← CompanySecurity & Compliance

The posture that backs the architecture.

No fictional certifications, no security theatre. A concrete read on what the platform commits to, what it does not, and how those commitments map to architecture.

Trust posture

What we commit to in public.

Jurisdiction

Escapra Oy · Espoo, Finland · EU region

Regulatory

GDPR — documented controls and data-subject processes

Data residency

EU

Encryption

TLS in transit · encrypted at rest

Audit posture

Append-only capture of governance, inventory, cancellation, and settlement decisions; queryable per booking

Access model

Tokens bound to authorization scope; cannot exceed what the hotel authorized

PMS partner names

Private until written consent — never published without authorization

Customer references

Disclosed only with written consent

Uptime target

99.9% monthly target on the customer-facing API · planned maintenance announced 48h in advance

Security principles

Six commitments that hold across every service.

Fail closed by default

When the source of truth degrades, the platform refuses to book rather than book unsafely. Silence under degradation is not a feature — it is the failure mode we exist to eliminate.

Append-only audit

Every governance, inventory, cancellation, and settlement decision is captured. History is never updated. Disputes are answered with a queryable record, not a reconstruction project.

Per-service isolation

Each service owns its own database. Cross-service relationships resolve by id, never by shared writeable surfaces. Blast radius is constrained by design.

Scoped authorization

Partner tokens cannot exceed the scope the hotel granted. The authorization is enforced before any booking decision.

Idempotent contracts

Every write accepts an Idempotency-Key. Same key + same payload → same result. Retries on transient failure are safe and audit-marked.

Sandbox first

Production activation is a joint readiness review with Escapra and an authorizing hotel. There is no public self-serve switch.

Data practices

Concrete, not aspirational.

What we collect

Operational metadata required to run the platform: hotel and partner identifiers, booking lifecycle events, audit records. We do not store guest payment-card data.

What we do not do

We do not sell, resell, or syndicate data. We do not name PMS or customer references without written consent. We do not silently re-price or re-distribute.

Sub-processors

Cloud infrastructure and operational tooling sub-processors are disclosed under DPA on request. Changes are notified to data controllers.

Data subject rights

GDPR rights (access, rectification, erasure, portability) are handled via support@escapra.com. We respond within statutory deadlines.

Questions about security or compliance?

Security and DPA questionnaires are handled via support@escapra.com. Connectivity-partner due-diligence is confidential by default.