RockiesOS
Request a Demo

Legal

Data Security

Last updated June 14, 2026

Security is built into how RockiesOS is designed and operated. This overview summarizes the measures we use to protect your data and your guests' data.

Encryption

All traffic to and from RockiesOS is encrypted in transit with TLS. Data at rest is encrypted, and sensitive fields such as payment-provider credentials are encrypted at the application layer.

Access controls

  • Role-based access control with granular, tier-based permissions inside the platform.
  • Branch and entity isolation so multi-property groups don't leak data across properties.
  • Least-privilege access for our staff, granted only when required to operate or support the service, and revoked when no longer needed.
  • Optional multi-factor authentication for privileged accounts.

Payment security

We never store full card numbers. Payments are handled by PCI-DSS compliant providers; RockiesOS retains only a payment token and the last four digits needed to display and reconcile transactions.

Infrastructure

Each hotel customer runs with its own isolated database, which provides strong data separation and limits the blast radius of any single issue. Infrastructure is hardened, kept current with security patches, and access to it is restricted and logged.

Backups & recovery

Databases are backed up regularly and backups are retained so we can recover from accidental loss or corruption. Restore procedures are tested as part of operating the service.

Monitoring & auditing

Sensitive actions are recorded in append-only audit logs. Financial records use a tamper-evident hash chain so changes are detectable. We monitor for errors and suspicious activity.

Vendor management

Third-party processors (hosting, payments, email, AI, analytics) are bound by contracts that restrict how they may use data, and we choose providers that maintain recognized security practices.

Responsible disclosure

If you believe you've found a security vulnerability, please report it to support@rockiesos.com. We investigate all legitimate reports and ask that you give us a reasonable opportunity to address an issue before any public disclosure.

Incident response

We maintain an incident-response process and will notify affected customers and, where required, regulators without undue delay if a breach affects personal data.

Your responsibilities

Security is shared. Use strong, unique passwords, enable multi-factor authentication, keep your credentials confidential, and manage your users' permissions carefully.

Questions about this policy? Email support@rockiesos.com or call +1-647-819-3399.