TripDesk365 is built to host sensitive travel data — passenger names, passport details, frequent-flyer numbers, agency client relationships. This page summarizes how we protect that data. For our full Privacy Policy see /privacy.
Infrastructure
- Hosting: deployed on Vercel (SOC 2 Type 2). All traffic terminates at Vercel's edge with automatic TLS.
- Database: Neon (managed Postgres) with encryption at rest, automated backups, and point-in-time recovery.
- Cache & rate limiting: Upstash Redis with TLS-encrypted connections.
Encryption
- In transit: TLS 1.2+ for every external HTTP request and database connection. HSTS enforced on the public site.
- At rest: data is encrypted at rest by Neon and Vercel using AES-256.
- OAuth tokens: agency Gmail OAuth refresh tokens are stored encrypted in our database under a separate envelope key.
Authentication & access controls
- Sign-in: handled by Clerk. Supports email + password, SSO (Google), and SAML/OIDC on Enterprise. Multi-factor authentication is available to every account.
- Tenant isolation: every query is scoped by agency and client identifiers; users only see data within their authorized scope.
- Role-based access: Platform admin, Agency admin, Agency staff, Client admin, Client viewer roles with distinct privileges.
- API keys: per-agency, scoped, revocable from the admin panel.
Audit & observability
- Audit log: sensitive actions (booking creates, policy changes, role grants, exports) are recorded with actor, action, before/after state, and timestamp.
- Error tracking: Sentry with PII scrubbing on request payloads and headers.
- Webhook delivery log: outbound webhook attempts, signatures, response codes, and bodies are stored for replay and audit.
Sub-processors
See the sub-processor list in our Privacy Policy. Each provider is contractually bound to confidentiality and security obligations and is selected for SOC 2 or equivalent compliance posture where applicable.
Backups & business continuity
- Postgres point-in-time recovery for at least 7 days; daily snapshots retained 30 days.
- Application code, deployment artifacts, and configuration are version-controlled and reproducible.
- Recovery point objective (RPO): 1 hour. Recovery time objective (RTO): 4 hours. Best-effort, not contractual on Free or Personal plans.
Vulnerability disclosure
If you've discovered a vulnerability in TripDesk365, please disclose it responsibly. Email support@tripdesk365.com with subject "Security vulnerability report". Include:
- A description of the vulnerability and affected URL(s).
- Steps to reproduce.
- Your contact information for follow-up.
We commit to acknowledge your report within 3 business days and to coordinate disclosure once a fix is available. Please do not test against other tenants' data, attempt denial of service, or extract data beyond what is necessary to demonstrate the issue.
Compliance posture
TripDesk365 is currently focused on infrastructure-grade security via our SOC 2 Type 2 sub-processors. Independent TripDesk365-level attestations (SOC 2, ISO 27001) are on the roadmap for Enterprise customers; contact us for current status and security questionnaires.
Incident notification
In the event of a confirmed security incident affecting your data, we will notify you without undue delay and in no case later than 72 hours after we become aware of the incident, in accordance with applicable law.
Contact
Security inquiries: support@tripdesk365.com.
Canonical URL: https://tripdesk365.com/security