Security and Data Protection

Travona is built with security at every layer. Your operational data, guest information, and financial records are protected by modern infrastructure and strict access controls.

Data Protection

  • All data encrypted in transit (TLS 1.2+) and at rest
  • Database backups with point-in-time recovery
  • In-country data centres available for jurisdictions that require it
  • Regular security assessments and vulnerability scanning

Access Control

  • Role-based access with granular permissions (admin, editor, custom roles)
  • JWT-based authentication with secure session management
  • Password policies enforced (12+ characters, complexity requirements)
  • Audit logging for sensitive operations

Infrastructure

  • Hosted on hardened Linux servers with automated patching
  • Nginx reverse proxy with SSL termination and security headers
  • Rate limiting on all public-facing endpoints
  • DDoS protection and firewall rules

Compliance

  • Adaptable to country-specific data protection regulations
  • Supports GDPR data subject rights (access, deletion, portability)
  • Compatible with Uganda DPA 2019, Rwanda Law 058/2021, and international frameworks
  • Tax and fiscal compliance integrations for multiple jurisdictions

Operational Security

  • Environment variables for all secrets (never hardcoded)
  • Honeypot and timing-based spam protection on public forms
  • Secure password hashing with bcrypt (12+ rounds)
  • Session tokens with configurable expiry

Questions About Security?

Contact our team to discuss security requirements for your deployment.

Contact Us

Travona AI

Powered by AI — always available