SevenSkies protects organiser and traveller data with layered controls that cover encryption, access, monitoring, and incident response. The summary below is kept in sync with every release.
Last updated: 04 February 2025
Authentication tokens, refresh keys, analytics identifiers, and webhook secrets are encrypted using AES-256-GCM (enc:v1) with rotation handled through AUTH_SECRET bundles stored outside the codebase.
Files uploaded to Participant Hub are scanned and stored with presigned URLs that expire automatically; sensitive exports (PDF, CSV, ICS) are regenerated and re-verified on every access request to ensure maximum privacy.
Role-based permissions govern every admin or organiser action (trip management, payouts, notifications). Support access requires enforced 2FA and step-up tokens for destructive tasks.
Public itineraries mirror only the data flagged as shareable; owner emails, notes, and supplier files never leave the secure workspace.
Every API route emits structured security events to the alerts pipeline (email + local log file). Rate-limit anomalies trigger automatic throttling and Slack/email notifications when configured.
Passenger restarts are captured in start.log / stderr.log so infra teams can audit deployments and rollbacks.
Primary data lives on managed MySQL clusters with read replicas for analytics. Backups remain encrypted at rest and rotate every 30 days.
If you need a signed DPA or region-specific residency commitment, email [email protected] and reference your workspace ID.
Responsible disclosure is encouraged. Send reports to [email protected] with reproduction steps. We aim to acknowledge critical findings within one business day.