Terms of Service

Arivia Technologies (“Arivia”, “we”) provides a cloud-based digital pre-check-in platform for hotels (“the Service”). The Service allows hotels to collect guest registration data electronically before arrival, reducing front-desk processing time and paper usage.

The Service is provided on a subscription basis. Free trial periods may be offered at Arivia's discretion.

• You must be a duly authorised representative of a hotel or hospitality business to create an account.
• You are responsible for maintaining the confidentiality of your login credentials and for all activity under your account.
• You must notify Arivia immediately at [email protected] if you suspect unauthorised access to your account.
• One account per hotel property. Multi-property groups may request a group account.

As a hotel operator using Arivia, you agree to:

• Provide accurate information about your property when registering.
• Ensure guests are informed of your privacy policy and that their data will be processed via Arivia (you remain the Data Controller for guest data — see Section 7).
• Use the Service only for lawful hotel registration and pre-check-in purposes.
• Not attempt to access, copy, or reverse-engineer any part of the platform.
• Promptly notify Arivia of any security incident or suspected data breach involving guest data processed through the platform.
• Keep your webhook endpoints and API integrations secure.

You must not use the Service to:

• Process data for any purpose other than hotel guest registration and stay management.
• Share guest data with third parties for marketing or commercial profiling.
• Attempt to circumvent or disable any security feature.
• Upload malicious code, viruses, or harmful content.
• Violate any applicable law or regulation, including GDPR.

Arivia reserves the right to suspend or terminate accounts that breach these restrictions.

• Arivia targets 99.9% monthly uptime for the guest check-in and staff dashboard interfaces.
• Scheduled maintenance will be communicated at least 24 hours in advance where possible.
• Arivia is not liable for downtime caused by third-party infrastructure (Supabase, Vercel, Resend) or factors beyond our reasonable control.

Subscription pricing is agreed individually with each hotel. Invoices are issued monthly or annually as agreed. Failure to pay within 30 days of invoice date may result in suspension of the Service.

All prices are exclusive of VAT. Where applicable, Bulgarian VAT (20%) or the relevant EU member state VAT will be added.

This section constitutes a Data Processing Agreement (“DPA”) between the hotel operator (“Controller”) and Arivia (“Processor”) as required by GDPR Article 28. By accepting these Terms, you enter into this DPA.

Roles

The hotel operator is the Data Controller for all guest personal data. Arivia is the Data Processor, acting only on documented instructions from the Controller.

Subject matter & nature of processing

Arivia processes guest personal data (names, identity document numbers, dates of birth, nationalities, contact details, digital signatures) for the purpose of digital hotel pre-check-in registration on behalf of the Controller.

Duration

Processing continues for the duration of the Service agreement. Upon termination, Arivia will delete or return all personal data within 30 days unless retention is required by law.

Processor obligations (Arivia)

• Process personal data only on documented instructions from the Controller.
• Ensure all personnel with access to personal data are bound by confidentiality obligations.
• Implement appropriate technical and organisational security measures per GDPR Article 32 (TLS, encryption at rest, access controls, row-level security).
• Not engage sub-processors without prior written authorisation from the Controller. The Controller authorises the sub-processors listed in the Privacy Policy (Supabase, Vercel, Resend). Arivia will notify the Controller of any intended change to sub-processors.
• Assist the Controller in responding to data subject rights requests within the timeframes required by GDPR.
• Notify the Controller of a personal data breach without undue delay and no later than 24 hours after becoming aware of it, to enable the Controller to meet its 72-hour notification obligation to supervisory authorities.
• Provide all information necessary to demonstrate compliance with GDPR Article 28 and allow for audits upon reasonable notice.
• Delete all personal data upon termination of the Service, unless applicable law requires retention.

Controller obligations (Hotel)

• Ensure a valid legal basis exists for processing guest personal data (typically GDPR Article 6(1)(b) — performance of a contract, and 6(1)(c) — legal obligation for police registration).
• Provide guests with a privacy notice informing them that their data will be processed via Arivia.
• Ensure instructions given to Arivia comply with applicable law.
• Promptly inform Arivia of any data subject requests that relate to data processed through the platform.

International transfers

Where personal data is transferred outside the EEA (e.g. via Resend for email delivery), Arivia ensures such transfers are protected by Standard Contractual Clauses (SCCs) as approved by the European Commission.

The Arivia platform, including its software, design, and documentation, is and remains the intellectual property of Arivia Technologies. You are granted a non-exclusive, non-transferable licence to use the Service for its intended purpose during the term of your subscription.

Your hotel branding (logo, colours) uploaded to the platform remains your property. You grant Arivia a limited licence to display it within the Service for the purpose of white-labelling your check-in experience.

To the maximum extent permitted by applicable law:

• Arivia's total liability for any claim arising from these Terms shall not exceed the fees paid by you in the 3 months preceding the event giving rise to the claim.
• Arivia shall not be liable for indirect, incidental, consequential, or punitive damages.
• Arivia is not liable for any failure resulting from your failure to comply with your obligations under Section 3 or Section 7.

Nothing in these Terms limits liability for fraud, gross negligence, or any liability that cannot be excluded by law.

• Either party may terminate the Service agreement with 30 days written notice.
• Arivia may terminate immediately upon material breach of these Terms, including non-payment or misuse of the Service.
• Upon termination, your access to the platform will be revoked and guest data will be deleted within 30 days (subject to legal retention requirements).
• Sections 7, 8, 9, and 11 survive termination.

These Terms are governed by the laws of the Republic of Bulgaria. Any dispute that cannot be resolved amicably shall be submitted to the competent courts of Sofia, Bulgaria.

For hotel operators based in other EU member states, mandatory consumer and data protection laws of your country of establishment also apply.

Arivia may update these Terms at any time. Material changes will be communicated by email at least 14 days before they take effect. Continued use of the Service after the effective date constitutes acceptance of the updated Terms.

For any questions about these Terms:
[email protected]
Arivia Technologies, Sofia, Bulgaria