Applies to:          Stayntouch PMS          

Stayntouch Security Guide

At Stayntouch, security is at the core of how we handle every transaction. We are PCI DSS Level 1 certified (version 4.0.1)—the highest level of certification available in the payments industry. This means our systems, processes, and partners meet the most rigorous global standards for protecting cardholder data.

Our compliance includes a current Attestation of Compliance (AOC), confirming that all environments where payment data is transmitted, processed, or stored adhere to PCI’s strict requirements. Sensitive data is never exposed: we use end-to-end encryption and tokenization to protect card details from the moment a guest makes a payment until funds are settled securely with the hotel.

What this means for our clients

• Reduced Risk: Guests’ payment data is fully secured, minimizing the risk associated with data breaches.
• Simplified Compliance: Hotels benefit from our certification and secure integrations, reducing their own PCI scope and associated costs.
• Higher Trust & Conversion: Guests are more likely to complete payments when they recognize a secure and transparent checkout process.
• Future-Proof Standards: Continuous certification for PCI DSS adds ongoing controls and monitoring—ensuring our platform stays ahead of evolving threats.

For hoteliers, this commitment translates to peace of mind. Payments are not only fast and seamless, but also backed by the same level of security used by the world’s largest financial institutions.

How does Stayntouch ensure secure engineering practices?

We follow a secure SDLC aligned to OWASP principles (SAMM/ASVS). Designs undergo threat modeling and security design reviews focused on authentication, authorization, data protection, logging, and error handling. We enforce least-privilege access to repos and build systems, maintain secure coding standards, and require security checkpoints at backlog grooming and sprint planning to capture misuse/abuse cases early.

Our pipelines integrate static application security testing (SAST) and software composition analysis (SCA) on every commit/merge to detect code and dependency vulnerabilities before they reach production. We add secret scanning, infrastructure-as-code scanning, container/image scanning, and license checks. Builds fail on high/critical findings; merge gates require remediation or documented exceptions. We continuously monitor CVEs for transitive dependencies and any high and critical vulnerabilities are immediately resolved.

Quality controls include mandatory peer code reviews with secure-code checklists, protected branches, and signed commits. Engineers complete recurring secure coding training mapped to OWASP Top 10. We conduct regular penetration tests, track findings in a centralized vulnerability management workflow with SLAs, and verify fixes via re-scan. Releases use canary deployment with rapid rollback, comprehensive audit logging, and runtime alerting to ensure secure operation post-release.

How does Stayntouch ensure secure engineering practices?

Stayntouch ensures secure engineering practices by following a secure Software Development Life Cycle (SDLC) aligned to OWASP principles (SAMM ASVS). Designs undergo threat modeling and security design reviews focused on authentication, authorization, data protection, logging, and error handling. Least-privilege access is enforced for repositories and build systems, secure coding standards are maintained, and security checkpoints are required at backlog grooming and sprint planning to capture misuse and abuse cases early. Pipelines integrate static application security testing (SAST) and software composition analysis (SCA) on every commit and merge to detect code and dependency vulnerabilities before production. Additional measures include secret scanning, infrastructure-as-code scanning, container image scanning, and license checks, with builds failing on high or critical findings and merge gates requiring remediation or documented exceptions. Continuous monitoring of CVEs for transitive dependencies is performed, and high and critical vulnerabilities are immediately resolved. Quality controls include mandatory peer code reviews with secure-code checklists, protected branches, and signed commits. Engineers complete recurring secure coding training mapped to OWASP Top 10. Regular penetration tests are conducted, findings are tracked in a centralized vulnerability management workflow with SLAs, and fixes are verified via re scan. Releases use canary deployment with rapid rollback, comprehensive audit logging, and runtime alerting to ensure secure operation post-release.

How do you monitor and manage users in Stayntouch?

Stayntouch allows for comprehensive user monitoring and management through a fully role- and permission-based system, where access to functionality and modules is determined by assigned user roles. User roles and permissions can be administered at the individual property level or centrally through multi-property configuration, enabling consistent role management across a portfolio. Automated provisioning and de-provisioning is supported via Single Sign-On (SSO), which enables user group provisioning and centralized identity management. Multi Factor Authentication can be activated for user log in to enhance security. The system keeps an activity log that tracks all changes made within the system, including a time and date stamp, description of the change, and user ID of the user making the changes. Additionally, Stayntouch offers dashboards tailored to user types (Housekeeping, Front Desk, Management), with menu options and access determined by user roles. Management and IT personnel receive dedicated training on user setup, permissions, and administrative oversight, ensuring effective configuration and ongoing management of user access.