Back to home
Security & Compliance

How Maghraut PMS protects your hotel and guest data

A plain-English reference for hotel owners, IT teams, and procurement reviewers. This page is maintained by Maghraut PMS to describe the controls currently active across the platform. It is not a third-party security certification.

Shared responsibility: Maghraut PMS operates the platform and the controls below. The hotel (data controller) is responsible for managing its staff accounts, role assignments, password hygiene, and how guest data is collected and used on-property.

1. Data encryption (in transit and at rest)

  • All traffic between staff devices, guest browsers, and Maghraut PMS uses HTTPS/TLS 1.2+. HTTP is redirected to HTTPS.
  • The managed Postgres database and object storage are encrypted at rest by the underlying cloud provider using industry-standard AES-256.
  • Service-role keys, payment provider keys, and integration tokens are stored on the server side only — never bundled into the browser app and never returned to the client.
  • Passwords are hashed by the managed auth provider (bcrypt-family). Maghraut PMS staff never see, store, or transmit plaintext passwords.

2. Role-Based Access Control (RBAC)

Every staff member belongs to a tenant (hotel / group) and is assigned one or more roles. Roles are stored in a dedicated server-side table and checked on every request — they cannot be elevated from the browser.

  • Owner / PMS Manager — full access to PMS, POS, reports, and administration.
  • Front Office — reservations, check-in / check-out, guest folios, payments.
  • Cashier — settle bills, record payments, day-close.
  • Outlet Manager — POS administration for restaurant / room-service outlets, discounts, voids, refunds, reports.
  • Restaurant Staff / Room-Service Staff — POS-only access via the dedicated POS Portal. No reservations, no PMS reports, no settings.

Per-module access scopes (view / write / none) allow further fine-tuning per staff member for Dashboard, Calendar, Reservations, Events, Guests, Payments, Notes, and Setup.

3. Audit logs & activity tracking

Sensitive operations write append-only entries to a dedicated audit log table. Each entry records the actor (user ID + email), timestamp, tenant, entity, and relevant metadata (amount, reason, reference IDs).

  • Folio charges & payments — every insert, update, delete.
  • POS orders — creation, modification, settlement, void, refund.
  • Reservation status changes, cancellations, no-shows.
  • Role assignments and access scope changes.

Audit logs are readable only by Owners, Managers, and platform super admins — PII fields (actor email, IP) are not visible to general staff.

4. Daily backups & data retention

  • The managed Postgres database is backed up daily by the cloud provider with point-in-time recovery (PITR) available on supported plans.
  • Object storage (ID documents, media) is replicated for durability across availability zones.
  • Operational data is retained for as long as the hotel's subscription is active. On contract termination, data can be exported and is then scheduled for deletion per the agreed retention window.
  • Guest documents (passport / Aadhaar scans) are retained according to the hotel's local regulatory requirements, configurable per property.

5. Cloud infrastructure & hosting

Maghraut PMS runs on Lovable Cloud, which is built on Supabase (managed Postgres, Auth, Storage) and a major public cloud provider for the underlying compute, database, and storage — the same class of infrastructure used by many regulated SaaS products.

  • Edge runtime for server functions — low-latency, globally distributed.
  • Managed Postgres with automated patching and monitoring.
  • Private object storage with signed-URL access.
  • Provider-level network controls (DDoS protection, WAF, rate limits on public endpoints).

6. Tenant isolation & multi-tenant security

Maghraut PMS is multi-tenant by design. Every hotel or group is a separate tenant, and all data — reservations, guests, folios, payments, POS, events, housekeeping — is scoped by tenant_id and property_id at the database layer.

  • Row-Level Security (RLS) is enabled on every operational table. A signed-in staff member can only read or modify rows belonging to a tenant they are an explicit member of.
  • Cross-tenant access by platform super admins is granted explicitly per table via security-definer functions — not via a hidden bypass.
  • Public surfaces (booking engine, online menu, pre check-in) call narrowly scoped server functions that only expose the fields needed for that flow.

7. Disaster recovery & business continuity

  • Daily database backups with point-in-time recovery enable restoration to a specific moment in case of accidental data loss or corruption.
  • Compute and storage are managed and auto-healing — the cloud provider replaces failed instances without manual intervention.
  • Object storage is replicated across availability zones so a single-zone outage does not cause data loss.
  • Software releases follow a review-and-promote workflow with the ability to roll back to a previous version of the application.
  • On major incidents, status and ETA are communicated to property owners via the support channel listed below.

8. Guest data protection & privacy

Maghraut PMS processes guest personal data on behalf of the hotel that subscribes to it. The hotel is the data controller; Maghraut PMS is the processor. Guest data is never sold and is not used to train external AI models.

The platform handles these sensitive categories of hotel data:

  • Guest profiles — name, contact, preferences, stay history. Scoped to the tenant and accessible only to authorized staff.
  • Passport & Aadhaar copies — stored in private object storage, never publicly accessible, served only via short-lived signed URLs to authorized staff.
  • Contact information — phone, email, address. Used only for operational communication for the booking.
  • Reservation records — dates, rooms, packages, special requests. Tenant-scoped with RLS.
  • Payments & invoices — amounts, methods, references. Card data is handled by PCI-compliant payment providers; Maghraut PMS stores only non-sensitive references and last-four / brand metadata as returned by the provider.

Guests submitting pre check-in details share their information only with the specific property they are checking into. Document uploads land in private buckets with column-level revokes on token / OTP fields.

9. Secure authentication & access controls

  • Staff sign in with email + password or Google. Passwords are hashed by the managed auth provider; leaked-password protection (HIBP check) is available.
  • Session tokens (JWT) are short-lived with automatic refresh; sign-out invalidates the session locally and on the server.
  • No anonymous sign-ups for the PMS — accounts are provisioned by the property owner or manager.
  • Public-facing endpoints (booking engine, menu, pre check-in) use scoped server functions; they cannot enumerate other tenants' data.
  • Webhooks and external callbacks verify signatures before processing.

10. Compliance & security best practices

Maghraut PMS aligns its operational practices with widely accepted security best practices and industry guidance (OWASP Top 10, principle of least privilege, defense in depth). The platform inherits the certifications maintained by its underlying cloud providers.

  • Underlying infrastructure — managed by major cloud providers with their own SOC 2 / ISO 27001 programs. Customers should refer to the provider's trust portal for current attestations.
  • Payment processing — handled by PCI-DSS-compliant providers (e.g. the payment gateway you configure). Maghraut PMS does not store raw card numbers.
  • Privacy — Maghraut PMS supports data export and deletion workflows so the hotel can meet local privacy requirements (e.g. GDPR-style subject access / erasure requests).
  • Application security — input validation, parameterized queries, RLS-by-default, signed URLs for private files, regular dependency scanning, and automated security scans of the database schema and policies.

Maghraut PMS does not claim to hold SOC 2, ISO 27001, HIPAA, or PCI-DSS certifications in its own name. For procurement reviews requiring certified attestations, please contact us — we can share the underlying provider certificates and a current security questionnaire.

Security architecture at a glance

1. Client (browser / device)

Staff & guest browsers. All traffic over HTTPS/TLS. No service-role keys ever shipped to the client.

↓ HTTPS / TLS 1.2+
2. Edge & application layer

Server functions on edge runtime. Authentication, input validation, rate-limited public endpoints, signed webhook verification.

↓ Authenticated session (JWT)
3. Authorization layer — RBAC + RLS

Roles (Owner, Manager, Front Office, Cashier, Outlet Manager, Restaurant / Room-Service Staff) checked server-side. Row-Level Security on every operational table enforces tenant & property scoping.

4a. Encrypted Postgres

Tenant-scoped data: reservations, folios, payments, POS, audit logs. Encrypted at rest. Daily backups with point-in-time recovery.

4b. Private object storage

Passport / Aadhaar / ID scans in private buckets. Access only via short-lived signed URLs scoped to authorized staff.

5. Audit & observability

Append-only audit logs for sensitive actions (charges, payments, voids, refunds, role changes, settlements). Readable by Owners, Managers, and platform admins.

This is a simplified view of the runtime controls applied to every request. Lovable Cloud (built on Supabase + a major public cloud) provides the underlying managed Postgres, storage, and edge runtime.

Frequently asked questions

Where is our data stored?
On managed Postgres and private object storage operated by Lovable Cloud's underlying cloud provider. The region is selected at platform level; contact us if you require a specific region for compliance reasons.
Can another hotel see our reservations, guests, or revenue?
No. Every operational table is scoped by tenant_id and property_id, and Row-Level Security is enforced at the database layer. Even if an API call were crafted manually, the database will return zero rows for tenants the user does not belong to.
Who can view passport and Aadhaar scans?
Only authenticated staff with the appropriate role in that property. Scans live in a private storage bucket and are served via short-lived signed URLs — they are never publicly browsable.
Do you store credit card numbers?
No. Card data is handled by the PCI-DSS-compliant payment provider you configure. Maghraut PMS stores only non-sensitive references (provider transaction ID, last 4 digits, card brand) needed to reconcile the payment.
How often do you back up the database?
Daily, with point-in-time recovery available on supported plans through the managed Postgres provider.
What happens if a staff member leaves?
The owner or manager removes the staff member from the tenant. Their session is invalidated, role assignments are revoked, and RLS will then deny all subsequent requests. All historical audit log entries attributed to them remain immutable.
Can we export our data if we leave?
Yes. Reservations, guests, folios, payments, POS orders, and audit history can be exported in standard formats on request. Document scans can be downloaded from storage.
Do you use guest data to train AI models?
No. Guest data is processed only to operate the platform for the hotel. It is not sold and not used to train external AI models.
How do we report a security issue?
Email sales@maghraut.com. Please include reproduction steps and avoid accessing data that does not belong to you. We acknowledge reports and keep you updated on the fix.

Contact our security team

For security questionnaires, DPAs, procurement reviews, or to report a vulnerability, contact sales@maghraut.com. For a broader overview of our trust posture, see our Trust & Privacy page.

This page describes the current security controls of Maghraut PMS and may be updated as the platform evolves. It is maintained by Maghraut PMS and does not constitute a contract or a third-party security certification.