95, 2660 Hoboken, Antwerp, Belgium
VAT: BE0797.635.552
Email: info@askwhisper.com
You also have the right to contact the Belgian supervisory authority directly:
Gegevensbeschermingsautoriteit (GBA / APD)
Rue de la Presse 35, 1000 Brussels, Belgium
Website: dataprotectionauthority.be
Email: contact@apd-gba.be