Escapra

Security

Built for trust.
Engineered for safety.

Escapra handles sensitive hotel rate data and guest booking information. Here is exactly how we protect it.

Core security controls

Every layer of the Escapra platform is built with security as a first-class requirement.

lock

Encryption in Transit

All data transmitted over TLS 1.3. API endpoints enforce HTTPS. No unencrypted connections accepted.

key

OAuth 2.0 Authentication

PMS connections use industry-standard OAuth 2.0 client credentials. Tokens are short-lived (1 hour) and scoped to read-only access by default.

storage

Data at Rest

Guest and booking data encrypted at rest using AES-256. Database access restricted by role — only services that require data can read it.

verified_user

Access Controls

Principle of least privilege enforced across all services. Staff access to production systems requires MFA. No shared credentials.

What data we store

We store only what is necessary to deliver the service, with clear retention periods.

check_circle

Rate and availability data (from PMS)

Stored for active sync period only

check_circle

Booking confirmation data (guest name, email, phone)

Retained 7 years for financial records

check_circle

API access logs

Retained 90 days for security auditing

cancel

Payment card data

NOT stored — handled by Stripe

cancel

Passport / ID data

NOT stored

Infrastructure

Escapra runs on enterprise-grade cloud infrastructure in the EU.

cloud

Cloud provider

AWS — EU region (Frankfurt, Germany)

backup

Automated backups

Every 6 hours, retained 30 days

speed

Uptime SLA

99.9% monthly target

notifications_active

Incident response

Critical issues acknowledged within 1 hour

Report a vulnerability

For security questions or to report a vulnerability, please contact our security team. We take all reports seriously and aim to acknowledge within 24 hours.

mailsecurity@escapra.com
Data Processing AgreementPrivacy PolicyTerms of Service