Security and privacy, built into every service.
Annoncer is designed to protect your data during the moments that matter most, with clear standards and reliable practices.
ISO 27001 Certified
GDPR ALIGNED
MICROSOFT AZURE INFRASTRUCTURE
PERIODIC EXTERNAL PENTESTING Protecting Operational and Customer Data
At Index Hospitality Systems, protecting customer and operational data is a fundamental responsibility. Hospitality environments rely on technology that must be both reliable and secure. Our platform is designed with a security-first architecture, combining encrypted infrastructure, strict access controls, and continuous monitoring to ensure that operational data remains protected at all times.
We continuously review and improve our security practices to ensure that our systems meet the expectations of modern hospitality organisations, IT departments, and regulatory frameworks.
Our Security Principles
Our approach to data protection is built around four core principles:
Confidentiality
Ensuring that only authorised individuals and systems can access customer data.
Integrity
Protecting data from unauthorised alteration or corruption.
Availability
Maintaining reliable access to the platform so that hospitality operations remain uninterrupted.
Privacy by Design
Integrating privacy and data protection into the architecture and development of our systems.
Infrastructure & Hosting
Index platforms, including Annoncer, are hosted on Microsoft Azure, one of the world’s most trusted cloud infrastructures.
Our infrastructure benefits from:
- Enterprise-grade physical and network security
- High availability and redundancy
- Continuous monitoring
- Secure data centre operations
Production environments are hosted within European data centres, ensuring compliance with European data protection regulations.
Data Protection & Encryption
Data protection is implemented at multiple levels across the platform.
Encryption in Transit
All data transmitted between clients and our platform is encrypted using secure TLS protocols.
Encryption at Rest
Stored data is protected using strong encryption mechanisms within the cloud infrastructure.
Secure Communications
All communication between internal services is secured and monitored.
These protections ensure that sensitive operational data remains protected against unauthorised access.
Access Control
Access to systems and data is strictly controlled through a layered access management approach.
Security measures include:
- Role-based access control
- Least-privilege access principles
- Secure authentication for internal systems
- Logging and monitoring of system access
Only authorised personnel with a legitimate operational need can access specific system components.
Data Processing & GDPR Compliance
Index Hospitality Systems operates in accordance with the principles of the General Data Protection Regulation (GDPR).
Our practices include:
- Processing personal data only when necessary for the delivery of services
- Maintaining clear data processing agreements with customers
- Ensuring customers maintain control over their data
- Supporting data subject rights such as access, correction, and deletion
We work with trusted service providers who are contractually required to maintain the same level of data protection.
System Monitoring & Security Management
Our infrastructure is continuously monitored to detect unusual behaviour and maintain system reliability.
This includes:
- Logging and monitoring of system activity
- Security monitoring within the cloud infrastructure
- Continuous system updates and patch management
These measures help ensure that potential risks can be identified and addressed quickly.
Backup & Operational Resilience
Hospitality operations depend on reliable systems. To ensure continuity, our infrastructure includes:
- Automated system backups
- Redundant infrastructure components
- Recovery procedures designed to restore services quickly in the unlikely event of disruption
These safeguards help ensure that restaurant and hotel operations can continue without interruption.
Incident Response
Index maintains internal procedures to detect, investigate, and respond to potential security incidents.
If a security incident affecting customer data were ever to occur, affected customers would be notified in accordance with applicable data protection regulations.
Our goal is to respond quickly, transparently, and responsibly.
Sub-processors & Trusted Partners
To operate our services efficiently, we work with a limited number of trusted infrastructure and service providers.
These partners are carefully selected and are required to meet strict security and data protection standards.
Continuous Improvement
Security is not static. As technology and regulatory expectations evolve, we continue to review and strengthen our security practices.
Our goal is to provide hospitality organisations with systems that are not only operationally effective, but also secure, reliable, and trustworthy.
Restaurants operate in real time.
The systems supporting that service must be equally reliable, secure, and trustworthy.
Responsible disclosure.
If you believe you have discovered a security vulnerability, please contact:

