Security & Privacy

Vanio takes data security seriously. Here's how we protect your data and your guests' information.

Infrastructure

• Hosting: Deployed on Vercel (enterprise-grade infrastructure)
• Database: Supabase (PostgreSQL) with row-level security
• Payments: Stripe Connect — PCI DSS Level 1 compliant. Card data never touches our servers
• Smart Locks: Connected via Seam with end-to-end encrypted communication

Data Handling

• Guest data: Stored securely in our database with access controls
• Payment data: Handled entirely by Stripe — we never store card numbers
• Lock codes: Generated and transmitted securely via Seam's encrypted channels
• Conversation data: Stored for AI context and audit trail, accessible only to authorized users

AI & Privacy

• No training on your data: Your guest conversations and property data are not used to train AI models
• Contextual access: AI only accesses data relevant to the current conversation or task
• Audit trail: Every AI action is logged and visible to the property manager
• Human override: Hosts can intervene in any AI decision at any time

Access Controls

• Role-based access: Team members see only what they need
• Service provider isolation: Cleaners and maintenance workers see only their assigned tasks
• Owner access: Property owners see only their own properties and revenue (coming soon)
• API keys: Programmatic access is controlled via API keys with configurable permissions

Compliance

• GDPR: Guest data can be exported and deleted on request
• PCI DSS: Payment processing is fully PCI compliant via Stripe
• SOC 2: In progress