Security isn't a page on the website. It's how it's built.
You handle your guests' ID documents and the keys to your homes. This is, concretely and without smoke, what anpira does to protect them.
Encryption in transit and at rest.
Everything travels over HTTPS. And the truly sensitive data (traveller-registration documents, credentials) is stored with AES-256-GCM envelope encryption: a different key per piece of data, itself wrapped by a master key. A database dump reveals not a single document.
Per-customer isolation, in the database.
Every row carries its owner and the database ENFORCES the isolation (Row Level Security): the application connects with a role that has no privilege to bypass it. Even if the code had a bug, one customer cannot see another's data.
Traveller data, encrypted only.
Travellers' identity is never written to logs or sent to third-party browsers. It's kept encrypted for the 3 years Spanish law requires (RD 933/2021) and deleted afterwards.
Sealed, tamper-evident evidence.
Cleaning certificates and incident records carry a SHA-256 fingerprint, are chained into a daily Merkle tree, anchored in a public ledger and sealed with an eIDAS qualified timestamp issued by a qualified provider. Evidence records are append-only.
Least access for every person.
Cleaners get in with a link and a PIN, no account, and see only their group of homes; revoking the link cuts access instantly, smart lock included. Guests see only their own booking, through a link that expires when its cycle ends.
Active anti-abuse.
Global request limits (rate limiting on Redis), brute-force lockout on PINs, security headers with CSP in enforce mode and an audited log of sensitive actions.
Where the data lives.
The database lives in the European Union (Frankfurt, AWS eu-central-1). Files are stored on Cloudflare, with a private bucket for sensitive material. Where a provider processes data outside the EEA, the transfer is covered by the EU-US Data Privacy Framework or standard contractual clauses, as detailed in the Privacy Policy.
If something ever failed.
If a security breach posed a risk to people's rights, we would notify it under articles 33 and 34 of the GDPR: the authority within 72 hours, and those affected where required. Nothing swept under the rug.
The paperwork, published.
We don't ask for blind trust: the legal detail is published and you can read it before signing up.
Security or privacy questions? Write to [email protected].
That's how we look after what you trust us with.
Start free