Privacy policy

Last Updated: 19 March, 2026

DirectBooker operates a B2B business that provides hotel content, rates, and availability data to AI platforms, a hotel supplier-focused website, and a consumer-facing blog about hotel booking. We do not offer user accounts, transactions, or booking services directly to consumers. We use cookies for analytics and advertising purposes on our website, collect business contact information from parties interested in our B2B services, and log referral click events when users click hotel links provided through our services. This privacy policy ("Privacy Policy") describes the types of personal information that DirectBooker Inc ("DirectBooker," "we," "our," and/or "us") collects, uses, and discloses from individuals ("you" or "your") who use our website (including www.directbooker.ai) or interact with our services. If you are located in the European Economic Area ("EEA") or the United Kingdom ("UK"), "personal information" means any information relating to an identified or identifiable individual. By using our Services, you agree to the collection, use, disclosure, and procedures described in this Privacy Policy. Your use of our Services is also subject to our Terms of Service.

Our Services and Data Privacy

DirectBooker provides hotel content, pricing, and availability data to third-party platforms — including AI assistants and Large Language Model (LLM) platforms — through technical integrations known as Model Context Protocol (MCP) servers.

AI Platform Queries

When a third-party AI platform queries our services on your behalf, we receive anonymized information about the search request, such as:

  • Travel destination and dates

  • Number of guests and rooms

  • Hotel preferences (e.g., "pet-friendly," "near downtown")

  • Occupancy details

We do not receive any information that identifies you as an individual from these queries, including names, email addresses, user account identifiers from the AI platform, full conversation history, payment information, or any other personally identifiable information.

We use this anonymized query data to provide relevant hotel search results to the platform, improve our search algorithms and service quality, and analyze travel trends in aggregate.

When you use DirectBooker through a third-party platform, that platform's own privacy policy governs how it collects, uses, and stores your data, including your conversation history. We encourage you to review the privacy policy of any platform through which you access DirectBooker.

Referral Click Tracking

When you click a hotel booking or website link provided by DirectBooker — whether on our website or through a third-party AI platform — that link routes through a DirectBooker redirect endpoint before forwarding you to the hotel's official website. This allows us to record that a referral click occurred. All data capture is server-side; no cookies are set on your browser and no client-side JavaScript executes during the redirect.

The destination URL you are forwarded to contains identifiers (such as UTM codes or partner-specific codes) that allow the hotel or connectivity partner to recognize that the referral originated from DirectBooker. These identifiers relate to DirectBooker as the referral source and do not contain personally identifiable information about you.

Our lawful basis for this processing is our legitimate interests under Article 6(1)(f) UK/EU GDPR. Our legitimate interest is in maintaining accurate referral records for invoicing and commission reconciliation with hotel partners, and for detecting and preventing fraudulent click activity. We have assessed that this interest is not overridden by your privacy rights, given the limited and non-identifying nature of the data retained.

We share per-partner referral click reports with hotel and connectivity partners for the purpose of reconciling commissions against their booking reports. Partners receive aggregate referral data attributed to DirectBooker; they do not receive your IP address, device information, or any other personal data from us. Any information you provide directly to the hotel after clicking through is governed by the hotel's own privacy policy.

The specific data we log per click, how we handle your IP address and User-Agent string, retention periods, and your data subject rights in relation to this processing are described in the "Link Click and Referral Information" section below.

Personal Information We Collect

We may collect a variety of personal information from or about you or your devices from various sources, as described below.

A. Personal Information You Provide to Us

B2B Contact Form. If you submit our business inquiry form, we collect your name, company name, work email address, and other business details as requested in order to respond to your inquiry about our services.

Surveys and Feedback Request Forms. If you voluntarily participate in our surveys or complete our feedback request forms, we may receive your name, email address, and your responses.

Direct Communications. If you contact us directly, we may receive additional information about you, such as your name, email address, the contents of a message or attachments that you may send to us, and other information you choose to provide.

Careers. If you wish to apply for a job with us, you may submit your contact information and resume via email. We will collect the information you choose to provide, such as your education and employment experience. You may also apply through LinkedIn, Indeed, or other third-party services, in which case we will collect the information you make available to us through those services.

B. Personal Information We Collect When You Use Our Services

When you visit our website, we automatically collect certain technical information as described below.

Location Information. When you visit our website, our analytics providers may derive your approximate geographic region (such as country or city) from your IP address. Your full IP address is not stored by us or our analytics providers — it is used only transiently for geolocation purposes. When you click a hotel link provided through our services, we similarly derive your country of origin and region from your IP address for referral tracking purposes. Your raw IP address is not written to our click tracking database, but is retained in operational server logs for up to 60 days for security monitoring, fraud detection, and debugging purposes, after which it is purged.

Device Information. We receive general information about the device and software you use to access our website, including your web browser type, operating system, and general device category (e.g., desktop, mobile, or tablet). This information is collected through our analytics providers and is used to understand how our website is accessed and to improve our services.

Usage Information. To help us understand how you use our website and to improve it, we may automatically receive information about your interactions with our Services, such as the pages or other content you view, the website you visited before coming to our Services, and the dates and times of your visits.

Link Click and Referral Information. When you click a hotel booking or website link provided through our Service — including links surfaced through third-party AI platforms — that link routes through a DirectBooker redirect endpoint before forwarding you to the hotel's official website. All data captured at this endpoint is server-side; no cookies are set on your browser and no client-side JavaScript executes during the redirect.

Per click, we log: a timestamp; the destination hotel URL; the hotel, partner, and AI platform associated with the link; booking context (such as check-in and check-out dates, occupancy, currency, and rate information); your approximate country of origin derived from your IP address; and a coarse device category derived from your User-Agent string.

Your raw IP address and full User-Agent string are not written to our click tracking database. They are, however, retained separately in operational server logs for up to 60 days for security monitoring, fraud detection, and debugging purposes, after which they are purged. Our lawful basis for this operational log retention is our legitimate interests in securing our systems and preventing fraudulent or abusive activity, which we have assessed as proportionate given the short retention period, the absence of any commercial use of this data, and the fact that it is not shared with any third party. 

The destination URL you are forwarded to contains identifiers (such as UTM codes or other partner-specific codes) that allow the hotel or connectivity partner to recognize that the referral originated from DirectBooker. These identifiers relate to DirectBooker as the referral source and do not contain personally identifiable information about you. Our lawful basis for this processing is our legitimate interests under Article 6(1)(f) UK/EU GDPR. Click event records are retained for 25 months. See "Your Rights" for information on how to submit a data subject rights request in relation to this data.

Information from Cookies and Similar Technologies. We and our third-party partners collect information about your activities on our website using cookies, pixel tags, and other tracking technologies. Our third-party partners, such as analytics and advertising partners, may also use these technologies to collect information about your online activities over time and across different services. Cookies are small text files stored on your device. We may use both session cookies, which expire when you close your browser, and persistent cookies, which remain on your device across sessions.

  • Strictly Necessary Cookies. Some cookies are strictly necessary to make our Services available to you. We cannot provide our Services without these cookies.

  • Functional Cookies. Functional cookies allow us to remember your preferences when you return to our website, such as your language or region settings.

  • Analytics Cookies. We use analytics cookies to understand how visitors use our website — for example, which pages are viewed most frequently and how users navigate the site. These cookies are set by us and by our analytics providers, including Google Analytics and Mixpanel.

  • Marketing Cookies.  Advertising and marketing cookies are used to track the performance of our advertising campaigns and to enable retargeting — showing DirectBooker ads to past visitors on third-party websites and platforms. These cookies are set by us and by our advertising partners, which may include Google Ads, LinkedIn, Meta, and similar platforms. This data may be used to build a profile of your interests and serve you relevant ads on third-party sites.

All non-essential cookies require your consent where required by applicable law. Once given, consent may be withdrawn at any time by clicking the Cookie Preferences link in our site footer. You may also adjust or delete cookies through your web browser settings — please refer to your browser's help documentation for instructions. Please note that disabling certain cookies may affect the functionality of some features of our website.

How We Use the Personal Information We Collect

We use the personal information we collect:

  • To provide, maintain, improve, and enhance our Services;

  • To log referral clicks when hotel links are clicked through our Services, reconcile referral records with booking reports provided by hotel partners, and receive commission payments from hotel partners for completed bookings;

  • To understand and analyze how you use our Services and develop new products, services, features, and functionality;

  • To communicate with you, provide you with updates and other information relating to our Services, provide information that you request, respond to comments and questions, and otherwise provide customer support;

  • To generate anonymized or aggregate data containing only de-identified, non-personal information that we may use for any lawful purposes;

  • To find and prevent fraud and abuse, and respond to trust and safety issues that may arise;

  • For compliance purposes, including enforcing our Terms of Service or other legal rights, or as may be required by applicable laws and regulations or requested by any judicial process or governmental agency; and

  • For other purposes for which we provide specific notice at the time the information is collected.

Legal Bases For Processing European Personal Information

If you are located in the EEA or the UK, we only process your personal information when we have a valid legal basis, including as set forth below.

  • Consent. You have consented to the use of your personal information. For example, we rely on consent for non-essential cookies on our website, including analytics and advertising cookies.

  • Contractual Necessity. We need your personal information to provide you with our Services. For example, we may need to process your personal information to respond to your inquiries or requests and to otherwise manage and provide our Services.

  • Compliance with a Legal Obligation. We may have a legal obligation to use your personal information. For example, we may process your personal information to comply with tax, labor, and accounting obligations.

  • Legitimate Interests. We or a third party have a legitimate interest in using your personal information. Specifically, we have a legitimate interest in: logging referral clicks when hotel links are clicked through our services, for the purpose of invoicing and commission reconciliation with hotel partners; detecting and preventing fraudulent click activity; retaining operational server logs containing IP addresses and User-Agent strings for up to 60 days for the purpose of system security, debugging, and identification of fraudulent or abusive traffic; conducting website analytics to understand and improve our services; and establishing, exercising, or defending legal claims. We only rely on legitimate interests where those interests are not overridden by your rights and interests.

How We Disclose the Personal Information We Collect

Hotel and Connectivity Partners. We share referral click data with hotel partners and connectivity providers on a per-partner basis for the purpose of commission invoicing and reconciliation against their booking reports. Partners receive referral records attributed to DirectBooker and do not receive your IP address, device information, or any other personal data from us. Hotel partners also provide us with aggregated conversion data (such as how many DirectBooker referrals resulted in completed bookings) to support our commission arrangements. Any information you provide directly to a hotel after clicking through to their website is governed by that hotel's own privacy policy. 

Vendors and Service Providers. We may disclose information to vendors and service providers retained in connection with the operation of our Services, such as cloud infrastructure providers, analytics platforms, and customer support tools.

Analytics Partners. We use analytics services including Google Analytics and Mixpanel to collect and process data about how visitors use our website. These services may collect information about your use of other websites and online resources. You can opt out of Google Analytics by visiting Google's opt-out page. You can learn more about Google's data practices at https://www.google.com/policies/privacy/partners/.

Advertising Partners. We advertise our services through third-party advertising platforms, which may include Google Ads, LinkedIn, Meta, and similar platforms. These partners may use first-party and third-party cookies and similar technologies to measure the performance of our advertising campaigns, understand user behavior, and enable retargeting of past visitors across third-party websites and platforms.

As Required By Law and Similar Disclosures. We may access, preserve, and disclose your information if we believe doing so is required or appropriate to: comply with law enforcement requests and legal process, such as a court order or subpoena; respond to your requests; or protect your, our, or others' rights, property, or safety.

Merger, Sale, or Other Asset Transfers. We may transfer your information to service providers, advisors, potential transactional partners, or other third parties in connection with the consideration, negotiation, or completion of a corporate transaction in which we are acquired by or merged with another company or we sell, liquidate, or transfer all or a portion of our assets.

Consent. We may also disclose your information with your permission.

Your Choices

Do Not Track. There is no accepted standard on how to respond to Do Not Track signals, and we do not respond to such signals. 

Your European Privacy Rights. If you are located in the EEA or the UK, you have the following rights regarding your personal information:

  • Access, correction, erasure, and portability. You may request access to the personal information we hold about you, ask us to correct inaccuracies, request deletion where we have no lawful basis for continued retention, or ask us to provide your data in a portable format for transfer to another controller.

  • Restriction. You may ask us to restrict our processing of your personal information in certain circumstances, for example while we investigate a correction request.

  • Right to object. Where we process your personal information on the basis of legitimate interests — including referral click tracking and operational log retention — you have the right to object to that processing. We will consider your objection and respond within 30 days. Please note that for referral click tracking and security log retention, we are likely to conclude that our compelling legitimate interests — including our contractual obligations to hotel partners and our obligations to maintain system security — override individual objections, given the limited and non-identifying nature of the data involved. If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.

  • Withdraw consent. Where we process your personal information based on your consent — for example, non-essential cookies — you may withdraw that consent at any time and free of charge by clicking [Cookie Preferences] in our site footer. Withdrawal of consent does not affect the lawfulness of processing that took place before withdrawal.

  • Lodge a complaint. You have the right to lodge a complaint with a data protection supervisory authority in your country of residence, place of work, or where an incident took place.

You may exercise these rights by contacting us using the contact details at the end of this Privacy Policy. Before fulfilling your request, we may ask you to provide reasonable information to verify your identity. Please note that there are exceptions and limitations to each of these rights, and we may retain certain personal information where we have a lawful basis to do so, including for fraud prevention, compliance with legal obligations, or the establishment, exercise, or defense of legal claims.

How to Block Cookies. You can withdraw consent for non-essential cookies at any time by clicking the link in our site footer. You can also block or delete cookies through your web browser settings — please refer to your browser's help documentation for instructions. Note that blocking all cookies, including essential cookies, may affect the functionality of some parts of our website.

Third Parties

Our Services contain links to hotel websites and other third-party websites, products, or services that we do not own or operate — including the hotel websites you are directed to when clicking booking links provided through our Services. We are not responsible for the privacy practices of these third parties, and this Privacy Policy does not apply to your activities on third-party websites or any information you provide to them directly. We encourage you to review the privacy policy of any third-party website before providing personal information.

Retention

We take measures to delete your personal information or keep it in a form that does not permit identifying you when it is no longer necessary for the purposes for which we collected it, unless we are required by law to retain it for a longer period.

The following specific retention periods apply to data we collect through our services:

  • Operational server logs (including IP addresses and User-Agent strings captured at our redirect endpoint): retained for up to 60 days for security monitoring, fraud detection, and debugging purposes, then purged.

  • Referral click event records (including timestamp, destination URL, hotel and partner identifiers, booking context, derived country and region, and device category): retained for 26 months to support invoicing dispute resolution and commission reconciliation with hotel partners, then deleted.

  • Aggregated invoicing summaries (non-identifiable, derived from click event records): retained for 7 years in accordance with our accounting records obligations, then deleted.

  • Website analytics data (collected via Google Analytics and Mixpanel): retained for 26 months in accordance with those platforms' standard data retention policies.

For other personal information we process — including business contact inquiries, survey responses, direct communications, and job application data — we determine the appropriate retention period taking into account the nature and length of our relationship with you, the purpose for which the data was collected, mandatory retention periods under applicable law, and relevant statutes of limitations. Specific retention schedules for these categories are maintained in our internal data retention policy.

In all cases, when personal information is no longer required we delete it or anonymize it so that it can no longer be associated with you.

Security

We make reasonable efforts to protect your information by using security measures designed to safeguard the information we maintain.  However, because no electronic transmission or storage of information can be entirely secure, we can make no guarantees as to the security or privacy of your information.

Children’s Privacy

We do not knowingly collect, maintain, or use personal information from children. For users in the United States, this means children under 13 years of age, consistent with the Children's Online Privacy Protection Act (COPPA). For users in the EEA, this means children under 16 years of age (or such lower age as permitted by applicable member state law) consistent with GDPR Article 8. No part of our Services is directed to children. If you believe that a child has provided us with personal information in violation of this Privacy Policy, please contact us at privacy@directbooker.ai and we will take steps to delete that information.

International Visitors

Our Services are hosted in the United States ("U.S."). If you choose to use our Services or visit our website from the European Economic Area, Switzerland, the United Kingdom, or other regions of the world with laws governing data collection and use that may differ from U.S. law, please note that your personal information will be transferred to and processed in the U.S. We may transfer personal information from the EEA, Switzerland, or the UK to the U.S. and other third countries in accordance with applicable data protection laws, including on the basis of Standard Contractual Clauses approved by the European Commission or the UK Secretary of State, as applicable. We may also transfer your data from the U.S. to other countries or regions in connection with storage and processing of data, fulfilling your requests, and operating our Services. For more information about the transfer mechanisms we use, or to request a copy of the relevant safeguards, please contact us as described below.

Changes to this Privacy Policy

We will post any updates to this Privacy Policy on this page, and the revised version will be effective when it is posted.  If we make a material update, we may notify you of such update through our Services, by email, or other means.

Contact Information

DirectBooker Inc is the data controller responsible for processing your personal information. If you have any questions, comments, or concerns about our processing activities, please email us at privacy@directbooker.ai or write to us at: DirectBooker Inc, 10 Court St, Suite 214, Arlington, MA 02476.

If you are based in the EEA, Switzerland, or the UK, you may alternatively contact our data protection representative, DataRep, at datarequest@datarep.com — please quote "DirectBooker Inc" in the subject line. You may also submit an inquiry via DataRep's online form at https://www.datarep.com/data-request or by mail to DataRep by following the instructions here and mailing your inquiry to the most convenient address based on your country of residence.