We built Caterbook to be compliant from day 1. We don't transmit, store or process any card data on our network. It's all done externally meaning we only ever receive tokenised data in Caterbook. This reduces the scope of our compliance, and in turn minimises your risk.
By adhering to good data management principles and practices for our PCI accreditation, you can rest assured that our approach to the GDPR is similarly rigorous.
Your guest's Personally Identifiable Information is only stored where needed - in the booking record. We redact our OTA logs to minimise your data footprint.