PCI Compliance

We take data security seriously. We outsource our PCI compliance to a QSA where others self-certify.

Because we don't take risks with data

We built Caterbook to be compliant from day 1. When  our Qualified Security Asessor took his first look at our system architecture he was struck by how innovative our approach is. We don't transmit, store or process any card data on our network at all. It's all done externally meaning we only ever receive tokenised data in Caterbook. This reduces the scope of our compliance, and in turn minimises your risk.
By adhering to good data management principles and practices for our PCI accreditation, you can rest assured that our approach to the GDPR is similarly rigorous.

Your guest's Personally Identifiable Information is only stored where needed - in the booking record. We redact our OTA logs to minimise your data footprint.
To review our most recent PCI DSS Attestation of compliance, please click the link here.