Hotbot.ai fully complies with GDPR.
1. Complete data route.
Starting from the moment the system is requested from the PMS. PD are sent to our receiving server via SSH using private key encryption, keys and logins are unique for each client. At the SSH server level, disk space is assigned to each client using chroot jail overrides. Next, the download handler loads the necessary PD into ours and deletes the received files.
2. Protocols for data transmission used in cloud systems.
Hotbot.ai works only over protocols that support HTTPS, SSH encryption, others are not used.
3. Storage methods.
PD are stored in a separate segment of the private subnet, without direct access from the Internet.
4. Methods of processing.
PDs are used to personalize work with help and include the following possible steps:
- Sending notifications using the email received from the PMS;
- Checking the fact of the guest's check-in at the hotel, sending reminders and suggestions related to the guest's stay at the hotel, provided that the data contains information about the booking.
5. Methods of protection.
We use several servers, divided into different segments according to the level of protection. There are three segments in total, each with its own separate subnet:
- Public - external traffic segments are not used, they are strictly separated from internal segments of the firewall and traffic routing rules;
- Segment of application servers - it contains all the executed logic;
- Segment of databases of data servers.
The segments are connected to each other through a separate router without access to the Internet and at the router level they are delimited by accessibility among themselves. For example, a bucket does not have a database bucket route, and only has access to the application bucket's load balancers. Access to the site is carried out through a secure tunnel using unique details for each employee with a record in the journal.