Privacy Policy

Last updated: May 12, 2026

Overview

This Privacy Policy describes how Workcuit AI ("we", "us", "our") collects, uses, and protects information across three products:

  • The Staycuit AI website (this site) — trial / demo requests.
  • The Staycuit AI hotel-operations platform — the core software our customer properties use day to day.
  • The Staycuit PMS AutoFill Chrome browser extension — a helper installed by hotel front-desk staff to sync data between their Property Management System (PMS) and Staycuit AI. See the dedicated section below.

Information we collect

  • Contact details (name, email, phone) that you provide in our forms.
  • Property details (hotel/property name, number of rooms) that help us qualify your request.
  • Message content you provide (optional) so we can respond accurately.

How we use information

  • To respond to trial/demo requests and provide product information.
  • To improve the site and understand which features prospects care about.
  • To communicate about onboarding, scheduling, and support.

Sharing

We do not sell your personal information. We may share information with service providers who help us operate the website and respond to requests (for example, email delivery).

Security

We use reasonable administrative and technical safeguards to protect information, but no method of transmission or storage is 100% secure.

Staycuit PMS AutoFill — Browser extension

Staycuit PMS AutoFill is a Chrome extension installed by hotel front-desk staff at properties that subscribe to Staycuit AI. It bridges data between a hotel's existing PMS (currently HotelKey) and Staycuit's check-in workflow. This section describes how the extension handles data, in addition to the general policy above.

Who is this extension for?

Front-desk staff at our customer properties — not hotel guests. Guests' personal data flows through the extension because the FD staff is processing their check-in on the PMS, but guests do not interact with the extension directly.

What the extension reads

When a signed-in user is on a supported PMS page (currently *.hotelkeyapp.com), the extension reads:

  • Reservation data shown on the page: confirmation number, guest first/last name, phone, email, mailing address, ID number, arrival and departure dates, room number, room type.
  • The registration card PDF generated by the PMS, when the user clicks the "Send to Staycuit" button the extension injects on that page.

The extension does not read:

  • Pages on any domain other than the configured PMS hosts.
  • The user's browsing history, bookmarks, downloads, or other tabs.
  • Any data on the system that isn't on the active PMS page.

What the extension sends

Data is sent to the Staycuit backend (staycuit-ai-prod.onrender.com), scoped to the property the signed-in user has selected, and stored in Staycuit's Firestore database under that property's records. Specifically:

  • Reservation / guest data is attached to an existing Staycuit check-in session or used to create a new one for that property.
  • The reg-card PDF is uploaded to that session's storage so it can be signed digitally on the iPad or a workstation.
  • The extension does not send data to any third-party server, ad network, or analytics service.

Authentication

Users sign in to the extension popup with their Staycuit credentials. Authentication is handled by Google Firebase Auth. The extension stores a Firebase session token locally in the browser's extension storage so the user doesn't sign in on every page; signing out clears that token immediately.

What we do NOT do

  • We do not sell data to third parties.
  • We do not share data with advertisers or analytics platforms.
  • We do not track the user's browsing outside of supported PMS pages.
  • We do not read or modify any other websites.
  • We do not collect data when the user is signed out.

Data retention

Reservation, guest, and reg-card data sent through the extension is stored in the property's Staycuit account for as long as the property maintains its subscription, subject to the Staycuit master service agreement with the property's operator. Retention and deletion of that data is governed by the property's own agreement with Workcuit AI LLC and by applicable hospitality and legal record-keeping requirements (typically 7 years for registration documents in the US).

A user can request deletion of their own Staycuit account (the FD staff account, not the guest data) by emailing contact@workcuit.ai.

How to stop the extension from sending data

  • Sign out via the extension popup — stops all data flow immediately.
  • Uninstall the extension at chrome://extensions — removes it entirely from the browser.

After either action, the extension cannot read or send any data until the user reinstalls and signs back in.

Permissions and why we need them

  • storage — persist the Firebase session token and the selected property between popup opens.
  • offscreen — run Firebase Auth in a hidden DOM context (Manifest V3 service workers cannot run Firebase Auth directly).
  • activeTab — read the contents of the PMS page the user is currently on, only when they interact with the extension.
  • scripting — inject the autofill helper into the PMS page so it can fill the FD form.
  • Host: *.hotelkeyapp.com — the PMS we read from and inject into.
  • Host: staycuit-ai-prod.onrender.com — Staycuit's backend, where the data is sent.
  • Host: Firebase / Google APIs — authentication and Firestore reads.

Contact

Questions? Email contact@workcuit.ai.

Workcuit AI

Automating the manual workflows with AI to revolutionize business operations and enhance productivity across industries.

© 2026 Workcuit AI. All rights reserved.

SOC 2 CompliantGDPR Ready