Security & Trust Center

Your guests trust you with sensitive information. We take that responsibility seriously.

Best Guest helps accommodation providers collect, process, and manage guest registration data securely, with privacy and compliance built into the platform from the beginning.

This page explains what data we process, how we protect it, and the principles we follow to maintain trust.

Designed for Privacy by Default

Our platform processes guest registration and accommodation-related information required for check-in and operational compliance.

Depending on usage, this may include:

  • Guest identity information
  • Home address information
  • Passport or identity document numbers
  • Arrival and departure details
  • Digital signatures
  • Reservation-related metadata

We collect and process only the information necessary to provide our services and fulfill accommodation-related obligations, such as foreigner registration and accommodation tax reporting.

Data Protection Architecture

Security is implemented across every layer of the platform.

Encryption at Rest

Sensitive data stored in our infrastructure is encrypted at rest using industry-standard encryption practices.

Database storage is isolated and encrypted independently from application services to reduce exposure and minimize risk.

Key Separation & Controlled Access

Encryption keys are protected separately from the data they secure.

Application services retrieve access credentials only when required for secure processing and do not permanently retain sensitive encryption materials. Sensitive keys are not cached unnecessarily.

This layered approach reduces the risk of unauthorized access and limits exposure even in the event of a partial infrastructure compromise.

Encryption in Transit

All communication with Best Guest is protected using HTTPS encryption. Data transmitted between guests, hosts, and platform services is encrypted while in transit.

Access Controls and Account Security

Access to guest data follows strict authorization rules. Users can only access information they are permitted to view.

For example:

  • Guests can only view information they personally submitted.
  • Guests traveling together cannot automatically access one another’s registration data — each guest’s record is only shared with another guest through an explicit invitation.
  • Hosts can access only the information required to operate their accommodation. Teams can assign role-based permissions (owner, manager, member, or cleaner) so staff only see what their role requires.

Authentication is required before access to any protected system. Current authentication methods include:

  • One-time verification codes for guest access
  • Email and password authentication for hosts

Data Minimization and Responsible Processing

We believe trust starts with transparency.

We aim to collect only the data necessary to operate the service and comply with applicable accommodation requirements. We do not process personal information for unrelated purposes.

We evaluate retention periods based on legal obligations, operational requirements, and privacy principles.

GDPR and Compliance

Best Guest is developed with European privacy expectations in mind. Our approach includes:

  • Data minimization
  • Purpose limitation
  • Access controls
  • Secure storage and transmission within the EU
  • Controlled processing of personal information

Where required, we support accommodation providers in meeting local operational and reporting obligations, such as foreigner registration (Ubyport) and accommodation tax. For details on what we collect and why, see our Privacy Policy.

Security Is an Ongoing Process

Security is not a one-time feature — it is an ongoing commitment.

We continuously review platform architecture, operational practices, and access controls to maintain a secure and trustworthy environment for accommodation providers and their guests.

Questions about security, privacy, or compliance? Contact us at privacy@bestguest.cz and we’ll be happy to help.