Sign In Schedule Demo

🔒 Security & Compliance

Enterprise-grade security protecting your workforce data. Built for institutional clients who demand the highest standards of data protection.

How We Protect Your Data

HotelTools.AI employs multiple layers of security to ensure your employee information, schedules, and operational data remain protected.

🔐

Encryption in Transit & at Rest

All data is encrypted using TLS 1.3 during transmission and AES-256 encryption at rest. Your sensitive information is never exposed.

🛡️

Web Application Firewall

ModSecurity WAF with enterprise rule sets blocks malicious requests, SQL injection attempts, and brute force attacks in real-time.

👥

Role-Based Access Control

Granular permissions ensure users only see data relevant to their role. Property-level isolation keeps multi-tenant data separate.

📋

Comprehensive Audit Logging

Every login, data change, and export is logged with user, timestamp, and IP address. Full audit trail for compliance requirements.

Session Security

Configurable session timeouts automatically log out inactive users. Administrators can view and terminate active sessions.

🔍

Input Validation

All user inputs are validated and sanitized. Parameterized queries prevent SQL injection. Output escaping prevents XSS attacks.

Data We Store (and Don't Store)

Transparency about what information we collect and maintain in our systems.

Data Type Stored? Purpose
Employee Names & Contact Info Yes Scheduling, communication, roster management
Pay Rates (Hourly/Salary) Yes Labor cost calculations, budget forecasting
Hire Dates & Seniority Yes CBA compliance, seniority-based scheduling
Work Schedules & Timecards Yes Core scheduling functionality, labor analytics
Hotel Revenue & Occupancy Yes Staffing optimization, forecasting
Social Security Numbers No Not required for scheduling operations
Bank Account / Routing Numbers No Not required - payroll handled by separate systems
Tax Information (W-2, I-9) No Not required for scheduling operations
Medical / HIPAA Information No Not collected
Credit Card Numbers No Billing handled by Stripe (PCI-DSS compliant)

Infrastructure Security

Our hosting infrastructure is designed for reliability, performance, and security.

☁️

Cloud Hosting

Hosted on enterprise-grade infrastructure with redundant systems, automated backups, and 99.9% uptime SLA.

🌐

DDoS Protection

Cloudflare integration provides DDoS mitigation, CDN acceleration, and additional WAF protection at the network edge.

💾

Daily Backups

Automated daily backups with point-in-time recovery. Backups stored in geographically separate locations.

🔄

Regular Updates

Security patches applied promptly. Regular vulnerability assessments and dependency updates.

Access Control & Authentication

Multi-layered access controls ensure the right people have the right access.

🔑 Role-Based Permissions

10+ configurable roles from Portfolio Admin down to Department Viewer. Each role has specific permissions that can be customized per property.

  • Portfolio Administrator
  • Regional Administrator
  • Property Administrator
  • Property Manager
  • Department Manager
  • Supervisor
  • User / Viewer

🏨 Multi-Tenant Isolation

Complete data isolation between properties and organizations. Users can only access properties they're explicitly granted permission to.

  • Property-level data isolation
  • Organization boundaries enforced
  • Cross-property access requires explicit grant
  • Audit trail of access grants/revocations

📝 Audit Capabilities

Complete audit trail for compliance and security investigations.

  • Login/logout tracking
  • Failed login attempt logging
  • Data modification history
  • Export activity tracking
  • CSV export for compliance
  • Configurable retention periods

⚙️ Session Management

Administrators have full control over user sessions.

  • Configurable session timeout (15 min - 8 hours)
  • View all active sessions
  • Force logout any user
  • Automatic cleanup of stale sessions

AI & Third-Party Data Processing

Transparency about how we use artificial intelligence to enhance your experience.

🤖

AI-Powered Features

HotelTools.AI uses Anthropic's API for intelligent document parsing and analytics assistance. These optional features help streamline data entry and provide insights.

  • Intelligent document parsing (PDF reports)
  • AI-assisted analytics and insights
  • Natural language help assistant
🔐

Data Anonymization

Before any data is sent to Anthropic for processing, we automatically anonymize identifying information to protect your privacy.

  • Employee names replaced with anonymous tokens
  • Property and company names masked
  • Only operational metrics transmitted
  • Original values restored for display
🛡️

Anthropic's Privacy Commitments

Anthropic, our AI provider, maintains strict data protection standards under their API terms of service.

  • API data is NOT used to train AI models
  • 30-day retention for safety monitoring only
  • SOC 2 Type II certified
  • Data encrypted in transit (TLS)
📊

AI-Free Workflow Available

All core functionality works without AI assistance. For organizations with strict data policies, we offer complete alternatives.

  • Excel/CSV import with column mapping
  • Custom import templates configured by support
  • AI Chat and AI Insights are optional
  • Full functionality without AI features

📋 For Security Questionnaires

We're happy to provide detailed information about our AI data processing practices, including Anthropic's SOC 2 report and Data Processing Agreement, for your security review. Contact us at security@hoteltools.ai.

Compliance & Best Practices

We follow industry-standard security practices and can support your compliance requirements.

🔒 TLS 1.3 Encryption
🛡️ WAF Protected
📋 Full Audit Trail
👥 RBAC Security
💳 PCI-DSS (via Stripe)

Have Security Questions?

Our team is happy to discuss our security practices, complete security questionnaires, or schedule a call with your IT team.

Contact Our Team