PII encryption at rest
Personal data (passport no., date of birth, address) AES-256-GCM encrypted. HMAC search hashes for lookup without cleartext indices.
Security & compliance
Built for sensitive travel data.
TourCore processes bookings, passports and health data. Security is not an afterthought but architecture — from the database column to the audit log.
Tenant isolation
Every tenant has a logical data partition with tenant-id on every relevant table + repository-layer enforcement. Cross-tenant leaks technically excluded.
GDPR Art. 28 — DPA / TOM
Data-processing agreements with sub-processors (e.g. Traffics) plus TOM documentation. EU/EEA-only processing, Hetzner Falkenstein.
Audit log on every mutation
Every PII-related action goes into the access log with user, time and affected record. Forensically queryable.
Retention & GDPR Art. 17
Retention configurable per data class. Deletion requests run as a workflow; anonymisation rather than hard-delete for legally-required records (German GoBD, §147 AO).
Sub-processor transparency
Full list of sub-processors incl. seat, purpose and data category. Changes announced in advance with right to object.
- Where is our data hosted?
- Hetzner data centre in Falkenstein, Germany. Backups encrypted, also in the EU.
- Do we get a DPA?
- Yes — standard contract on onboarding, with tenant-specific amendments where needed.
- How is health data (wellness) handled?
- GDPR Art. 9 sensitive data — encrypted at rest, separate audit log, explicit consent records per data point.
- Are there penetration tests?
- Yes — external, yearly. Report available under NDA.
Questions about data architecture, DPA or TOM?
We share technical details and contractual documents before contract signing.