Security & Compliance

Enterprise-grade security, by construction.

ARIO is built for hotels whose revenue data, credentials, and decision history demand the same protection level as financial-services software. Authenticated encryption end-to-end, multi-factor access, a tamper-evident audit chain, and contractual obligations enforced as standard.

Compliance posture

Aligned to the standards your procurement team will ask about.

Controls, policies, and contractual obligations modelled on the frameworks enterprise hospitality buyers expect. Documentation available to enterprise customers under NDA on request.

Active
SOC 2 Aligned
Controls designed to SOC 2 Trust Services Criteria. Independent attestation cycle running. Letter of engagement available to enterprise customers under NDA.
Active
GDPR
Standard Data Processing Agreement available on request. UK + EU data residency. Right-to-export and right-to-delete enforced as a contractual obligation.
Active
Encryption
Industry-standard authenticated encryption protects all sensitive customer data in transit and at rest. Key management aligned to NIST guidance.
Active
ISMS aligned
Information Security Management System documented and reviewed quarterly. ISO 27001 alignment for enterprise customers under request.
Architecture pillars

The four pillars of operator-grade trust

Each pillar exists because a real hotel security review asked about it. None of these are aspirational; all are shipped today and verifiable in the codebase.

Encryption everywhere

Sensitive customer data — PMS credentials, channel manager keys, integration tokens — is protected with industry-standard authenticated encryption at rest and in transit. Plaintext never reaches storage or logs.

  • Authenticated encryption at rest for all sensitive data
  • Modern TLS enforced on every connection
  • HTTPS-only with strict transport policy
  • Service refuses to start without proper key configuration
  • Secrets are never returned in API responses or logs

Authentication & access

Multi-factor authentication is available on every account. Privileged routes are gated by an explicit allowlist with full access auditing. Cross-tenant operations require elevated authorisation and are logged on every call.

  • Multi-factor authentication compatible with all standard authenticator apps
  • Single-use recovery codes; current password required for sensitive changes
  • Industry-standard password hashing
  • Hardened session handling with strict cross-site protections
  • Cross-site request forgery defence on every state-changing request
  • Layered rate limiting on authentication endpoints

Tamper-evident audit chain

Every pricing decision, override, approval, and rate push is stored with cryptographic integrity. Database-level controls prevent retroactive modification — no operator, including the founder, can quietly rewrite history.

  • Immutable audit storage across all decision and policy tables
  • Cryptographic content integrity per decision
  • Validation-then-audit ordering — no ghost rows from rejected pushes
  • Operator identity + timestamp + reason on every state transition
  • Continuous regression coverage verifies tamper-protection at boot

Operational continuity

Code escrow with an independent UK agent ensures customer-facing source code is released to existing customers under defined continuity events. Encrypted backups, documented disaster-recovery procedures, and professional indemnity insurance complete the continuity guarantee.

  • Code escrow held by independent UK escrow agent
  • Professional Indemnity + cyber liability — £1M cover
  • Encrypted backups with documented retention policy
  • 99.5% uptime commitment for Standard, 99.9% for Enterprise
  • Documented incident response procedure
  • Customer-controlled data export endpoint
Audit chain in action

Every rate push is reconstructable, signed, permanent.

When your GM, your owner, or an auditor asks "why did this rate move?" — ARIO has the answer with millisecond precision and tamper-evident integrity.

01

Decision computed

AutoPilot or operator decides. Inputs (forecast, comp, events, constraints) captured.

02

Gates evaluated

SAFE_MODE, kill switch, per-date constraint, parity check, mode gate. Failures logged.

03

Audit row stamped

Decision row + content hash written. Operator email + timestamp + cause + every input.

04

Push to channel

Atomic claim, idempotency key sent to CM. Confirmation reference stored.

05

Outcome graded

Nightly grader compares decision against actual booking outcome. MAPE feeds back into calibration.

Operational commitments

Specific, auditable, contracted.

Below is what we put in writing in our standard MSA. None of these are marketing claims; they're contractual commitments enforceable by your legal team.

Encryption at rest
All sensitive customer data — credentials, integration tokens, secrets — protected with industry-standard authenticated encryption before storage.
Active
Encryption in transit
Modern TLS enforced across every endpoint, integration, and partner connection. Strict transport policy applied in production.
Active
Multi-factor authentication
Available on every account. Required for privileged accounts and Enterprise tier deployments.
Active
Encrypted backups + DR
Property data backed up nightly with documented retention. Disaster-recovery procedures tested on a quarterly cadence.
Active
Code escrow
Customer-facing source code held by independent UK escrow agent. Released to existing customers under defined continuity events.
Active
Professional Indemnity Insurance
£1,000,000 coverage including cyber liability. Renewed annually. Certificate available to enterprise customers on request.
Active
GDPR Data Processing Agreement
Standard Contractual Clauses. Sub-processor list maintained. Right-to-export and right-to-delete enforced contractually.
Active
SOC 2 attestation
Controls aligned to SOC 2 Trust Services Criteria. Independent attestation cycle running. Letter of engagement available to enterprise customers under NDA.
Active
Penetration testing
Independent third-party security testing on an annual cadence with documented remediation procedure.
Active
Uptime SLA
99.5% Standard tier · 99.9% Enterprise tier. Defined incident-response window with credit-based remediation if breached.
Active

Security questions?

For SOC 2 alignment, GDPR DPA, vulnerability disclosure, or anything else security-related — open the Security review form on the contact page or email us directly.

Open security review form → hello@ariorms.com