Security & Privacy

Security and privacy,
in plain English.

What we do, what we don't do, and where the data lives. The page that should exist for every B2B SaaS, written without buzzwords.

If this page is full of words like "enterprise-grade," "military-class," or "state-of-the-art" — it's hiding what it should explain. We chose specifics instead.

The technical layer

Where your data lives,
how it's protected, what we do with it.

Hosting

Production infrastructure on European data centers.

Hosting partner disclosed under NDA on request.
Encryption in transit

All API endpoints use HTTPS / TLS 1.2+. PMS data feeds use TLS-encrypted file transfer.

WebSocket (Reverb) over WSS.
Encryption at rest

Database-level encryption on the production MariaDB instance.

Application-layer encryption on sensitive fields (PMS credentials, API tokens).
Backups

Daily automated backups with 30-day retention. Cross-region replication.

Restore process tested quarterly.
Access control

Role-based permissions. Per-property data isolation enforced at the database layer.

Every data request is tied to a single property. No data can cross between hotels without an explicit configuration error.
Monitoring

Sentry error tracking across the whole platform. Anomaly alerts to the team.

Production incident protocol documented and tested.
GDPR

The rights, the role, the document trail.

Peaqplus operates as a data processor for hotel data; the hotel is the data controller. The legal split: you decide what data goes in (your reservations, your guest information). We process it on your behalf, only for the purposes you've contracted us to.

GDPR contact
Requests (DPA, sub-processor list, data subject requests routed through us) → security@peaqplus.com
WHAT THAT MEANS IN PRACTICE
Data Processing Agreement (DPA)
Standard EU-template DPA available on request, signable as part of the contract.
Data Subject Rights
We support guest data rectification, erasure, and export requests routed through your hotel team.
Sub-processor disclosure
List of third-party sub-processors (hosting, email delivery, monitoring) available under NDA, updated quarterly; the AI provider, which receives only anonymized data, is listed separately below.
Data residency
Production data stored in European data centers; the AI provider (anonymized data only) is disclosed below.
Audit trail
Reservation-level data access is logged on the backend; reviewable on request for compliance investigations.
AI specifics

What the AI sees,
what it doesn't, where it runs.

Peaqplus currently uses Anthropic for AI features — forecast correction, Pulse Chat, AI Report Narrative, and the Daily Briefing. The provider may change over time, but only among leading LLM providers (Anthropic, OpenAI, Google, Microsoft); the current one is always disclosed below. Data sent to any provider is anonymized first, and the AI's role is bounded by the platform.

The flow · with guards explicit
01
Hotel data
PMS, snapshots
02
Anonymize
Strip identifiers
03
AI provider
Current: Anthropic
04
Validate
Structured output
05
Bounded
Within baseline
06
Production
Stored, audited
Removed before the AI sees anything
  • Hotel / property name and brand
  • Guest personal data
  • Booking identifiers
  • Staff names
  • Internal credentials, API tokens
Bounded by the platform
  • AI corrections stay within sensible bounds of the statistical baseline
  • AI usage is included in the subscription — no per-call surprise
  • Structured, validated output — no free-form actions
Stays in your hotel
  • AI memory kept separate per hotel
  • Conversation history tied to your property and user
  • Other hotels' data cannot reach yours — enforced where the data lives
What's NOT used
  • Customer data is not used to train AI models
  • The AI provider's enterprise terms include a no-training clause for our usage
Who processes your data

The list of third parties involved.

The full list is reviewed quarterly; new personal-data sub-processors are communicated via the customer success contact 30 days in advance. The AI provider, which receives only anonymized data, may change among leading LLM providers without separate notice.

Sub-processorPurposeData sharedRegion
Hosting partner
(disclosed under NDA)
Infrastructure hostingAll Peaqplus operational dataEurope
Anthropic
(current AI provider — anonymized data only, not a personal-data sub-processor; may change among leading LLM providers)
AI features — forecast, chat, narrative, briefingAnonymized business metrics (no personal data)United States
Email delivery
(disclosed on contract)
Transactional email (alerts, briefings)Email content, recipient addressEurope
Sentry
Error tracking + monitoringApplication error metadata onlyEurope
Reverb (self-hosted)
WebSocket realtime deliveryApplication broadcast eventsSame as hosting
When something goes wrong

The incident protocol, in three steps.

Customer-side responsibilities
  • Notify us before major PMS upgrades or maintenance windows
  • Maintain accurate contact info for the customer success contact
01
Detection

Sentry alerts the engineering team in real time on backend errors, performance degradation, and PMS feed failures.

Severity-tiered. Single-hotel failure wakes on-call; multi-hotel impact triggers the wider team.
02
Communication

For incidents affecting customer-visible functionality, an email update lands in the customer success contact's inbox within the first hour.

Status updates continue every 4 hours until resolution.
03
Post-incident

A written post-mortem is shared with affected customers within 5 business days of resolution.

Includes root cause, remediation, and any process changes.
Contact

Questions, audits, DPAs, security reviews.

For security or privacy matters — DPA requests, sub-processor list, security questionnaires, customer-side audits, GDPR data subject requests routed through us — contact:

security@peaqplus.com

Response within 1 business day.

For demo or general sales: book a demo →