Engine | Trust Center
Engine Trust Center
Welcome to Engine's Trust Center. Our commitment to data privacy and security is embedded in every part of our business. Use this Trust Center to learn about our security posture and request access to our security documentation.
See Resources

Compliance

SOC 2 Type 2

Annual SOC 2 Type II Report

PCI

Annual AOC

GDPR

CCPA

Resources

SOC 2 Type II Report

Latest report from Dec 2024

PCI DSS 4.0.1

Latest AOC from 2024

Architecture Diagrams

System landscape and data warehouse architecture

Penetration Test Report

Executive Summary of latest penetration test

Workforce Information Security Policy

Contingency Planning Policy

WCAG 2.1 Accessibility Conformance Report

Web Content Accessibility Guidelines - Based on VPAT ver. 2.4

FAQs

To make a data subject request, please reach out to us directly. You can send your request via email to [email protected], or if you prefer, you can also contact us by phone at 855-567-4683. We're here to assist you with any concerns or requests regarding your data.
Hotel Engine engages with one of the best penetration testing consulting firms in the industry at least annually. Our current preferred penetration testing partner is Doyensec, one of the leading experts in penetration testing.
Hotel Engine uses TLS 1.2 or higher everywhere data is transmitted over potentially insecure networks. We also use features such as HSTS (HTTP Strict Transport Security) to maximize the security of our data in transit. Server TLS keys and certificates are managed and deployed through Cloudflare.
All data at rest, encompassing customer data stored in our datastores and S3 buckets, is encrypted using strong, industry-recognized encryption standards such as AES-256. This practice is part of our commitment to ensuring the security and integrity of your data, in line with the latest compliance and industry benchmarks.

Monitoring

Change Management

Change Management Policy
A Change Management Policy governs the documenting, tracking, testing, and approving of system, network, security, and infrastructure changes.
Configuration and Asset Management Policy
A Configuration and Asset Management Policy governs configurations for new sensitive systems

Confidentiality

Data Classification Policy
A Data Classification Policy details the security and handling protocols for sensitive data.
Data Retention and Disposal Policy
A Data Retention and Disposal Policy specifies how customer data is to be retained and disposed of based on compliance requirements and contractual obligations.

Vulnerability Management

Vulnerability and Patch Management Policy
A Vulnerability Management and Patch Management Policy outlines the processes to efficiently respond to identified vulnerabilities.

Access Security

Access Control and Termination Policy
An Access Control and Termination Policy governs authentication and access to applicable systems, data, and networks.