Skip to main content
View Categories

AI Concierge: Privacy, Data, and Cost Controls

2 min read

A plain-language account of what data AI Concierge handles, where it goes, and how cost is controlled, written for operators and procurement reviewers.

How a request flows #

  1. A guest types a message into the chat drawer.
  2. Your WordPress server constructs a prompt that combines the guest’s message with your property catalog data, brand voice, knowledge base entries, photo-derived room observations, and recent conversation context.
  3. That prompt is sent to OpenRouter (openrouter.ai) over HTTPS.
  4. OpenRouter routes the request to the language model you’ve selected (default: Anthropic’s Claude Sonnet 4.5).
  5. The model’s response comes back the same path: model -> OpenRouter -> your server -> guest’s browser.

OpenRouter does not retain queries beyond the immediate request. They don’t train models on your data and don’t log query content. The underlying model providers (Anthropic, OpenAI, and others) follow their own published data policies, which OpenRouter’s terms inherit.

What guest data is sent #

Each request includes:

  • The guest’s message and recent conversation context
  • Relevant property records from your catalog (matching listings, not the whole catalog)
  • Your brand voice text
  • Knowledge base entries for properties referenced in the conversation
  • Photo-derived room observations for referenced properties, where available

What is not sent: payment details, guest account passwords, or any data unrelated to answering the question.

What is stored on your site #

AI Concierge stores the following in your own WordPress database:

  • License key and validation status
  • Brand voice text
  • Knowledge base entries (per-property)
  • Photo Analysis output
  • Chat session log
  • Search history
  • Performance metrics

Nothing is stored at HomeRunner, OpenRouter, or the model provider beyond the inflight request. If you cancel your subscription, all this data remains in your WordPress database; you can re-enable it later or export it via the standard WordPress data tools.

Cost controls #

AI Concierge is priced as a flat percentage of your HR Core fee (see Pricing & Plans). You don’t pay per query.

The cost layer that can vary is the underlying language model, and we manage that for you by default.

Default cost handling #

During your trial and on most subscription tiers, AI Concierge uses a shared OpenRouter API key that HomeRunner provides. We absorb the model API costs as part of your subscription. There’s no per-query surcharge.

This works for the vast majority of operators. We size capacity against expected fleet usage and adjust subscription tiers if model costs ever materially change.

In-product cost dashboard #

The Performance tab in the admin panel shows your cost trajectory and per-feature breakdown so you can see exactly where spend is going. See Performance.

Built-in cost-saving features #

These are on by default and shrink your per-query cost without affecting quality:

  • Prompt caching: identical queries within a short window are served from cache, not re-routed to the model
  • Token budgets per call: ceilings prevent runaway prompts from being submitted
  • Selective context inclusion: only the relevant property records are included in each prompt, not the whole catalog

Reliability and fail-safe behavior #

If the model or OpenRouter is briefly unreachable, the Concierge fails gracefully: the guest sees a courteous message rather than an error, and your booking flow and property pages are never affected. Rate limiting protects against abuse, and operator-only actions (such as triggering Photo Analysis) are restricted to authenticated admins.

Multi-site notes #

  • Each site requires its own license activation slot
  • Brand voice, knowledge base, and analytics are per-site. No cross-site data sharing by default.
  • Volume discounts available. Contact sales@homerunner.io.

Compliance summaries #

For procurement, security, or legal review:

  • GDPR: AI Concierge is GDPR-compliant when used as documented. We can provide a Data Processing Agreement (DPA) on request.
  • CCPA: same as GDPR. No guest data is sold or used beyond the immediate request.
  • PCI-DSS: AI Concierge does not handle payment data. PCI scope is unaffected.
  • SOC 2: HomeRunner can provide a SOC 2 attestation summary for active subscribers. Contact support.

Questions about data, security, or cost? #

  • General contact: support@homerunner.io
  • Procurement / legal: sales@homerunner.io
  • Security disclosure: security@homerunner.io

Last updated: 2026-05-25 · AI Concierge v1.55.0

Leave a Reply

Your email address will not be published. Required fields are marked *