We built Caterbook to be compliant from day 1. When our Qualified Security Asessor took his first look at our system architecture he was struck by how innovative our approach is. We don't transmit, store or process any card data on our network at all. It's all done externally meaning we only ever receive tokenised data in Caterbook. This reduces the scope of our compliance, and in turn minimises your risk.
By adhering to good data management principles and practices for our PCI accreditation, you can rest assured that our approach to the GDPR is similarly rigorous.
Your guest's Personally Identifiable Information is only stored where needed - in the booking record. We redact our OTA logs to minimise your data footprint.