HOTEL EFFECTIVENESS SECURITY AND COMPLIANCE

PCI Compliance, SOC 1 Type II

Our production environments are separate from our development and our quality assurance testing environments. We employ automated quality assurance testing before any code is placed into production.

Hotel Effectiveness expands upon Amazon Web Services (AWS) as its cloud-hosting provider. Beyond using their default security provisions, Hotel Effectiveness uses Virtual Private Clouds (VPCs), which provide an isolated cloud environment within the AWS infrastructure. External network traffic to a VPC is managed via gateway, firewall, and intrusion detection rules, which are maintained in source code control to ensure that the configuration remains in compliance with Hotel Effectiveness security policies.

Hotel Effectiveness periodically engages a security consulting firm to conduct risk assessments, aimed at identifying and prioritizing security vulnerabilities. The Information Security Committee coordinates remediation of the vulnerabilities. The security consulting firm also provides ongoing advice on current risks and on remediation of vulnerabilities and incident response.

We built Hotel Effectiveness with disaster recovery in mind. Our applications and our data are spread across multiple AWS Availability Zones (data centers) and Regions to ensure our product will continue to work even if our main data center has an outage.

Hotel Effectiveness uses 3rd-party intrusion detection systems in combination with multiple firewalls and application setting rules to ensure the utmost security around our system and your data. Our internal team is available 24/7 to monitor and react to any attempted intrusion.

Hotel Effectiveness regularly engages security experts to perform detailed vulnerability testing on our applications and our infrastructure.

Every year, we have an independent auditing firm perform a SOC 1 Type II audit on our internal controls and procedures. This report is available to customers upon request.

In Transit: Hotel Effectiveness encrypts all personal information in transit over public connections, using Transport Layer Security (TLS), commonly known as SSL, using industry-standard ciphers, algorithms, and key sizes.

At Rest: Hotel Effectiveness encrypts all data and information using industry-standard AES-256 encryption algorithm.

We perform background checks on all new employees. All employees are required to sign a confidentiality agreement. In addition, all employees undergo Information Security Training.