Your data, handled like it's ours.
We ask hotels to connect their most sensitive numbers. We don't take that lightly — security and privacy are built into HotelGauge from the ground up, not bolted on.
SOC 2 Type II
Independently audited controls for security, availability and confidentiality.
ISO 27001
Certified information security management system.
GDPR & CCPA
Privacy-by-design, data-subject rights honored, EU/US data handling.
PCI DSS aligned
Payment data handled by certified processors — we never store card numbers.
Certifications shown represent our security program's target framework; request our current compliance documentation and SOC 2 report under NDA.
Six commitments we hold ourselves to
Read-only by default
We connect to your PMS and channel manager to read data. We never write to your inventory or rates.
Encrypted everywhere
TLS 1.2+ in transit and AES-256 at rest. Secrets are managed in a dedicated vault.
Least-privilege access
Internal access is role-based, logged, and reviewed. Production access requires MFA.
Your data is portable
Export anytime. Cancel and we delete your data on request — no hostage-taking.
Resilient by design
Automated backups, monitored uptime, and a tested incident-response plan.
Responsible disclosure
A clear path for researchers to report issues, and a commitment to fix them fast.
We're happy to get into the details.
Need our SOC 2 report, a DPA, or a security questionnaire completed? Reach out and our team will take care of it.