Siguria
Siguria e të dhënave tuaja është prioriteti ynë kryesor. Mësoni masat që marrim për mbrojtjen e informacionit tuaj.
Përditësuar së fundmi: July 16, 2026
Our Security Commitment
Security is fundamental to bsynqed. We understand that you're entrusting us with sensitive business and guest data, and we take that responsibility seriously.
We implement industry-standard security measures and continuously improve our security practices to protect your data.
Data Encryption
Encryption in Transit
All data transmitted between your device and our servers is encrypted using TLS 1.3 (Transport Layer Security). This ensures that data cannot be intercepted or read during transmission.
Encryption at Rest
All data stored in our databases is encrypted at rest using AES-256 encryption. This means your data is protected even if physical storage is compromised.
Payment Data
We never store full payment card details. Payment processing is handled securely through PCI-DSS compliant processors (Stripe, PayPal). We only store payment tokens and transaction references.
Authentication & Access Control
Strong Authentication
- Passwords are hashed using bcrypt with salt rounds
- Two-factor authentication (2FA) available for all accounts
- Session tokens expire after inactivity
- JWT tokens with short expiration times
Role-Based Access Control (RBAC)
Access to features and data is controlled by user roles:
- Property owners/managers have full access to their properties
- Staff/reception have limited access to assigned properties
- Housekeeping staff can only access relevant tasks and room information
- Guests can only access their own booking information
Account Security
- Failed login attempt monitoring and rate limiting
- Automatic account lockout after multiple failed attempts
- Password reset via secure email links
- Active session management and logout capability
Infrastructure Security
Secure Hosting
- Hosted on secure cloud infrastructure with regular security updates
- Firewalls and network security measures in place
- DDoS protection and mitigation
- Regular security patches and updates
Database Security
- Database access restricted to authorized personnel only
- Encrypted database connections
- Regular automated backups with encryption
- Backup retention and recovery procedures
API Security
- Rate limiting to prevent abuse
- Input validation and sanitization
- CSRF protection for state-changing operations
- XSS (Cross-Site Scripting) protection
- SQL injection prevention
Security Audits & Monitoring
Regular Security Audits
- Regular security assessments and vulnerability scans
- Code reviews and security testing
- Third-party security audits
- Penetration testing
Continuous Monitoring
- 24/7 system monitoring and alerting
- Intrusion detection systems
- Anomaly detection for unusual activity
- Security event logging and analysis
Incident Response
We have procedures in place to respond to security incidents quickly and effectively. In the event of a security breach, we'll notify affected users promptly and take immediate action to mitigate risks.
Compliance & Certifications
GDPR Compliance
We're fully committed to GDPR compliance. See our GDPR page for details on your rights and how we protect your data.
PCI-DSS
While we don't directly process card payments, we work with PCI-DSS compliant payment processors (Stripe, PayPal) to ensure payment data is handled securely.
Security Best Practices for Users
You play an important role in keeping your account secure:
- Use Strong Passwords: Create unique, complex passwords (at least 8 characters with mix of letters, numbers, symbols)
- Enable 2FA: Add an extra layer of security with two-factor authentication
- Don't Share Credentials: Never share your login credentials with others
- Log Out: Always log out when using shared or public computers
- Keep Software Updated: Use updated browsers and devices
- Be Wary of Phishing: We'll never ask for your password via email
- Monitor Your Account: Regularly review your account activity
Data Backups
We maintain regular automated backups of your data:
- Daily automated backups
- Backups stored in encrypted, geographically distributed locations
- Backup retention for 30 days
- Regular backup restoration testing
- You can also export your data anytime through the platform
Third-Party Services
We use trusted third-party services that meet our security standards:
- Payment Processors: Stripe and PayPal (PCI-DSS compliant)
- Email Services: SendGrid/Amazon SES (secure email delivery)
- SMS Services: Twilio (secure messaging)
- Cloud Infrastructure: AWS/MongoDB Atlas (enterprise-grade security)
All third-party services are bound by strict confidentiality and security agreements.
Reporting Security Issues
If you discover a security vulnerability or have concerns about our security practices, please report it to us immediately at [email protected].
We take security reports seriously and will investigate promptly. We appreciate responsible disclosure and will work with security researchers to address any issues.
Contact Us
Questions about security or need to report a security issue?
- Security Issues: [email protected]
- General Inquiries: [email protected]
- Address: 124 City Road, London, United Kingdom, EC1V 2NX