Security
Built on trust. Audited annually.
Hospitality runs on guest data. We treat it that way — with the controls, audits, and transparency hotels expect from a modern vendor.
Controls
The full stack of security controls.
TLS 1.3 in transit. AES-256 at rest. Database-level encryption with keys managed in HSM-backed KMS.
Least-privilege RBAC. SSO/SAML available. Mandatory MFA for all staff. Quarterly access reviews.
Hosted on hyperscaler cloud with multi-AZ failover. Network segmentation, WAF, DDoS protection, private networking.
Centralized SIEM, 24/7 alerting, anomaly detection, audit logging on every data access.
Documented runbooks, on-call rotation, customer notification within 72 hours of confirmed breach.
Background-checked staff, mandatory security training, signed confidentiality, scoped access.
Code review, dependency scanning, secret scanning, SAST/DAST, signed releases, immutable infrastructure.
SOC 2 Type II, ISO 27001, GDPR-ready DPA, PCI-DSS via tokenization (no card data on our servers).
Certifications
Audited by independent firms.
Need the report? Request it from our team under NDA.
Annual audit by Big Four firm. Report available under NDA.
Information Security Management System certified.
DPA, SCCs, and EU representative available.
Card data tokenized via processor. Never stored on our infrastructure.
Responsible disclosure
Found a vulnerability?
We welcome reports from security researchers. Email security@staysynq.com with reproduction steps. We acknowledge within 24 hours and aim to resolve critical issues within 7 days. We do not pursue legal action against researchers who follow our policy.