CNYKRA

Security

Security & data protection

Multi-tenancy

Each hotel's data is isolated from every other hotel's; tenant scoping is enforced in the data layer, not left to application discipline alone.

Encryption

All traffic runs over TLS. Sensitive secrets — payment-gateway credentials and AI provider keys — are envelope-encrypted at rest.

Authentication

Staff sign in with short-lived JWT access tokens plus a rotating refresh token; credentials are bcrypt-hashed. Guests verify direct bookings with a one-time password.

Payments

Guest payments route to each hotel's own Razorpay account — Cnykra does not hold guest card data.

Data protection & DPDP

Cnykra acts as a Data Processor for guest data and a Data Fiduciary for hotel account data under India's Digital Personal Data Protection Act. See our privacy policy and data processing overview. Guest data export and erasure tooling is built in.

Reporting a concern

Email [email protected] to report a security concern.

Give your hotel its operating system

Start free in 2 minutes — live the same day.

Start free trial