Back to home

Security

Your guests trust you with their personal information. You trust us with your business data. Here is exactly how we protect it.

How we protect your data

Encryption everywhere

All data is encrypted in transit using TLS 1.2+. Data at rest is encrypted using AES-256. Your guests' personal information and your business data are never stored in plain text.

India-based infrastructure

Your data is stored on servers located in India, on enterprise-grade cloud infrastructure with 99.9% uptime SLA. We do not store your data in foreign jurisdictions.

Daily automated backups

Full backups are taken every 24 hours and retained for 30 days. In the event of any data issue, we can restore to any point within the last month.

Strict access controls

StayDesk staff can only access your account data when you have explicitly requested support assistance. All internal access is logged and audited.

Role-based permissions

Within your property, you control who sees what. Assign staff roles — front desk, housekeeping, manager — each with appropriate access levels. Staff cannot see billing or account settings unless you grant it.

Incident response

In the unlikely event of a security incident affecting your data, we will notify you within 72 hours by email, explain what happened, and outline steps taken to resolve it.

What you can do to stay secure

Use a strong, unique password for your StayDesk account — never reuse passwords from other services.
Do not share your login credentials with anyone outside your team. Create separate staff accounts for each team member.
Log out of StayDesk on shared or public devices after use.
Review your staff account list periodically and remove access for employees who have left.
If you suspect your account has been compromised, change your password immediately and email us.

Report a vulnerability

If you discover a security vulnerability in StayDesk, please report it to us responsibly before making it public. We take all reports seriously.

Email security@staydesk.co.in with a clear description of the issue and steps to reproduce it. We will acknowledge your report within 24 hours and keep you updated on our progress.

Our commitment

  • Acknowledge your report within 24 hours
  • Investigate and confirm the issue within 5 days
  • Keep you updated as we work on a fix
  • Not take legal action against good-faith researchers
  • Credit you in our changelog (if you wish)