Skip to content
DataSecurity

Security and privacy, built into every service.

Annoncer is designed to protect your data during the moments that matter most, with clear standards and reliable practices. 

ISO-27001-BadgeISO 27001 Certified
4926031GDPR ALIGNED 
Azure-LogoMICROSOFT AZURE INFRASTRUCTURE 
cropped-penetrationstest-logo-scaled-2PERIODIC EXTERNAL PENTESTING 

Protecting Operational and Customer Data

At Index Hospitality Systems, protecting customer and operational data is a fundamental responsibility. Hospitality environments rely on technology that must be both reliable and secure. Our platform is designed with a security-first architecture, combining encrypted infrastructure, strict access controls, and continuous monitoring to ensure that operational data remains protected at all times.

We continuously review and improve our security practices to ensure that our systems meet the expectations of modern hospitality organisations, IT departments, and regulatory frameworks.

 

 

Our Security Principles

Our approach to data protection is built around four core principles:

Confidentiality
Ensuring that only authorised individuals and systems can access customer data.

Integrity
Protecting data from unauthorised alteration or corruption.

Availability
Maintaining reliable access to the platform so that hospitality operations remain uninterrupted.

Privacy by Design
Integrating privacy and data protection into the architecture and development of our systems.

 

 

Infrastructure & Hosting

Index platforms, including Annoncer, are hosted on Microsoft Azure, one of the world’s most trusted cloud infrastructures.

Our infrastructure benefits from:

  • Enterprise-grade physical and network security
  • High availability and redundancy
  • Continuous monitoring
  • Secure data centre operations

Production environments are hosted within European data centres, ensuring compliance with European data protection regulations.

 

 

Data Protection & Encryption

Data protection is implemented at multiple levels across the platform.

Encryption in Transit
All data transmitted between clients and our platform is encrypted using secure TLS protocols.

Encryption at Rest
Stored data is protected using strong encryption mechanisms within the cloud infrastructure.

Secure Communications
All communication between internal services is secured and monitored.

These protections ensure that sensitive operational data remains protected against unauthorised access.

 

 

Access Control

Access to systems and data is strictly controlled through a layered access management approach.

Security measures include:

  • Role-based access control
  • Least-privilege access principles
  • Secure authentication for internal systems
  • Logging and monitoring of system access

Only authorised personnel with a legitimate operational need can access specific system components.

 

 

Data Processing & GDPR Compliance

Index Hospitality Systems operates in accordance with the principles of the General Data Protection Regulation (GDPR).

Our practices include:

  • Processing personal data only when necessary for the delivery of services
  • Maintaining clear data processing agreements with customers
  • Ensuring customers maintain control over their data
  • Supporting data subject rights such as access, correction, and deletion

We work with trusted service providers who are contractually required to maintain the same level of data protection.

 

 

System Monitoring & Security Management

Our infrastructure is continuously monitored to detect unusual behaviour and maintain system reliability.

This includes:

  • Logging and monitoring of system activity
  • Security monitoring within the cloud infrastructure
  • Continuous system updates and patch management

These measures help ensure that potential risks can be identified and addressed quickly.

 

 

Backup & Operational Resilience

Hospitality operations depend on reliable systems. To ensure continuity, our infrastructure includes:

  • Automated system backups
  • Redundant infrastructure components
  • Recovery procedures designed to restore services quickly in the unlikely event of disruption

These safeguards help ensure that restaurant and hotel operations can continue without interruption.

 

 

Incident Response

Index maintains internal procedures to detect, investigate, and respond to potential security incidents.

If a security incident affecting customer data were ever to occur, affected customers would be notified in accordance with applicable data protection regulations.

Our goal is to respond quickly, transparently, and responsibly.

 

 

Sub-processors & Trusted Partners

To operate our services efficiently, we work with a limited number of trusted infrastructure and service providers.

These partners are carefully selected and are required to meet strict security and data protection standards.

 

 

Continuous Improvement

Security is not static. As technology and regulatory expectations evolve, we continue to review and strengthen our security practices.

Our goal is to provide hospitality organisations with systems that are not only operationally effective, but also secure, reliable, and trustworthy.

Restaurants operate in real time.

The systems supporting that service must be equally reliable, secure, and trustworthy. 

Responsible disclosure.

If you believe you have discovered a security vulnerability, please contact:

security@annonceronline.com.