Security and Access

Organization Owner, Property Manager, Front Desk Manager, Front Desk Staff, Revenue Manager, Housekeeping Supervisor, Housekeeping Staff, and Accountant. Each role has specific permissions per module.

The system uses predefined role-based access control. Each role has carefully scoped permissions. For example, front desk staff can add charges and collect payments but cannot generate invoices or access journal entries.

Guest email and phone are encrypted with AES-256 at rest. ID documents are encrypted before cloud storage. Payment gateway credentials are stored with AES-256-GCM encryption.

Yes. Every significant action is logged with the actor, timestamp, and details. Financial transactions, guest profile access, rate changes, and configuration updates are all auditable.

Payment gateway API keys are stored encrypted in the database. They are decrypted only at the moment of transaction processing. Test mode and live mode are separated.

Yes. Disable or remove any user from Settings. Their access is revoked immediately. All actions they performed remain in the audit trail.