Trust Centre

Enterprise Security

Your data is our most critical responsibility. Inntally is built from the ground up with defence-in-depth security — encryption, isolation, monitoring, and compliance at every layer.

Request Security Whitepaper Privacy Policy
AES-256
Encryption at Rest
TLS 1.3
Encryption in Transit
99.99%
Platform Uptime
24/7
Threat Monitoring
Compliance

Certifications & Frameworks

Inntally adheres to the highest industry standards for security, privacy, and data protection.

SOC 2 Type II
Annual audit covering security, availability, processing integrity, confidentiality, and privacy trust service criteria.
Active
ISO 27001
Information security management system certification demonstrating systematic protection of sensitive data.
Active
GDPR
Full compliance with EU General Data Protection Regulation including data subject rights, DPIAs, and cross-border transfers.
Compliant
PCI DSS
Payment card data handled exclusively by our PCI-DSS Level 1 certified processor (Stripe). No card data touches our servers.
Active
HACCP Digital
Platform features designed to support HACCP food safety management systems with digital record-keeping and audit trails.
Supported
ISO 22000
Food safety management system support built into compliance and inventory modules for hospitality-specific requirements.
In Progress
Defence in Depth

Security Controls

Multiple layers of protection ensure your data remains secure, private, and available.

Encryption Everywhere
AES-256 encryption at rest for all data. TLS 1.3 for data in transit. Customer-managed encryption keys available for Enterprise plans.
Multi-Tenant Isolation
Strict row-level tenant isolation ensures no customer can ever access another's data. Automatic scoping enforced at the database layer.
Identity & Access
JWT with key rotation, role-based access control (RBAC), multi-factor authentication, and session management with automatic expiry.
Anomaly Detection
Real-time monitoring detects unusual access patterns, brute-force attempts, and suspicious data exports. Automatic blocking and alerts.
Rate Limiting
Multi-bucket rate limiting protects against DDoS and abuse. Separate limits for authentication, API, and write operations.
Audit Logging
Comprehensive, immutable audit logs for every data access, modification, and system event. Exportable for regulatory review.
Infrastructure

Built on Trusted Foundations

Infrastructure Security
  • AWS hosting with multi-AZ redundancy
  • Automated daily backups with 30-day retention
  • WAF and DDoS protection via AWS Shield
  • Network segmentation and VPC isolation
  • Container security scanning in CI/CD pipeline
  • Infrastructure-as-code with version-controlled configs
Application Security
  • OWASP Top 10 mitigation built into middleware
  • Input validation and parameterised queries
  • Content Security Policy, HSTS, and security headers
  • Dependency vulnerability scanning (Snyk/npm audit)
  • Secrets management — no credentials in source code
  • Graceful shutdown with connection draining
Responsible Disclosure

Report a Vulnerability

We take security seriously and welcome reports from the community. If you discover a potential vulnerability, please contact us responsibly.

To report a security issue:

  • Email security@inntally.com
  • Include a detailed description and steps to reproduce
  • Allow us reasonable time to investigate before public disclosure

We commit to acknowledging reports within 24 hours and providing a resolution timeline within 72 hours. We will not take legal action against researchers acting in good faith.

Security at Every Layer

SOC 2 Type II
AES-256
GDPR
ISO 27001
PCI DSS
HACCP

Security Without Compromise

Join hundreds of hospitality businesses who trust Inntally to protect their most sensitive data.

Get Started Free Talk to Sales