Security & Privacy

Security and privacy,
in plain English.

What we do, what we don't do, and where the data lives. The page that should exist for every B2B SaaS, written without buzzwords.

If this page is full of words like "enterprise-grade," "military-class," or "state-of-the-art" — it's hiding what it should explain. We chose specifics instead.

The technical layer

Where your data lives,
how it's protected, what we do with it.

Hosting

Production infrastructure on European data centers.

Hosting partner disclosed under NDA on request.
Encryption in transit

All API endpoints use HTTPS / TLS 1.2+. PMS data feeds use TLS-encrypted file transfer.

WebSocket (Reverb) over WSS.
Encryption at rest

Database-level encryption on the production MariaDB instance.

Application-layer encryption on sensitive fields (PMS credentials, API tokens).
Backups

Daily automated backups with 30-day retention. Cross-region replication.

Restore process tested quarterly.
Access control

Role-based permissions. Per-property data isolation enforced at the database layer.

subhotel_id scope on every query. No cross-tenant leaks possible without explicit configuration error.
Monitoring

Sentry error tracking on backend + frontend. Anomaly alerts to the team.

Production incident protocol documented and tested.
GDPR

The rights, the role, the document trail.

Peaqplus operates as a data processor for hotel data; the hotel is the data controller. The legal split: you decide what data goes in (your reservations, your guest information). We process it on your behalf, only for the purposes you've contracted us to.

GDPR contact
Requests (DPA, sub-processor list, data subject requests routed through us) → security@peaqplus.com
WHAT THAT MEANS IN PRACTICE
Data Processing Agreement (DPA)
Standard EU-template DPA available on request, signable as part of the contract.
Data Subject Rights
We support guest data rectification, erasure, and export requests routed through your hotel team.
Sub-processor disclosure
List of third-party processors (hosting, AI providers, email delivery) available under NDA, updated quarterly.
Data residency
Production data stored in European data centers; AI provider sub-processors disclosed below.
Audit trail
Reservation-level data access is logged on the backend; reviewable on request for compliance investigations.
AI specifics

What the AI sees,
what it doesn't, where it runs.

Peaqplus uses Anthropic for every AI feature — forecast correction, Pulse Chat, AI Report Narrative, and the Daily Briefing. One disclosed sub-processor. Data sent to the provider is bounded by hard rules in code.

The flow · with guards explicit
01
Hotel data
PMS, snapshots
02
Prompt builder
Redact + cost guard
03
AI provider
Anthropic
04
Schema valid.
JSON-only output
05
Deviation clamp
±30% bound
06
Production
Stored, audited
Redacted before any prompt
  • Hotel / property names → [REDACTED]
  • Guest personal data
  • Internal credentials, API tokens
Bounded by code, not prompts
  • ±30% deviation clamps on AI forecast output
  • Cost caps: $10/day global, $0.20/hotel/day
  • Schema-forced JSON output for forecasts
Stays in your hotel
  • Pulse Chat memory stored with subhotel_id
  • Conversation history per user_id + subhotel_id
  • Other hotels' data cannot reach yours — enforced at the data layer
What's NOT used
  • Customer data is not used to train AI models
  • Anthropic's enterprise terms include a no-training clause for our usage
Who processes your data

The list of third parties involved.

The full list is reviewed quarterly; new additions communicated via the customer success contact 30 days in advance.

Sub-processorPurposeData sharedRegion
Hosting partner
(disclosed under NDA)
Infrastructure hostingAll Peaqplus operational dataEurope
Anthropic
All AI features — forecast, chat, narrative, briefingAggregated reservation metrics, redactedMulti-region (US/EU)
Email delivery
(disclosed on contract)
Transactional email (alerts, briefings)Email content, recipient addressEurope
Sentry
Error tracking + monitoringApplication error metadata onlyEurope
Reverb (self-hosted)
WebSocket realtime deliveryApplication broadcast eventsSame as hosting
When something goes wrong

The incident protocol, in three steps.

Customer-side responsibilities
  • Notify us before major PMS upgrades or maintenance windows
  • Maintain accurate contact info for the customer success contact
01
Detection

Sentry alerts the engineering team in real time on backend errors, performance degradation, and PMS feed failures.

Severity-tiered. Single-hotel failure wakes on-call; multi-hotel impact triggers the wider team.
02
Communication

For incidents affecting customer-visible functionality, an email update lands in the customer success contact's inbox within the first hour.

Status updates continue every 4 hours until resolution.
03
Post-incident

A written post-mortem is shared with affected customers within 5 business days of resolution.

Includes root cause, remediation, and any process changes.
Contact

Questions, audits, DPAs, security reviews.

For security or privacy matters — DPA requests, sub-processor list, security questionnaires, customer-side audits, GDPR data subject requests routed through us — contact:

security@peaqplus.com

Response within 1 business day.

For demo or general sales: book a demo →