A careful approach to data we're trusted with.
Guest concerns can be sensitive. MyHotelCare is designed with that in mind. Below is a plain description of how we approach security today — what's built in, and what depends on your deployment.
Role-based access
Front desk, supervisor, and manager roles each have distinct permissions. Server-side checks — not just hidden buttons — are the authority on what each role can do.
Secure login
Passwords are hashed using a modern algorithm (Argon2id where available, otherwise bcrypt). Login attempts are throttled, and sessions time out after inactivity.
Sensitive case handling
Designated concern types can be restricted so they're only visible to authorized roles, and notifications about them are written to reveal as little as possible.
Tenant separation
The platform is multi-tenant. Each hotel resolves to its own space, and data access is scoped per property to keep one hotel's information separate from another's.
Data minimization
We aim to collect and surface only what's needed. For example, alerts about restricted cases avoid including guest details.
Activity logging
Key actions on a case are recorded, giving managers an activity history of how a concern was handled over time.
Access controls
Application files and storage are kept out of the public web path, and forms are protected against cross-site request forgery.
Backups
Backups depend on your hosting and deployment. We'll discuss what's available for your environment rather than promise a one-size-fits-all guarantee.
Encrypted connections
The service is intended to be served only over encrypted (HTTPS) connections so login and case data don't travel in plain text.
How we treat guest concern records
Guest concern records — complaints, follow-up notes, compensation records, incident notes, escalation history, and case history — can include sensitive operational information. We treat them as confidential customer data, and access controls are central to how the Service is built.
- Access follows roles. Within your account, who can see what follows the roles and permissions you configure. Designated sensitive concern types can be restricted so they are visible only to authorized roles.
- Separation between customers. Each hotel operates in a separate tenant environment, and records from one customer organization are not made available to another customer organization through the Service. Within a multi-property organization, access follows the roles and property permissions that organization configures. Standard plans use logical separation in a shared, access-controlled environment.
- Limited internal access. Access by MyHotelCare personnel is limited to authorized individuals with a legitimate need to operate, secure, maintain, support, configure, troubleshoot, repair, migrate, or investigate issues affecting the Service, or to comply with legal obligations. We do not browse customer case records casually, and we do not sell customer data or use identifiable case details in marketing without written permission.
- Customer-specific terms. Where your organization requires it, confidentiality, security, retention, and data-handling commitments can be documented in a pilot agreement, order form, mutual NDA, or data processing addendum.
Security is an ongoing practice, not a one-time checkbox. No system is free from all risk, and we describe what is built in today honestly rather than overstating it. For how this connects to your data rights, see our Privacy Policy and Confidentiality & Data Handling page.