Skip to main content

Security

How we protect your data and your guests' information

Data Encryption

All data transmitted between your browser and Tamu servers is encrypted using TLS 1.3. Data at rest in our Supabase-powered database is encrypted using AES-256.

Payment Security

Tamu processes payments through Stripe (for card payments) and FPX (for Malaysian bank transfers). We never store full card numbers on our servers. All payment data is handled by PCI-DSS Level 1 certified providers.

Access Control

Row-level security (RLS) ensures each property owner can only access their own data. Admin access requires multi-factor authentication. All API endpoints are authenticated using secure session tokens.

Infrastructure

Tamu runs on Vercel (edge network) and Supabase (managed PostgreSQL). Both providers maintain SOC 2 Type II compliance. We conduct regular security reviews and dependency audits.

Reporting a Vulnerability

If you discover a security vulnerability, please report it responsibly to security@tamuhq.com. We aim to respond within 48 hours and will keep you updated as we address the issue.