HotelHinge  ·  Trust

Security & Trust

Last updated: June 23, 2026

We describe our security plainly and claim only what is true today. As HotelHinge grows, so will the formality of our program; this page will keep pace.

How we protect data

• Encryption in transit. The site and product are served over HTTPS/TLS.
• Payment security. Card payments are handled by Stripe, a PCI-DSS Level 1 provider. We do not store full card numbers.
• Least data. We collect as little personal information as we need to run the service, which limits what could ever be exposed.
• Access controls. Product data is served only to authenticated, entitled users; the public marketing site and its sample carry no access to the gated dataset.
• Separation. Administrative credentials are kept server-side and are never exposed to the browser.

What we do not claim

We do not currently hold a SOC 2 or ISO 27001 certification, and we will not imply otherwise. No system is perfectly secure. If and when we complete formal audits, we will say so here.

For enterprise teams

Enterprise customers can request a data processing agreement (DPA), a current subprocessor list, and a security questionnaire. Contact our team to start.

Report a vulnerability

If you believe you have found a security issue, please email info@hotelhinge.com with details and steps to reproduce. We appreciate responsible disclosure, will acknowledge your report, and ask that you give us a reasonable chance to remediate before any public disclosure.