Security
Security & data protection
- Per-hotel data isolation
- Encrypted in transit & at rest
- DPDP-aware
- GST-native invoicing
Multi-tenancy
Each hotel's data is isolated from every other hotel's; tenant scoping is enforced in the data layer, not left to application discipline alone.
Encryption
All traffic runs over TLS. Sensitive secrets — payment-gateway credentials and AI provider keys — are envelope-encrypted at rest.
Authentication
Staff sign in with short-lived JWT access tokens plus a rotating refresh token; credentials are bcrypt-hashed. Guests verify direct bookings with a one-time password.
Payments
Guest payments route to each hotel's own Razorpay account — Cnykra does not hold guest card data.
Data protection & DPDP
Cnykra acts as a Data Processor for guest data and a Data Fiduciary for hotel account data under India's Digital Personal Data Protection Act. See our privacy policy and data processing overview. Guest data export and erasure tooling is built in.
Reporting a concern
Email connect@cnykra.com to report a security concern.