Skip Navigation

Security Policy

Word count: 975 - Reading Time: 5 min

Last Updated On 12th January 2023

At HotelCrux, we are committed to maintaining the security and confidentiality of our user’s personal and sensitive information. We have implemented several measures to ensure the security of our website and systems. In this security policy, we outline the steps we have taken to protect our website and our users’ data.

Measures Implemented

We have implemented a number of measures to enhance our cybersecurity posture and ensure compliance with relevant regulations and standards. These measures include security and regulatory frameworks such as ISO 27001, the GDPR, the NIST Cybersecurity Framework (CSF), and the SANS Critical Security Controls (CSC), as well as web security measures such as DNSsec, hashing for data integrity and security, and the addition of security headers.

Security Frameworks

Adoption of SANS Critical Security Controls (CSC)

We have adopted the SANS Critical Security Controls (CSC) as part of our security policy in order to enhance our defenses against cyber threats. The CSC provide a set of recommended actions that we follow in order to protect our systems and data from potential vulnerabilities and attacks. These controls cover a wide range of areas including asset management, incident response, and network security, and help us to ensure the confidentiality, integrity, and availability of our systems and data. By following the CSC, we can effectively manage and reduce cybersecurity risks and maintain a strong security posture.

Implementation of NIST Cybersecurity Framework (CSF)

We have implemented the NIST Cybersecurity Framework (CSF) to enhance our cybersecurity posture and protect against cyber threats. The CSF provides a set of guidelines and best practices that we follow to manage and reduce cybersecurity risks. It covers a wide range of areas including asset management, incident response, and network security. Adhering to the CSF helps us to ensure the confidentiality, integrity, and availability of our systems and data.

Adherence to ISO 27001

We have implemented policies, procedures, and controls to ensure that our systems and processes are secure and compliant with this international standard for information security management.

Implementation of GDPR guidelines

We have implemented measures to ensure compliance with the General Data Protection Regulation (GDPR) and to protect and handle our users’ data in accordance with these guidelines.

Web Security Measures

Hashing for Data Integrity and Security

To ensure the security and integrity of the code on our website, we employ hashing to protect all scripts. Hashing is a process that takes data and converts it into a unique, fixed-size value called a hash. This allows us to verify the integrity of our scripts without storing the actual data.

To encrypt our scripts, we use the SHA-256 (Secure Hash Algorithm 256-bit), a widely-used and secure hashing algorithm that makes it difficult for attackers to alter the scripts without being detected.

Implementation of robust website security measures

We have implemented several security headers in our raw header files to help protect our website and our users’ data, including:

Use of DNSsec

By implementing DNSsec, we can ensure the authenticity and integrity of our DNS records. These records contain important information that directs traffic to the correct website or server. Using DNSsec allows us to verify that the DNS records have not been tampered with or altered, helping to protect our website and the data of our users.

Additionally, DNSsec can help to prevent certain types of cyber attacks, such as DNS spoofing and cache poisoning, by using cryptographic signatures to verify the authenticity of DNS records.

Other Measures

Encrypting Messages

To ensure the confidentiality of sensitive information, we have implemented encryption. In addition to encryption, we also use secure communication methods wherever available to further protect sensitive information. This includes using secure protocols for email and messaging, as well as secure connections for accessing and transferring data.

If you have any security concerns or need to report a vulnerability, you can use the provided PGP key to communicate with us securely. Avoid encrypting the subject of your message to prevent potential issues with message processing.



Fingerprint: B279 5315 A6F9 99E2 9289  6906 DE32 893B AA96 EB7A

Bug Bounty Program

We value the security and integrity of our website and systems and offer a bug bounty program to reward individuals who help us identify and fix vulnerabilities in our website. View our Bug Bounty Program for more information on how you can participate.

Contact Us

If you have any questions or concerns about our security policy or the measures we have implemented, please do not hesitate to contact us.