Skip to content
GuestLoop

Security

Your data security is our top priority

Data Encryption

HTTPS Everywhere

All data transmitted between your browser and our servers is encrypted using industry-standard HTTPS encryption.

Password Security

Password Hashing

All passwords are hashed using bcrypt with 12 rounds of salt. We never store your actual password - only the secure hash.

Magic Link Authentication

Our magic link tokens are single-use only and expire after 15 minutes for maximum security.

Two-Factor Authentication

Optional TOTP (Time-based One-Time Password) two-factor authentication is available for additional account security.

Application Security

Rate Limiting

Authentication endpoints are protected with rate limiting to prevent brute force attacks.

SQL Injection Prevention

All database queries use parameterised statements to prevent SQL injection attacks.

XSS Prevention

User input is sanitised and HTML content is properly escaped to prevent cross-site scripting attacks.

Secure Cookies

Authentication cookies are HttpOnly and secure, preventing access via JavaScript and ensuring they're only sent over HTTPS.

Payment Security

PCI DSS Compliant Payment Processing

All payment processing is handled by Stripe, which is PCI DSS Level 1 compliant. We never see or store your full card numbers.

Guest Loop only receives basic transaction information needed to manage your subscription.

File Upload Security

All file uploads go through security validation:

  • File type validation to ensure only allowed formats are accepted
  • File size limits to prevent abuse
  • Malware scanning for uploaded content
  • Secure file storage with proper access controls

Access Control

Server-Side Route Protection

All API routes and pages are protected with server-side authentication checks. You can only access data you own.

Role-Based Access

User permissions are strictly enforced. Guests can only view guidebooks they've been given access to.

Infrastructure Security

Hosting

Guest Loop is hosted on Vercel, which provides enterprise-grade security including DDoS protection, secure edge networking, and automatic HTTPS.

Database Security

Our database is hosted on Neon with encrypted connections, automated backups, and access restricted to our application servers only.

Monitoring and Response

We continuously monitor our systems for security threats and maintain incident response procedures to quickly address any security issues that arise.

Regular security reviews and updates ensure our defenses stay current with emerging threats.

Responsible Disclosure

Found a Security Issue?

If you discover a security vulnerability in Guest Loop, please help us keep our users safe by reporting it responsibly.

Contact us at: security@guest-loop.com or hello@guest-loop.com

Please provide as much detail as possible including steps to reproduce the issue. We'll investigate promptly and keep you updated on our progress.

Questions?

If you have any questions about our security practices, please contact us at hello@guest-loop.com.