Information Security Program

At GuestTouch, we take security seriously. We map our security program to industry standards such as ISO 2700 and the CIS Critical Security Controls. Not only are we looking for ways to improve the security of our product, but also with how we conduct our daily business.
Using tools and regular testing procedures, we ensure that every employee is compliant with our security policies and that they understand the role they play in securing GuestTouch.
GuestTouch is hosted in Amazon Web Services. These Tier 1 Distributed data centers are ISO27001, ISO27017, ISO27018, SOC1/2/3, PCI DSS, and CSA STAR, GDPR compliant.
While we believe that security is everyone’s responsibility, our program is led by our Chief Technology Officer.

Compliance
Our payment processor, Braintree is a certified Level 1 Service Provider. GuestTouch never has access to raw payment details.

Legal
Terms of Service
Privacy Policy

Internal Security MeasuresIdentity and Access Management
Employees have unique logins for all business critical systems and two-factor authentication is enforced wherever possible.

Hardware Security
All employee laptops are managed, have encrypted hard drives and are monitored with antivirus software. Lost or stolen equipment are immediately locked and remotely wiped.

Network Security
The internal network is restricted, segmented and password protected.

Security Education
As part of our commitment to ensure that every member of our team understands the role they play when it comes to security, we provide ongoing security training throughout the year.

GuestTouch’s Application Security
At GuestTouch, we take security seriously. We map our security program to industry standards such as ISO 27001 and the CIS Critical Security Controls. Not only are we looking for ways to improve the security of our product, but also with how we conduct our daily business.
Using tools and regular testing procedures, we ensure that every employee is compliant with our security policies and that they understand the role they play in securing GuestTouch.
While we believe that security is everyone’s responsibility, our program is led by our Chief Technology Officer.

Customer Data and Privacy
GuestTouch stores the following customer data in its cloud:

  • Names
  • Email addresses
  • Payment history and invoices (credit card data is stored and processed by Braintree)
  • Phone Number
  • Company
  • Location
  • Job Title
  • Customer Names
  • Customer Emails
  • Customer Phone Numbers
  • Customer Appointment Dates
  • Customer Communication

Guest Information:

  • Name
  • Reservation data
  • Contact details to carry out communications via email and messaging services
  • Booking source
  • Communications
  • Notes 

Encryption
SSL Encryption is used throughout GuestTouch to protect PII and non-public data from unauthorized access.
All communication between GuestTouch users and the GuestTouch–provided applications are encrypted-in-transit while using the application.
All databases and database backups are encrypted at rest.

Data Retention
Customers can request all of their data, or have it deleted by sending an email to compliance@guesttouch.com as long as it is not subject to a legal hold or investigation.
Once an account is deleted, all associated data, conversations are removed from the system. This action is irreversible.

Access to Data
Customer data is limited to only those with roles that require access to perform their job duties. An example of this is our Support team.

3rd Party Sub-processors
At GuestTouch, we use 3rd party services to help with analytics, payments, sending transactional emails and other forms of communications. All 3rd party services undergo a due diligence check to ensure your data stays secure. The data provided to these services is limited to the minimum required to perform their processing duties.

Infrastructure Availability
Our backend infrastructure is hosted in Amazon Web Services and is fully monitored to detect any downtime.

Pentesting and Security Scans
GuestTouch conducts 3rd party pentests at least quarterly. In addition to regular pentesting, we also use scanning tools to monitor and detect vulnerabilities.

Responsible Disclosure
If you believe you have discovered a vulnerability within GuestTouch’s application, please submit a report to us by emailing security@guesttouch.com
If you believe your account has been compromised or you are seeing suspicious activity on your account please report it to security@guesttouch.com

If you believe your account has been compromised or you are seeing suspicious activity on your account please report it to security@guesttouch.com

Contact
​​If you have any additional questions regarding security at GuestTouch, please contact us at security@guesttouch.com