Skip to main content
Cendra is built with data privacy and security at its core. Guest data is encrypted in transit and at rest, access is controlled through role-based permissions, and AI agents only use information you explicitly provide — Cendra never trains on your guest data.

Data Privacy Principles

PrincipleHow Cendra implements it
Data minimizationCendra only syncs data needed for guest communication — no unnecessary data collection
Purpose limitationGuest data is used exclusively for communication and property management — never sold or shared
No AI training on your dataCendra’s AI does not use your guest conversations or property data to train models
Data isolationEach workspace is fully isolated — no data leaks between workspaces or customers
Right to deletionGuest data can be deleted on request in compliance with privacy regulations

Security Architecture

Encryption

  • In transit — all data is encrypted using TLS 1.2+ between your browser, Cendra’s servers, and third-party integrations
  • At rest — guest data and property information are encrypted at rest in Cendra’s database
  • API keys — PMS credentials and API keys are stored in Azure Key Vault, encrypted and access-controlled

Authentication

  • Auth0 — Cendra uses Auth0 for authentication, supporting email/password, Google OAuth, and Microsoft OAuth
  • Multi-factor authentication — available through Auth0 for additional account security
  • Organization isolation — each workspace is tied to an Auth0 organization, ensuring complete tenant separation

Access Control

  • Role-based permissions (RBAC) — 14 resources with 4 action types (view, edit, create, delete) per role. Learn more →
  • Property-level access — restrict team members to specific properties
  • Audit trail — track who accessed what and when

Infrastructure

  • Cloud hosting — Cendra runs on Microsoft Azure with enterprise-grade infrastructure
  • Kubernetes (AKS) — containerized microservices with automatic scaling and health monitoring
  • Separate environments — development, pre-production, and production environments are fully isolated
  • Automated backups — database backups with point-in-time recovery

AI Safety

How Cendra’s AI Handles Guest Data

Cendra’s AI agents are designed with safety guardrails:
  • Grounded responses only — AI responses are based exclusively on your knowledge base and PMS data. Cendra does not hallucinate or invent information.
  • No data retention by AI models — guest conversations sent to AI models for response generation are not stored or used for training
  • Configurable guardrails — define what the AI can and cannot discuss using AI Rules
  • Human oversight — all AI responses can be reviewed before sending in semi-automated mode
  • Escalation rules — sensitive topics automatically route to human team members

What the AI Can and Cannot Access

DataAI access
Property knowledge baseYes — this is what the AI uses to answer questions
Guest reservation detailsYes — check-in dates, property, guest name (for personalization)
Guest payment informationNo — AI never sees or handles payment card data
Internal team messagesNo — AI only sees guest-facing conversations
Other workspace dataNo — AI is isolated per workspace

GDPR Readiness

Cendra’s architecture supports GDPR compliance:
GDPR requirementCendra support
Lawful basis for processingData processed for legitimate interest (fulfilling guest communication) and consent
Right of accessGuest data accessible through contact management
Right to erasureGuest data can be deleted on request
Data portabilityContact data exportable from Cendra
Data processing agreementsAvailable for enterprise customers
Data breach notificationIncident response procedures in place
Privacy by designWorkspace isolation, encryption, RBAC built into architecture

PMS Data Handling

When Cendra syncs data from your property management system:
  • Sync is read-focused — Cendra reads property and reservation data from your PMS. It does not modify PMS data unless you configure specific write-back actions.
  • Credentials secured — PMS API keys and OAuth tokens are stored in Azure Key Vault, not in application databases
  • Real-time sync — data stays current without manual exports or batch imports
  • No data duplication — Cendra references your PMS as the source of truth

Communication Channel Security

ChannelSecurity measures
WhatsApp BusinessEnd-to-end encryption (WhatsApp native), official Business API
GmailOAuth 2.0 authentication, Google Pub/Sub for real-time notifications
OutlookOAuth 2.0 authentication, Microsoft Graph API with subscription-based notifications
Cendra never stores email or WhatsApp passwords. All channel connections use OAuth tokens that can be revoked at any time.

Smart Lock Security

For properties using smart lock integrations:
  • Temporary access codes — guest codes are time-bound to reservation dates
  • Automatic revocation — codes are removed at checkout
  • Seam platform — device communication goes through Seam’s verified webhook system with Svix signature verification
  • No master codes exposed — Cendra manages individual guest codes, not property master codes

Reporting Security Concerns

If you discover a security vulnerability or have concerns about data handling, contact us at security@cendra.ai.