Security at GuestLoop

Your data security and privacy are our top priorities. We implement enterprise-grade security measures to protect your business and your guests.

Our Security Commitment

GuestLoop is built with security at its core. We follow industry best practices and comply with international security standards to ensure your data is always protected.

🎯 SOC 2 Compliance Progress: 70%

We are actively working towards SOC 2 Type II certification to provide you with the highest level of security assurance.

Security Features

Encryption Everywhere

  • In Transit: TLS 1.3 encryption for all data transmission
  • At Rest: AES-256 encryption for all database data
  • Passwords: Bcrypt hashing with salt (industry standard)

Strong Authentication

  • 2FA: TOTP multi-factor authentication available
  • Password Policy: 12-character minimum with complexity requirements
  • Brute Force Protection: Account lockout after 5 failed attempts

Session Security

  • Idle Timeout: Automatic logout after 2 hours of inactivity
  • Absolute Timeout: Maximum 12-hour session duration
  • Token Blacklisting: Revoke sessions on password change

Comprehensive Audit Logs

  • Full Audit Trail: All security events tracked (2-year retention)
  • IP Tracking: Monitor login patterns and suspicious activity
  • Admin Oversight: Security team can investigate incidents

Secure Infrastructure

  • Hosting: Vercel (SOC 2 Type II certified)
  • Database: Neon (SOC 2 Type II certified)
  • Payments: Stripe (PCI DSS Level 1 compliant)

Application Security

  • CSRF Protection: Prevent cross-site request forgery
  • Rate Limiting: Protection against brute force and DDoS
  • Input Validation: Prevent SQL injection and XSS attacks

Data Protection & Privacy

GDPR Compliant

Full compliance with European data protection regulations

CCPA Compliant

California privacy rights respected and enforced

No Data Selling

We never sell or rent your data to third parties

Data Retention

Clear retention policies with automatic cleanup after 2 years

Your Data, Your Control

Export or delete your data anytime

Certifications & Standards

🔒

SOC 2 Type II

In Progress (70% complete)

🇪🇺

GDPR

Fully Compliant

💳

PCI DSS

Level 1 (via Stripe)

🔒 Responsible Disclosure

If you discover a security vulnerability in GuestLoop, we appreciate responsible disclosure. Please report it privately to our security team, and we'll work with you to address it promptly.

Report Security Issues:

Email: security@guestloop.com

Please include: Description of the vulnerability, steps to reproduce, potential impact

Please do NOT: Publicly disclose the vulnerability before we've had a chance to fix it

What happens next:

  1. We'll acknowledge your report within 24 hours
  2. We'll investigate and confirm the vulnerability
  3. We'll develop and test a fix
  4. We'll deploy the fix to production
  5. We'll publicly credit you (if you wish)

Learn More

Privacy Policy

How we handle your data

Cookie Policy

What cookies we use

Terms of Service

Our service agreement

Acceptable Use Policy

Platform usage guidelines