Безбедност

Безбедност ваших података нам је приоритет. Сазнајте које мере предузимамо да заштитимо ваше информације.

Последње ажурирање: July 16, 2026

Our Security Commitment

Security is fundamental to bsynqed. We understand that you're entrusting us with sensitive business and guest data, and we take that responsibility seriously.

We implement industry-standard security measures and continuously improve our security practices to protect your data.

Data Encryption

Encryption in Transit

All data transmitted between your device and our servers is encrypted using TLS 1.3 (Transport Layer Security). This ensures that data cannot be intercepted or read during transmission.

Encryption at Rest

All data stored in our databases is encrypted at rest using AES-256 encryption. This means your data is protected even if physical storage is compromised.

Payment Data

We never store full payment card details. Payment processing is handled securely through PCI-DSS compliant processors (Stripe, PayPal). We only store payment tokens and transaction references.

Authentication & Access Control

Strong Authentication

  • Passwords are hashed using bcrypt with salt rounds
  • Two-factor authentication (2FA) available for all accounts
  • Session tokens expire after inactivity
  • JWT tokens with short expiration times

Role-Based Access Control (RBAC)

Access to features and data is controlled by user roles:

  • Property owners/managers have full access to their properties
  • Staff/reception have limited access to assigned properties
  • Housekeeping staff can only access relevant tasks and room information
  • Guests can only access their own booking information

Account Security

  • Failed login attempt monitoring and rate limiting
  • Automatic account lockout after multiple failed attempts
  • Password reset via secure email links
  • Active session management and logout capability

Infrastructure Security

Secure Hosting

  • Hosted on secure cloud infrastructure with regular security updates
  • Firewalls and network security measures in place
  • DDoS protection and mitigation
  • Regular security patches and updates

Database Security

  • Database access restricted to authorized personnel only
  • Encrypted database connections
  • Regular automated backups with encryption
  • Backup retention and recovery procedures

API Security

  • Rate limiting to prevent abuse
  • Input validation and sanitization
  • CSRF protection for state-changing operations
  • XSS (Cross-Site Scripting) protection
  • SQL injection prevention

Security Audits & Monitoring

Regular Security Audits

  • Regular security assessments and vulnerability scans
  • Code reviews and security testing
  • Third-party security audits
  • Penetration testing

Continuous Monitoring

  • 24/7 system monitoring and alerting
  • Intrusion detection systems
  • Anomaly detection for unusual activity
  • Security event logging and analysis

Incident Response

We have procedures in place to respond to security incidents quickly and effectively. In the event of a security breach, we'll notify affected users promptly and take immediate action to mitigate risks.

Compliance & Certifications

GDPR Compliance

We're fully committed to GDPR compliance. See our GDPR page for details on your rights and how we protect your data.

PCI-DSS

While we don't directly process card payments, we work with PCI-DSS compliant payment processors (Stripe, PayPal) to ensure payment data is handled securely.

Security Best Practices for Users

You play an important role in keeping your account secure:

  • Use Strong Passwords: Create unique, complex passwords (at least 8 characters with mix of letters, numbers, symbols)
  • Enable 2FA: Add an extra layer of security with two-factor authentication
  • Don't Share Credentials: Never share your login credentials with others
  • Log Out: Always log out when using shared or public computers
  • Keep Software Updated: Use updated browsers and devices
  • Be Wary of Phishing: We'll never ask for your password via email
  • Monitor Your Account: Regularly review your account activity

Data Backups

We maintain regular automated backups of your data:

  • Daily automated backups
  • Backups stored in encrypted, geographically distributed locations
  • Backup retention for 30 days
  • Regular backup restoration testing
  • You can also export your data anytime through the platform

Third-Party Services

We use trusted third-party services that meet our security standards:

  • Payment Processors: Stripe and PayPal (PCI-DSS compliant)
  • Email Services: SendGrid/Amazon SES (secure email delivery)
  • SMS Services: Twilio (secure messaging)
  • Cloud Infrastructure: AWS/MongoDB Atlas (enterprise-grade security)

All third-party services are bound by strict confidentiality and security agreements.

Reporting Security Issues

If you discover a security vulnerability or have concerns about our security practices, please report it to us immediately at [email protected].

We take security reports seriously and will investigate promptly. We appreciate responsible disclosure and will work with security researchers to address any issues.

Contact Us

Questions about security or need to report a security issue?