Security at every layer

API keys are hashed using SHA-256 before storage. Raw keys are never persisted -- they are shown once at creation and cannot be recovered. Even in the event of a database breach, your keys remain secure. Keys track lastUsedAt timestamps and can be revoked instantly.

Every API request is validated with Zod schemas before processing. Malformed requests are rejected with structured error messages. This prevents injection attacks, type confusion, and invalid state transitions at the API boundary.

Every API call, booking state transition, and administrative action is recorded with timestamps, actor identity, and request metadata. Audit logs never contain secrets. Logs are immutable and queryable from the dashboard.

Every resource -- API keys, restaurants, reservations, transactions, policies, and audit logs -- is scoped to a single organization. Database queries enforce orgId filtering at every layer. There is no cross-tenant data access.

Third-party connector tokens (Calendly, Stripe, etc.) are encrypted at rest using AES-256-GCM with unique nonces per token. Encryption keys are managed via environment variables and stored separately from the encrypted data.

Define granular policies to control agent behavior: spending limits, time-of-day restrictions, rate limits, and approval workflows. Policies are evaluated server-side before any booking is executed. Denied requests never reach external providers.

All API endpoints enforce TLS 1.2+ encryption. This ensures that API keys and booking data are never transmitted in plaintext.

We are actively pursuing SOC 2 Type II certification. Our infrastructure is designed to meet the Trust Services Criteria for security, availability, and confidentiality. Enterprise customers can request our current security questionnaire.