Hotilla operates inside the hospitality industry. Our customers entrust us with operational data that touches both their staff and their guests. This page documents, transparently, how that data is stored, protected, and governed, and where we are on our compliance roadmap.
Hotilla holds the minimum data necessary to deliver recovery cost intelligence: duty log entries, departmental records, and the derived analytical outputs. Nothing more. Here's how that data is handled at every layer.
Hotilla is designed around an operational principle: the value lies in patterns of incidents, not in the identification of individuals. Personally identifiable information is minimised by default, anonymised where possible, and never used beyond what is strictly necessary.
Access to customer data is governed by the principle of least privilege. Internal access is restricted, logged, and reviewed. External access is granted only to authorised personnel of the customer property.
Hotilla is in active development of its compliance posture. We believe transparency on this roadmap matters more than claims of readiness. Here is the current state, honestly stated.
Security incidents are rare but real. Our incident response process is designed to be transparent with affected customers and timely in remediation. We commit to honest communication over reputation management.
Continuous monitoring of application, infrastructure, and authentication events. Anomaly detection on access patterns and data flows. Internal escalation path documented.
Affected customers are notified within 24 hours of confirmation of a security incident. Notification includes scope, suspected cause, and immediate mitigation actions taken.
Root cause investigation initiated immediately. Remediation steps documented and executed. Customers receive a post-incident report within 7 days.
Lessons learned integrated into security controls and the compliance roadmap. Repeat patterns trigger structural review of relevant subsystems.
For security disclosures, vendor due diligence, DPA requests, or any other formal inquiry on Hotilla's trust posture, write to us directly. We respond within two business days.
security@hotilla.com