Security at DynamiPrix

At DynamiPrix, security is not an afterthought — it is a foundational principle built into every layer of our platform. We understand that when you connect DynamiPrix to your booking system, you are placing significant trust in us to handle your business data responsibly. We take that responsibility seriously.

This page describes the technical and organisational measures we have in place to protect your data and maintain the integrity and availability of our Service.

All data exchanged between your browser and our servers is encrypted in transit using Transport Layer Security (TLS) 1.2 or higher. We enforce HTTPS across all our web properties and reject unencrypted connections.

Data stored on our servers — including your booking history, pricing configuration, and account information — is encrypted at rest using AES-256 encryption. Database backups are also encrypted and stored in geographically separate locations.

We minimise the data we collect and retain. We do not store your customers' payment card information. Payment processing is handled by PCI DSS-compliant third-party providers.

We support and encourage the use of strong, unique passwords for all DynamiPrix accounts. Passwords are hashed using industry-standard algorithms (bcrypt) and are never stored in plain text.

We offer multi-factor authentication (MFA) for all accounts and strongly recommend enabling it. MFA adds a critical additional layer of protection against unauthorised access.

Third-party booking platform integrations are authenticated using OAuth 2.0, meaning we never store your booking platform passwords. Access tokens are encrypted and scoped to the minimum permissions required to provide the Service.

Internal access to customer data by DynamiPrix staff is restricted on a need-to-know basis, enforced through role-based access controls, and subject to audit logging.

DynamiPrix is hosted on cloud infrastructure that holds SOC 2 Type II certification, providing independent assurance of controls related to security, availability, and confidentiality.

Our infrastructure is protected by network firewalls, intrusion detection systems, and DDoS mitigation. We operate in multiple availability zones to ensure high availability and resilience against hardware failures.

We apply security patches and updates to our infrastructure and dependencies on a regular basis, with critical security patches applied as a priority.

We carefully evaluate the security practices of all third-party service providers before engaging them. We require that providers handling personal data sign data processing agreements and demonstrate compliance with applicable data protection standards.

Our key infrastructure and service providers include cloud hosting, payment processing, email delivery, and analytics services — all of which are subject to regular review.

We maintain a documented security incident response plan that is regularly reviewed and tested. In the event of a confirmed security incident affecting your data, we will:

Notify affected customers without undue delay, and within 72 hours where required by UK GDPR.

Provide clear information about what data was affected, what steps we have taken to contain the incident, and what actions we recommend you take.

Report the incident to the Information Commissioner's Office (ICO) as required by law.

Conduct a post-incident review to identify root causes and implement measures to prevent recurrence.

We welcome responsible disclosure of security vulnerabilities. If you believe you have discovered a security issue in our platform, please report it to us at [email protected].

Please provide as much detail as possible, including steps to reproduce the issue, the potential impact, and any proof-of-concept code. We ask that you do not publicly disclose the vulnerability until we have had a reasonable opportunity to investigate and address it.

We will acknowledge your report within 48 hours and aim to provide a resolution timeline within 5 business days. We do not currently operate a formal bug bounty programme, but we genuinely appreciate responsible disclosures and will acknowledge your contribution.

DynamiPrix operates in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We maintain records of our data processing activities and conduct Data Protection Impact Assessments (DPIAs) for high-risk processing activities.

We are committed to achieving and maintaining recognised security certifications as our business scales. If you have specific compliance requirements (such as ISO 27001 or Cyber Essentials), please contact us at [email protected] to discuss your needs.

For security-related enquiries, vulnerability reports, or to request our security documentation, please contact:

**DynamiPrix Limited** Registered in England & Wales Company Number: 17158148 Security: [email protected] Privacy: [email protected] Website: dynamiprix.com