Security & trust
How we protect hotel and guest data — accurate to what is deployed today.
Role-based access control
Permissions by role and property scope — OWNER, MANAGER, STAFF, and system roles.
Audit logging
Critical actions recorded for compliance review and incident investigation.
Encrypted backups
Database backups with a documented restore process for production deployments.
Multi-tenant isolation
Account and property scoping so teams only access their own data.
Protected guest documents
Guest ID images and documents are served through authenticated API access, not public URLs.
Security practices in detail
Expand each topic for how StayLedger handles access, logs, backups, and guest documents today.
Access control
Role-based permissions scope users to properties and functions they need. OWNER, MANAGER, and STAFF roles are enforced in the PMS API — not just the UI.
Audit logs
Important operational actions are recorded with actor, timestamp, and context to support incident review and accountability.
Backup and restore
Production databases are backed up on a scheduled basis with encrypted storage. Restore steps are documented for operations.
Guest document protection
Guest ID images and documents are served through authenticated API access, not public URLs. Staff must be signed in with appropriate permissions.
Data location and hosting posture
StayLedger runs on secured cloud infrastructure with health checks, rolling deployments, and monitoring. We do not claim third-party certifications unless explicitly published.
Security contact
Report a security concern to [email protected]. We review reports and respond according to our operations process.
Security designed for daily hotel operations
See how StayLedger protects guest data, staff access, and operational records.