Privacy policy.

NapX Inc. Privacy Policy
Effective 12 June 2025

NapX Inc. (“NapX,” “we,” “us” or “our”) develops and operates hospitality-management software, mobile applications, APIs and HoBot robotic hardware (collectively, the “Services”). This Privacy Policy describes how we collect, use, disclose and safeguard Personal Information while providing the Services, operating our websites and conducting related sales and marketing activities.

1. Scope

This Policy covers:

  • Customers – hotels, hostels, short-term-rental operators and similar businesses that license NapX.

  • Authorized Users – employees and contractors who access the administrative dashboard on a Customer’s behalf.

  • Guest Users – individuals who interact with guest-facing experiences powered by NapX.

  • Website Visitors / Prospects – anyone who browses napx.com, requests a demo or receives our marketing communications.

When we handle Guest Users’ data on a Customer’s behalf, NapX acts as a service provider under U.S. privacy laws such as the California Consumer Privacy Act (CCPA) and similar state statutes. For data relating to Website Visitors, Prospects and Authorized Users, NapX acts as a business that determines the purposes and means of processing.

2. Information We Collect

We collect Personal Information in the following broad categories:

  1. Customer & Account Data – examples include name, business e-mail address, telephone number, job title and authentication credentials.

  2. Property Configuration Data – room identifiers, rate plans, housekeeping task lists and similar operational details entered by the Customer or imported via integrations.

  3. Guest & Reservation Data – information such as name, e-mail address, phone number, mailing address, government-issued ID image, stay dates, payment tokens and special requests. These details come from online check-in, the property-management system (PMS) or the channel manager.

  4. Device & Usage Data – IP address, browser or app version, operating system, interaction logs and robot telemetry, collected automatically through cookies, SDKs and firmware.

  5. Marketing & Communications Data – newsletter opt-in status, campaign interactions and social-media handles.

We do not knowingly collect information from children under sixteen (16). If you believe such data has been collected inadvertently, please notify privacy@napx.com so we can delete it.

3. How We Use Personal Information

We use Personal Information only for legitimate business purposes, including:

  • Service delivery and maintenance – provisioning reservations, mobile keys, robot tasking and other core functionality.

  • Customer support and onboarding – training, troubleshooting and technical assistance.

  • Service improvement and analytics – analysing aggregated or de-identified data to enhance performance and develop new features.

  • Security, fraud prevention and compliance – detecting abuse, enforcing our Terms of Service and satisfying legal obligations.

  • Sales and marketing communications – sending product announcements, event invitations and other promotional content (you may opt out at any time).

  • Corporate transactions – facilitating a merger, acquisition, financing or sale of assets.

NapX does not sell Personal Information and does not share it for cross-context behavioural advertising as those terms are defined under applicable U.S. privacy laws.

4. Disclosures of Personal Information

We disclose Personal Information only as necessary:

  • Service providers – cloud-hosting platforms, payment processors, support software, identity-verification vendors, e-mail/SMS gateways and robot manufacturers.

  • Integration partners designated by the Customer – PMS providers, channel managers, payment gateways, smart-lock vendors and related hospitality technology platforms.

  • Successor entities – in connection with a merger, acquisition, reorganisation or other transfer of assets.

  • Public authorities – when required by subpoenas, court orders or other legal processes, or to protect rights, safety and property.

All third parties are bound by confidentiality obligations and, where required, service-provider agreements that restrict their use of the data.

5. Security

NapX employs administrative, technical and physical safeguards that reflect industry standards, including:

  • Encryption in transit (TLS 1.2 or higher) and at rest (AES-256).

  • Role-based access controls with mandatory multi-factor authentication for administrative accounts.

  • 24/7 infrastructure monitoring, logging and documented incident-response procedures.

  • Regular vulnerability assessments and independent penetration tests.

6. Retention

  • Guest data processed for a Customer is retained for the period specified in the Customer contract—typically 30 to 120 days after checkout—unless a longer period is required by law.

  • Account, prospect and marketing records are kept while the business relationship exists and then deleted or irreversibly de-identified within 24 months, unless further retention is legally necessary to meet record-keeping obligations or resolve disputes.

7. Your Privacy Rights

Depending on your state of residence (for example, California, Virginia, Colorado, Connecticut or Utah), you may have the right to:

  • Access the categories and specific pieces of Personal Information we hold about you.

  • Delete Personal Information, subject to legal exemptions.

  • Correct inaccurate Personal Information.

  • Receive a portable copy of Personal Information once every 12 months.

  • Opt out of the sale or sharing of Personal Information for targeted advertising (NapX does neither).

  • Limit the use of sensitive Personal Information if we were to process such data for purposes not permitted by law (currently, we do not).

To exercise these rights, e-mail privacy@napx.com or call +1 (646) 555-0123. We will verify your identity (or that of your authorised agent) and reply within the timeframe required by applicable law.

You may also opt out of NapX marketing e-mails at any time by clicking the “unsubscribe” link included in every message.

8. Cookies & Tracking Technologies

NapX uses first-party and limited third-party cookies, SDKs and similar technologies:

  • Essential cookies – manage sessions and authentication.

  • Analytics tools – collect aggregate usage statistics (for example, Google Analytics 4 with IP masking).

  • Product-experience features – enable in-app guidance or live chat.

Most browsers allow you to block or delete cookies. Certain functionality may not work properly if essential cookies are disabled.

9. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Material updates will be communicated to account administrators via e-mail or in-product notice at least 30 days before they take effect. Continued use of the Services after the effective date constitutes acceptance of the revised Policy.

10. Contact Us

NapX Inc.


158 W 23rd Street, 

Manhattan, New York City, 10012

E-mail: ops@napx.com