Please visit our new help center at help.thinkreservations.comYou can also access this by clicking the ? button inside ThinkReservations.

ThinkReservations Security


Is ThinkReservations PCI Compliant?

PCI Compliance and security are extremely important to us at ThinkReservations. ThinkReservations is PCI v3.2.1 compliant, which means we are fully compliant through an external audit. ThinkReservations is responsible for the security of cardholder data that we store, process, or transmit on behalf of the customer.

It's also important to note that any lodging business that handles credit cards also has to be PCI compliant. PCI compliance is something that typically your payment processor will help you with. Most companies partner with a PCI DSS compliance company to assist the property. It is very technical, and a lot of our smaller customers experience some concerns, so it's important to work with your payment processor compliance company. They are educated on this topic and equipped to walk you through the process. It's important to go through the PCI compliance process to ensure your business is compliant. Even though you don't store credit card information in the system, you still take credit card numbers over the phone and type them into a computer --- so PCI compliance comes into play.

How Safe is my Data Online?

ThinkReservations was built with redundancy in mind.  Your data is stored on our database, which has an up-to-the-moment back up copy that exists in a completely different data center.  We have systems in place to automatically "failover" to the backup copy if the original database server has any issue.  Every night, the entire data set (including your data!) is backed up and stored with 99.999999999% durability.  Even the backups are stored across multiple data centers to make sure they are always available.  Suffice to say, your data is very safe!

Is ThinkReservations ADA Compliant?

Regarding ADA compliance, ThinkReservations has implemented various changes to the Booking Engine to achieve substantial conformance with accessibility guidelines.  This includes ALT Tags for images and the ability to mark certain rooms as 'ADA accessible.' Does this mean that ThinkReservations is 100% compliant? Technically, it is impossible to be 100% compliant as some of the standards are still not defined and have proven in court to be interpreted differently. Instead, with these changes, we are achieving substantial conformance with the recommended guidelines. Continuing to improve and remain accessible is important to us. With that regard, we are working with a third-party assessor to perform manual reviews of the Booking Engine to continue staying up to date with the accessibility guidelines. Please note that the business still has the responsibility to take advantage of these features made available to them in ThinkReservations, such as setting appropriate alt text for images. Reach more about that here.

Is ThinkReservations GDPR Compliant?

The General Data Protection Regulation (GDPR) is an EU law that will change how organizations deal with the personal data of EU citizens. It went into effect on May 25, 2018. While it was built for EU citizens, it can affect any organization that does business in the EU.

ThinkReservations has made the following changes to help ensure that we are in compliance with GDPR:

  • The checkbox where guests agree to be sent marketing materials is now by default unchecked in the Booking Engine. Guests must now click to select the checkbox to agree to receive marketing materials.
  • Reservations made through the OTAs will, by default, have the checkbox for agreeing to marketing emails be unchecked. You will have to confirm with these guests when they arrive at your property whether they would like to receive marketing or promotional materials.
  • We have made your Privacy Policy editable. You can now define your Privacy Policy to ensure you are compliant with GDPR. To find the URL to your privacy policy or to modify it, please go to Settings -> Business Settings.
  • Additionally, ThinkReservations has reviewed our policies on the guests' "right to be forgotten." If a guest requests to be forgotten, you can open the Customer profile and click the "Delete" button. When you do this, the customer data is permanently removed from our servers. Please know that the reservations for that guest will continue to exist without a customer associated.

How does ThinkReservations help protect against bot attacks?

A bot attack is the use of automatic web requests to manipulate, defraud, or disrupt a website, application, API, or end-users.  ThinkReservations protects against bot attacks using a variety of techniques.

Our web forms (booking engine, gift certificate pipeline, etc) use reCAPTCHA to distinguish between human activity and bot activity.  reCAPTCHA uses an advanced risk analysis engine and adaptive challenges to keep malicious software from engaging in abusive activities on your website.

Additionally, the forms are fronted by a WAF (web application firewall that is constantly monitoring and blocking inappropriate traffic that represents a bot attack.

Protecting the privacy of our customers and your guests is important to us. We are glad to make these changes to help ensure your business and our business stays in compliance.

If you have any questions, please reach out to support!

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.