Security Architecture
How we protect your business data and your clients' trust with enterprise-grade infrastructure.
Identity & Authentication
We leverage Supabase Auth for secure identity management. Features include JWT tokens, secure session management, and integrated MFA options to ensure only authorized staff can access your dashboard.
Data Encryption
Every byte of data is protected. We use AES-256 encryption at rest and TLS 1.2+ for all data in transit. Your business records are stored in a multi-tenant isolated PostgreSQL environment.
Canadian Hosting
All databases are hosted in AWS Canada (Montreal). This ensures compliance with Canadian privacy regulations and provides low-latency access for your local team.
Payment Security
StayBooked is PCI-Compliant by architecture. We never store credit card numbers on our servers; all payment processing is offloaded to Stripe (PCI Level 1 Service Provider).
Security is a shared responsibility.
While we provide the secure infrastructure, we encourage all Providers to use strong passwords and enable multi-factor authentication for their staff accounts. For security disclosures or vulnerability reporting, please email support@staybooked.ca.