Data Security

We are committed to protecting our customer’s data by implementing robust security controls across people, processes, and technology. This page provides a comprehensive overview of our security practices to safeguard your information, creating a secure and smooth experience for our valued customers.

Security Components

Our security strategy comprises various components to ensure a robust and comprehensive approach to safeguarding data and operations:
  1. Organisational Security
  2. Physical Security
  3. Logical Access Control
  4. Data Security
  5. Network Security
  6. Operational Security
  7. Incident Response
  8. Change Management
  9. Vendor and Third-Party Supplier Management
  10. Customer Security Controls
  1. Organisational Security
    Security Policies and Procedures

    moonstride maintains a set of robust security policies and procedures to guide the Organisation and its employees in adhering to the highest standards of security practices. Our policies are reviewed and updated regularly to ensure that they are up-to-date with the latest threats and regulations.

    Awareness Training

    Upon onboarding, every employee signs a confidentiality agreement and an acceptable use policy. Following this, they undergo comprehensive training in information security. To further enhance awareness, we regularly share security best practices through posts and blogs. We actively encourage our employees to report any suspicious activities, fostering a vigilant and secure working environment.

    Device Security

    moonstride implements advanced endpoint security measures to protect devices from potential security threats. This includes robust antivirus software, spam protection, and the blocking of removable media to enhance overall endpoint security. Additionally, we enforce device encryption to prevent unauthorised access in the unfortunate event of theft.

    Company devices storing confidential data undergo secure disposal, with thorough formatting and data erasure before reuse. In cases of decommissioned devices, hard drives are physically destroyed before disposal.

    Internal Audit and compliance

    Our compliance team regularly review our security controls and procedures. We also conduct regular internal and external audits to ensure that we are compliant with industry standards.
  2. Physical Security
    Staff Access

    Access to moonstride’s physical premises is strictly controlled, with security measures such as access cards or access fobs and 24/7 surveillance to prevent unauthorised access.

    Data Centre Access

    Our cloud servers, hosted in trusted data centres globally, adhere to stringent physical security standards, including restricted perimeters, biometric or badge access control, and continuous monitoring by security personnel.
  3. Logical Access Control
    Robust Authentication:

    A distinctive combination of a unique username, password, and MFA code is utilised to restrict front-end and back-end access to the production environment. Login is facilitated through the cloud provider’s Single Sign-On (SSO) environment.

    Role-Based Access Control (RBAC):

    User permissions are strictly managed using Identity and Access Management (IAM) to enforce the principle of least privilege, ensuring users have only the minimum access needed for their job functions.

    Access Review

    moonstride conducts quarterly access reviews of employees, administrators, and service accounts to ensure access is limited to systems required for their job function. Access reviews are documented, and any access deemed inactive or no longer required is identified and disabled.
  4. Data Security
    Encryption

    • In transit:
      Your connection to our website is fortified with SSL encryption, as indicated by the padlock symbol in your address bar. We employ the latest cipher suites to safeguard your data against evolving online threats.
    • At Rest:
      Your sensitive data is encrypted at rest using the cloud provider’s Key Management Service (KMS). The encryption method we use is the widely trusted Advanced Encryption Standard (AES) with a robust key size of 256 bits.

    Data Retention

    We retain your account data for as long as you use our services to ensure seamless continuity. Upon account termination, your data is securely retained for 90 days before being permanently deleted from our active databases.

    Data Isolation

    Our infrastructure is designed to distribute and maintain cloud space for each customer, ensuring that the service data of individual customers remains logically separated from one another. This means that your data remains confidential and is accessible only to you.

    Credit Card Safety

    Rest assured that your credit card information is never stored on moonstride’s systems. We act as a facilitator for payment integration, bridging the connection between our customers and their respective merchant account providers or card acquirers. Once the booking details are transferred to them for payment processing, it is the responsibility of the provider or acquirer to ensure the security of the transaction.
  5. Infrastructure Security

    moonstride’s security posture takes a multi-layered, defence-in-depth approach to safeguard its infrastructure and data.

    At Network Layer, incoming requests are routed through a leading DNS provider, concealing the underlying infrastructure’s identity. Advanced security features such as proxy, SSL encryption and Web Application Firewall (WAF) are enabled to protect against DDoS attacks and other intrusions at the DNS and network level.

    At the Application Layer, a robust intrusion detection system continuously monitors for suspicious activity. Only whitelisted remote hosts can connect on specific ports, like SSH or RDP, for controlled access. moonstride’s core applications and services are further siloed within this layer for secure internal communication.

    At the Data Storage Layer, data is stored in a managed database service within its isolated network. Databases are kept private and shielded by security groups, permitting access only from authorised hosts or networks.

    Further, we undergo regular security assessments and implement ongoing improvements to ensure the protection of our systems and user data.

  6. Operational Security
    Logging and monitoring

    Our storage servers meticulously log every data interaction, providing a clear picture of who accessed what and when. We securely retain logs from cloud servers, firewalls, and VPC Flow, offering valuable insights into network activity and potential threats. Every system event, user activity, and application-specific log is captured and analysed, leaving no corner unmonitored. We automate responses powered by serverless technologies to ensure a prompt incident response. This comprehensive data collection fuels effective issue resolution, making troubleshooting swift and precise.

    Vulnerability Scanning

    moonstride prioritises security through proactive vulnerability management. Regular scans of containers, cloud instances, and web applications, powered by trusted tools and a dedicated team, identify and address potential issues promptly, ensuring your data rests in a constantly fortified environment.

    Backups and Recovery

    Backups are encrypted using powerful AES-256 encryption and stored in a protected cloud storage bucket. Production databases benefit from both real-time incremental backups and full backups every 8 hours, ensuring thorough data protection.

    We maintain database backups for 15 days. Data recovery follows a clear process, including identifying the desired backup point, initiating restoration through cloud services, and verifying successful data retrieval.

    Business Continuity

    Our detailed disaster recovery plan outlines critical functions, infrastructure components, and recovery procedures, defining Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO) to guide our response. We conduct regular walkthroughs and simulations to validate our plan’s effectiveness and ensure our team is ready to act in the event of system failures.
  7. Incident Response

    moonstride has a tailored Incident Response Plan (IRP) that specifies containment procedures, escalation protocols, and communication strategies. We regularly review and update our IRP and test its effectiveness through tabletop exercises. Our Incident Response Team (IRT) is comprised of experts in security, networking, and communications. We maintain detailed records of incidents for post-analysis and improvement.

    To report a security incident, use the help centre contact form.

    We are committed to keeping moonstride safe for everyone.

  8. Change Management
    Secure Development:

    Our change control procedures, meticulously documented through a ticketing system, cover initiation processes, development practices, necessary approvals, and test results. Furthermore, our development and testing activities are conducted in an environment that is logically separated from the production environment to uphold the integrity of your data.

    Version Control:

    We employ version control software to effectively maintain source code versions, track changes, and facilitate rollback capabilities. moonstride utilises build management and Continuous Integration/Continuous Deployment (CI/CD) service to automate the build and deployment process for controlled and reliable updates.
  9. Vendor and Third-Party Supplier Management
    Vendor Selection:

    We conduct thorough evaluations to assess our vendor’s security posture, including their data handling practices, incident response plans, and adherence to industry best practices.

    Secure Third-Party Relationships:

    Access to moonstride systems and data is strictly controlled and limited to authorised personnel using Identity and Access Management. Data shared with or stored by vendors is subject to strict security measures like encryption, data masking, and secure transmission protocols. We implement multi-factor authentication, role-based access controls, and access logging to further restrict access and track activity.

    Vendor responsibilities for data security, incident reporting, and compliance with our security policies are clearly defined in service contracts. To ensure ongoing adherence to our security standards, regular security audits and reviews of vendor practices are conducted.

  10. Customer Security Controls
    Here are the 10 sets of controls that you can follow:
    1. Create complex passwords and avoid using personal information.
    2. Use a reputable password manager to store and manage your passwords securely.
    3. Enable the MFA option provided by moonstride to add an extra layer of protection.
    4. Regularly install the latest security patches and updates for your operating system and applications.
    5. Utilise antivirus and anti-malware software to safeguard your devices from viruses, malware, and other threats.
    6. Connect to trusted Wi-Fi networks and consider using a VPN for additional protection, especially on public Wi-Fi
    7. Never click on links or open attachments from unknown senders and double-check the email address and website URLs to ensure they are legitimate.
    8. Review your account activity regularly for unauthorised transactions or changes and report any suspicious activity to moonstride’s support team.
    9. Update your moonstride account security settings regularly to align with your current needs.
    10. Keep up with security updates, subscribe to moonstride’s security advisories and newsletters to stay informed about potential threats and vulnerabilities.
    At moonstride, we prioritise the security of data and operations, continuously striving to create a resilient and secure environment for our customers, clients, and partners.
Make Your Business Better with moonstride

Are You Ready?
Still have Questions?

Schedule a call to discover moonstride
Request a Demo

Subscribe to Our Newsletter

Stay up-to-date with the latest travel CRM news and insights.

You don't have credit card details available. You will be redirected to update payment method page. Click OK to continue.