SECURITY & COMPLIANCE

Under the marketing,
a secure foundation.

Guest data is sensitive. Useroam is built on encryption, access control, consent-based data and compliant logging.

Data hosting

Guest data and access records are hosted on dedicated infrastructure. Where local law requires it, access logs are kept as signed, timestamped records for the mandated retention period.

Encryption

All traffic is encrypted with TLS; the admin panel and API run over HTTPS.

Access control

Admin access is protected with 2FA, and role-based permissions apply across partner and staff accounts. Critical actions are logged for audit.

Consent-first data

Guests are informed on the welcome screen; marketing consent is captured separately and kept auditable. Campaigns only reach guests who explicitly opted in.

Backups & continuity

Data is backed up regularly and service availability is monitored.

Subprocessors

Subprocessors, including SMS/WhatsApp providers and hosting, are bound by contract; a current list is available on request.

Frequently asked questions

Where is my data stored?
On dedicated infrastructure, with compliant guest logging applied where local regulations require it.
Can I get a DPA?
Yes. A Data Processing Agreement and subprocessor list are available for business customers on request: support@useroam.com
Who owns the guest data?
You do. The permissioned guest data you collect belongs to your business; you can export it or request deletion.

Talk to our team.

Reach us for a DPA, subprocessor list or any security question.