Data storage, security & retention
Operational safeguards for TravelAgent. Contractual commitments may vary—refer to your agreement or DPA where applicable.
User Data Deletion Policy
Your right to erasure, what we delete, what we may retain for legal or security reasons, timelines, and how to submit requests—including in-app, email, partial deletion, and minors' data—are documented in our dedicated policy.
Read the User Data Deletion Policy →1. Storage architecture
Customer data is stored in secure cloud infrastructure with logical separation between tenants. Backups are encrypted and monitored for integrity.
2. Encryption
Data is encrypted in transit using TLS and encrypted at rest using industry-standard mechanisms provided by cloud and database platforms.
3. Access controls
Access to production systems is restricted by role, least privilege, audit logs, and internal approval workflows. Administrative actions are traceable.
4. Monitoring and response
We maintain continuous monitoring, alerting, and incident response procedures. Security events are triaged and handled according to severity and impact.
5. Compliance and reviews
Security policies, vendor controls, and operational safeguards are periodically reviewed. Additional compliance documentation can be shared during enterprise onboarding.