Security

Passwordless Authentication

Guidepole uses passwordless login. Instead of passwords (which can be leaked, guessed, or reused), we send a one-time 6-digit code to your email every time you sign in. Codes are cryptographically generated, expire in 10 minutes, and are limited to 5 verification attempts. You can also sign in with Apple or Google OAuth — your identity is verified directly with those providers using OpenID Connect, and we never see or store your password.

Payment & Revenue Security

Payments are processed through Stripe and Stripe Connect, both PCI DSS Level 1 certified. Card details never touch our servers — they go directly to Stripe's secure infrastructure. Your Stripe Connect Express account is set up directly with Stripe, and payouts go to your bank account without Guidepole having access to your banking credentials.

All payment webhooks are verified using Stripe's cryptographic signatures before processing. Guild token distributions, wallet debits, and refund reversals are handled atomically with database-level locking to prevent race conditions or double-spending.

Client Data Protection

Your client list, booking history, and CRM data are accessible only to you. Client tier assignments, notes, and contact information are scoped to your guide profile — other guides cannot see your client relationships. Imported client data (CSV, Excel, vCard uploads) is processed asynchronously and stored with guide-level access controls.

When clients message you through the platform, their personal phone numbers and emails are never exposed to you directly. Messages are routed through proxy contact information, protecting both parties.

Data Encryption

All data in transit is encrypted using TLS 1.2+ (HTTPS). Production servers enforce HSTS with a one-year policy, preloading, and subdomain inclusion. Data at rest is stored in PostgreSQL with application-level access controls. Media (profile images, trip photos, gallery) is stored in AWS S3 with server-side encryption and served through CloudFront CDN.

Calendar & Integration Security

Calendar sync with Google Calendar and Microsoft Outlook uses OAuth 2.0 with limited scopes — we request only the permissions needed to read and write calendar events. Calendar credentials are stored encrypted and can be revoked at any time from your settings. Sync runs every 15 minutes via secure server-to-server connections.

Embeddable Widget Security

The booking widget you embed on your website loads in a sandboxed iframe. It communicates only with Guidepole servers over HTTPS. Embed endpoints have their own rate limits (120 requests/minute) and are served with appropriate Content-Security-Policy headers to allow cross-origin framing while preventing injection attacks.

Anti-Scraping & Rate Limiting

Guide profiles and contact information are protected by anti-scraping middleware that blocks automated harvesting tools while allowing legitimate search engine crawlers (Google, Bing, etc.). All API endpoints are rate-limited: 300 requests/minute for authenticated users, with stricter limits on public and authentication endpoints.

Audit Trail

All significant platform actions — bookings, payments, account changes, permission modifications — are recorded in a tamper-resistant audit log using SHA-256 hash chaining. Each entry includes the previous entry's hash, making unauthorized modification detectable. This supports dispute resolution, compliance, and accountability.

Account Deletion & Data Erasure

You can request account deletion at any time. Deletion requires email confirmation via a signed, time-limited token. After confirmation, your account is deactivated and your guide profile is hidden from the platform. Your account can be restored if you change your mind.

If you require full data erasure under GDPR or similar privacy regulations, contact us at [email protected]. We will permanently anonymize all personal information associated with your account while preserving non-identifying records for platform integrity. This process is irreversible.

Infrastructure

Our application runs in containerized environments with isolated services. Secrets are managed through environment variables and never committed to source code. Error monitoring is handled by Sentry. Security headers (CSP, X-Content-Type-Options, Referrer-Policy, Permissions-Policy) are applied to all responses.

Responsible Disclosure

If you discover a security vulnerability, please report it to [email protected]. We take all reports seriously and will respond promptly.