Privacy Policy
1. Introduction
Justo ("Company", "we", "us", or "our") provides an AI-powered concierge platform for hotels that automates guest communication via Instagram Direct Messages and website chat widgets. This Privacy Policy explains how we collect, use, store, share, and protect personal data when hotels and their guests use our platform at https://justo.menu and the underlying service infrastructure.
By using the Justo platform, you agree to the collection and processing of information as described in this Policy. If you do not agree, please discontinue use of the service.
This Policy applies to: (1) hotel businesses ("Clients") who connect their Instagram accounts and use the Justo admin panel, and (2) end users ("Guests") who interact with the AI agent via Instagram DM or the website chat widget.
2. Data We Collect
2.1 From Hotel Clients (business users)
- Name, email address, and contact information provided during registration
- Facebook Page ID and Instagram Business account ID used during OAuth authorization
- Meta access tokens (Page Access Token, User Access Token) required to receive and send Instagram messages; stored server-side
- Hotel knowledge base content: hotel name, address, check-in/out times, services, pricing, FAQs entered into the admin panel
- Billing information (if applicable for subscription management)
- Usage data: login activity, admin panel interactions, chat history accessed
2.2 From Guests (end users messaging the hotel)
- Instagram username and user ID (provided automatically by Meta when a message is received)
- Content of Direct Messages sent to the hotel's Instagram Business account
- Timestamp and message metadata provided by the Instagram API
- For website widget users: anonymous session ID stored in localStorage, message content, timestamp
We do not collect: real names, phone numbers, email addresses, or any financial information from guests unless the guest voluntarily provides this in their message.
2.3 Automatically collected technical data
- IP address, browser type, device type, access timestamps (for admin panel users)
- Server logs and error logs for security monitoring and debugging
- Cookies used for session management in the admin panel and basic analytics on the marketing site (Google Analytics)
3. How We Use the Data
3.1 To provide the service
- Receive Instagram DMs and route them to the correct hotel account via webhook
- Process guest messages using AI (LLM API) to generate responses
- Send AI-generated or manager replies back to guests via the Meta Messaging API
- Display conversation history in the hotel manager's admin panel
- Enable hotel managers to take over conversations and hand back to the AI agent
3.2 To maintain and improve the service
- Monitor system performance, detect errors, and resolve technical issues
- Analyze aggregated, anonymized usage patterns to improve the platform
- Develop new features based on client feedback
3.3 To ensure security and prevent fraud
- Detect and prevent unauthorized access to hotel accounts
- Monitor for abuse of the AI agent (spam, harmful content)
- Verify identity of users accessing the admin panel
3.4 To comply with legal obligations
- Respond to lawful requests from government or regulatory authorities
- Maintain records as required by applicable law
4. Data Sharing and Third Parties
We do not sell your personal data. We do not share data with third parties for advertising purposes. Data is shared only as necessary to operate the service:
| Third Party | Purpose and Data Shared |
|---|---|
| Meta Platforms (Facebook/Instagram) | We receive and send messages via the Instagram Messaging API. Guest message content and hotel Page tokens are transmitted over encrypted connections. Meta processes this data under their own Privacy Policy. |
| LLM API Provider | Guest message text is sent to the configured AI provider API to generate a response. Justo minimizes identifiers in prompts; if a guest includes personal data in a message, that text may be processed as part of the conversation. Provider processing is governed by the provider API data policy. |
| Cloud Infrastructure Provider | Our servers and database are hosted on cloud infrastructure. Provider access is limited to infrastructure operations and governed by hosting security controls. |
| Telegram (optional) | If the hotel enables Telegram notifications, manager alert messages are sent via Telegram Bot API. Only a notification text is transmitted — no guest message content. |
| Law enforcement / Government | We will disclose data only when required by law, court order, or lawful government request, and only to the extent required. |
5. Meta Platform Data — Specific Disclosure
Justo integrates with the Instagram Messaging API via a registered Meta application. The following applies specifically to data received through Meta:
- We receive Instagram DM data via webhook notifications from Meta after the hotel client authorizes our app via OAuth.
- We store Page Access Tokens server-side with restricted access. These tokens are used solely to send responses on behalf of the hotel's connected Instagram account.
- We do not access any data beyond what is required by the permissions granted:
instagram_manage_messages,instagram_basic,pages_show_list,pages_manage_metadata. - We do not access Instagram content, media, followers, or any data beyond direct messages to/from the hotel's inbox.
- When a hotel client disconnects their Instagram account from Justo, we delete their Page Access Token and unsubscribe from webhook notifications within 24 hours.
- Guest Instagram usernames and message content are stored for the duration of the hotel's active subscription and deleted upon account termination.
Data Deletion: Hotel clients may request deletion of all data associated with their account by contacting masha.shapiro@justo.menu.
6. Data Retention
| Data Type | Retention Period |
|---|---|
| Hotel account data (name, email, settings) | Duration of active subscription + 30 days after termination |
| Meta access tokens | Duration of active Instagram connection; deleted immediately upon disconnection |
| Guest message history (Instagram DMs) | Duration of active hotel subscription; deleted upon account termination |
| Website widget chat sessions | 90 days from last interaction, then anonymized |
| Server logs and technical data | 90 days for operational logs; security incident logs up to 1 year |
| Backup data | Maximum 30 days in encrypted backups after deletion from primary database |
7. Data Security
- All data is transmitted over encrypted HTTPS/TLS connections.
- Meta access tokens are stored server-side with restricted access and are not exposed to public pages, frontend code, logs, or API responses.
- Admin panel access is protected by authentication and session management.
- Database access is restricted to authorized personnel only.
- We conduct regular security reviews and vulnerability assessments.
- In the event of a data breach affecting personal data, we will notify affected clients within 72 hours as required by applicable law.
8. Your Rights
As a user of the Justo platform — whether a hotel client or an end guest — you have the following rights regarding your personal data:
- Right of access: request a copy of personal data we hold about you
- Right to rectification: request correction of inaccurate data
- Right to erasure: request deletion of your personal data ("right to be forgotten")
- Right to restriction: request that we limit processing of your data
- Right to object: object to processing based on legitimate interest
- Right to withdraw consent: withdraw consent at any time (does not affect lawfulness of prior processing)
- Right to data portability: receive your data in a structured, machine-readable format
To exercise any of these rights, contact us at masha.shapiro@justo.menu. We will respond within 30 days. We may ask you to verify your identity before processing the request.
Hotel guests who wish to request deletion of their Instagram message data should contact the hotel directly, or contact us at masha.shapiro@justo.menu with the hotel name and their Instagram username.
9. Cookies
The Justo marketing site (justo.menu) uses cookies for the following purposes:
- Functional cookies — for basic site operation (e.g. cookie consent state, UTM tracking).
- Analytics cookies — Google Analytics (gtag) to measure aggregated, anonymized site traffic.
You can decline non-essential cookies via the consent banner shown on first visit. The Justo admin panel uses functional cookies only for session management.
The website chat widget uses localStorage (not cookies) to maintain an anonymous session ID for the duration of the chat. No personally identifiable information is stored in localStorage.
10. Children's Privacy
The Justo platform is a business-to-business service intended for hotel operators and their adult guests. We do not knowingly collect personal data from children under 13. If we become aware that a child under 13 has provided personal data, we will delete it promptly. Please contact masha.shapiro@justo.menu if you have concerns.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this document. For material changes, we will notify hotel clients via email to the address registered in their account. Continued use of the platform after changes take effect constitutes acceptance of the updated Policy.
12. Contact
For any questions about this Privacy Policy, data requests, or concerns about how we handle your data:
Justo — Privacy Contact
Email: masha.shapiro@justo.menu
Web: https://justo.menu