Security | Reserly

Security & Data Protection

Last updated: December 17, 2025

Our Commitment to Security

At Reserly, we take the security of your data seriously. As a booking management platform trusted by businesses and their customers, we implement comprehensive security measures to protect your information and ensure the reliable operation of our services.

This document outlines our security practices, data protection measures, and your rights regarding the security of your information on our platform.

Data Security Measures

Infrastructure Security

  • Cloud Infrastructure: Reserly is hosted on Amazon Web Services (AWS), which provides enterprise-grade security with SOC 2 Type II certification and ISO 27001 compliance.
  • Data Encryption: All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption.
  • Network Security: Our infrastructure uses firewalls, intrusion detection systems, and regular security monitoring to prevent unauthorized access.
  • Regular Backups: Automated daily backups with point-in-time recovery capabilities to ensure data availability and integrity.

Application Security

  • Authentication: We use Firebase Authentication, a Google-backed service that provides secure user authentication with industry-standard security protocols.
  • Multi-Tenant Architecture: Each business's data is isolated using separate database schemas, ensuring complete data separation between workspaces.
  • Access Controls: Role-based access control (RBAC) ensures users can only access data and features appropriate to their role within your organization.
  • Input Validation: All user inputs are validated and sanitized to prevent injection attacks and other security vulnerabilities.
  • CSRF Protection: Cross-Site Request Forgery protection is implemented across all forms and sensitive operations.

Data Protection & Privacy

Data Isolation

Each business workspace operates in complete isolation from others. Your customer data, booking information, and business settings are stored in dedicated database schemas that are inaccessible to other Reserly users.

Data Processing

  • Minimal Data Collection: We only collect data necessary to provide and improve our booking management services.
  • Purpose Limitation: Your data is only used for the specific purposes outlined in our Privacy Policy.
  • Data Retention: We retain data only as long as necessary for business operations and legal requirements.
  • Right to Deletion: You can request deletion of your data at any time through your account settings or by contacting our support team.

Customer Data Protection

When you use Reserly to manage bookings, you're acting as a data controller for your customer information. We serve as a data processor, implementing appropriate technical and organizational measures to protect your customers' personal data in accordance with applicable privacy laws including GDPR and CCPA.

Compliance & Standards

Privacy Regulations

  • GDPR Compliance: For European users, we comply with the General Data Protection Regulation, including data subject rights and consent requirements.
  • CCPA Compliance: For California residents, we comply with the California Consumer Privacy Act, including rights to know, delete, and opt-out.
  • Data Processing Agreements: We provide Data Processing Agreements (DPAs) for business customers who need them for compliance purposes.

Security Standards

  • Industry Best Practices: We follow OWASP security guidelines and maintain secure coding practices.
  • Regular Security Assessments: Periodic security audits and vulnerability assessments to identify and address potential risks.
  • Security Monitoring: 24/7 monitoring for security incidents and automated alerting systems.

Incident Response

Security Incident Management

In the unlikely event of a security incident, we have established procedures to:

  • Immediately contain and assess the scope of any security incident
  • Notify affected users within 72 hours when required by law
  • Work with relevant authorities and security experts to investigate and resolve issues
  • Implement additional safeguards to prevent similar incidents in the future
  • Provide transparent communication about the incident and our response

Business Continuity

We maintain business continuity and disaster recovery plans to ensure service availability. Our infrastructure includes redundancy and failover capabilities to minimize service disruption.

Your Role in Security

Account Security Best Practices

While we implement strong security measures, you also play an important role in keeping your account secure:

  • Strong Passwords: Use unique, complex passwords for your Reserly account and enable two-factor authentication when available.
  • Secure Access: Always log out of shared computers and avoid accessing your account on public or unsecured networks.
  • Regular Monitoring: Review your account activity regularly and report any suspicious activity immediately.
  • Software Updates: Keep your browser and devices updated with the latest security patches.
  • Phishing Awareness: Be cautious of emails or messages asking for your login credentials. Reserly will never ask for your password via email.

Workspace Security

As a workspace administrator, you can enhance security by managing user permissions appropriately, regularly reviewing team member access, and promptly removing access for team members who no longer need it.

Responsible Disclosure

If you discover a security vulnerability in Reserly, we encourage responsible disclosure. Please contact our security team directly rather than posting publicly:

Security Contact:

Email: security@reserly.com

We aim to respond to security reports within 24 hours and will work with you to understand and address the issue promptly.

Third-Party Service Security

Reserly integrates with trusted third-party services to provide our functionality. All third-party services are carefully vetted for security and compliance:

  • Firebase Authentication: Google's enterprise-grade authentication service with SOC 2 Type II compliance
  • AWS Infrastructure: Industry-leading cloud infrastructure with comprehensive security certifications
  • Payment Processing: When payment features are enabled, we partner only with PCI DSS compliant payment processors

We regularly review our third-party integrations to ensure they continue to meet our security standards.

Security Questions & Support

If you have questions about our security practices or need assistance with security-related issues:

  • General Security Questions: Contact our support team through your Reserly dashboard or email support@reserly.com
  • Security Incidents: Report immediately to security@reserly.com
  • Data Protection Requests: Email privacy@reserly.com for GDPR/CCPA requests or data processing questions

Updates to This Document

We may update this Security document periodically to reflect changes in our security practices or legal requirements. We will notify users of significant changes through our platform or via email. Continued use of Reserly after such changes constitutes acceptance of the updated security practices.