Security & Trust

Your data security is our top priority

BookingXi is built with enterprise-grade security from the ground up. We use industry-leading practices to protect your business and your customers' data.

Encryption Everywhere

All data is encrypted in transit using TLS 1.3 and at rest using AES-256. Your customers' payment information never touches our servers — it goes directly to Stripe.

Data Isolation

Every connected business has complete data isolation through Supabase Row Level Security (RLS). One business can never access another's data, even at the database level.

Audit Logging

Every action in the admin panel is logged with who, what, and when. Full accountability trail for compliance and debugging.

PCI Compliance

Payment processing is handled entirely by Stripe, a PCI DSS Level 1 certified service provider. BookingXi never stores, processes, or transmits cardholder data.

Infrastructure Security

Hosted on Vercel's edge network with automatic DDoS protection, CDN caching, and serverless functions. Database hosted on Supabase with automatic backups and point-in-time recovery.

GDPR Ready

Data Processing Agreement available. Data export and deletion tools built in. Consent management and privacy-by-design architecture throughout the platform.

Compliance & Certifications

We partner with industry-leading providers to maintain the highest security standards.

PCI DSS Level 1

Via Stripe

SOC 2 Type II

Via Supabase & Vercel

GDPR Compliant

DPA Available

Responsible Disclosure

If you discover a security vulnerability, please report it to security@bookingxi.com. We take all reports seriously and will respond within 48 hours.