Your property data, your guest records and your financial books sit on infrastructure inside the Kingdom, encrypted at rest and in transit, with role-based access control and a full audit log. Here is the detail.
Trust is what hotel groups and investor-backed operators evaluate us on before functionality. We treat it that way. The detail below covers infrastructure, data handling, access control, regulatory compliance and incident response. If you need additional artefacts for a procurement review (SOC 2 readiness, custom DPA, infra diagram), email security@taskyinn.sa and we will engage directly.
Your tenant database, file storage and backups all sit on infrastructure inside the Kingdom. We do not replicate guest or financial data outside Saudi Arabia.
Every connection to Taskyinn — web app, API, mobile — is enforced over TLS 1.2+ with HSTS. Sensitive data fields (national ID, Iqama, passport, payment tokens) are encrypted at rest. Database volumes are encrypted with managed keys.
Every Taskyinn role has a precisely scoped permission set against the Hasura GraphQL schema with row-level security on every table. A receptionist cannot see the GL, an accountant cannot edit reservations, and a tenant admin cannot see another tenant’s data — at the database level, not just the UI.
Every write — reservation change, folio posting, GL journal, permission change, invoice issuance — is logged with the user, timestamp, IP and the before/after snapshot. Logs are retained for the regulator’s minimum and exportable on request.
Daily encrypted backups with point-in-time recovery up to 7 days. Quarterly recovery drills against a separate environment. Recovery objective: RTO 4 hours, RPO 1 hour.
A documented incident-response process with named owners, severity classification, communication templates for affected tenants and post-incident review. Security disclosures: security@taskyinn.sa.
The regulators that matter for a Saudi PMS — and where we stand against each.
Listed Phase-2 e-invoicing service provider. UBL 2.1 XML, cryptographic signature, QR code, real-time clearance/reporting.
Data residency, consent records, subject-access workflow, DPO contact: privacy@taskyinn.sa.
Auto-registration of every guest at check-in; locked identity fields for already-verified guests.
Nightly occupancy reporting submitted automatically. Rooms-scope only; POS lines are out of NTMP scope.
Mada, Apple Pay, STC Pay, Visa, Mastercard, Tamara and Tabby — all SAMA-licensed.
Type-1 readiness work underway 2026; target report 2027. Available on the Enterprise plan when ready.
For procurement reviews, DPAs, infrastructure diagrams or to report a vulnerability, write to:
security@taskyinn.saWe will share the artefacts your procurement team needs and answer the questions your CISO will ask.