Security

Data security for STR operators

Strpricely is built with security controls designed to protect the data STR operators entrust to us — listing identifiers, rate calendars, permit IDs, and channel API credentials.

Contact Security Team Privacy Policy
What We Store

What data Strpricely handles

We store the minimum data required to provide pricing, channel sync, and compliance monitoring services.

What we store
  • OTA listing identifiers (Airbnb listing IDs, VRBO property IDs)
  • Rate calendars and availability data
  • Permit IDs and registration numbers (for compliance tracking)
  • Channel API credentials (encrypted at rest, never logged in plaintext)
  • Operator account data (email, name, billing information)
What we do NOT store
  • Guest personally identifiable information (names, emails, phone numbers)
  • Guest payment data or payment card information
  • Guest messages or communications
  • Property access codes, lock credentials, or key information
  • Tax filing documents or financial records beyond what you choose to upload
Infrastructure

Built with security controls in mind

AWS-Hosted Infrastructure

Strpricely's infrastructure runs on Amazon Web Services (AWS) in the us-east-1 region. AWS maintains its own extensive security certifications and physical data center controls. We leverage AWS managed services designed with SOC 2 controls in mind.

Encryption In Transit

All data transmitted between your browser, the Strpricely platform, and our API endpoints is encrypted using TLS 1.3. API credentials stored in your account are transmitted only over encrypted connections and never exposed in logs or error messages.

Encryption At Rest

Data at rest is encrypted using AES-256 on AWS managed storage services. Channel API credentials and permit data are stored in encrypted datastores with key management designed with security controls in mind.

SOC 2 Controls — In Progress

Strpricely has implemented security controls designed with SOC 2 Type II criteria in mind. We are in the process of pursuing formal SOC 2 Type II attestation — we will publish results when the audit process is complete. We do not claim SOC 2 certification at this time.

Access Controls

Account security and access management

Two-Factor Authentication

Two-factor authentication (2FA) is available for all Strpricely accounts and recommended for property managers with multi-property access. We support authenticator app-based 2FA.

Role-Based Access

Property managers can grant limited access to team members with role-based permissions. Pricing-only roles, compliance-view-only roles, and full-access roles are supported — minimizing the blast radius of any single credential.

GDPR & CCPA Designed With Controls

Strpricely is designed with GDPR and CCPA privacy controls in mind. We maintain a data processing addendum (DPA) for EU operators and provide data deletion support. See our Privacy Policy for full details.

Security Contact

To report a security vulnerability or data concern, contact our team at [email protected] with "Security" in the subject line. We commit to acknowledging security reports within 2 business days.

Questions?

Security questions before your demo?

We're happy to walk through our security approach in your 30-minute demo, or answer questions via email before you get started.

Request a Demo Email Security Team