Security & Trust

Built to protect venue and guest data.

RAYN sits close to a venue's most sensitive information — guests, bookings, spend and messages. That data is isolated per venue, held under least-privilege access, and every AI-driven action is reviewed by your team before it happens. This page sets out the principles and practices behind it.

Data protection

Isolated per venue, by default.

Venue data lives in a managed PostgreSQL database with row-level security. Access is scoped so a venue sees its own data and nothing else, and traffic is encrypted the whole way through.

01

Row-level security

Data sits in Supabase PostgreSQL with row-level security enforced at the database, so records are gated by policy — not only by application code.

02

Venue-scoped isolation

Each venue's guests, bookings and spend are scoped to that venue. Access is least-privilege by design — you reach your own data, not another operator's.

03

Encrypted in transit and at rest

Traffic is served over HTTPS with TLS, and data is encrypted at rest by the managed database platform.

Payments

Card details never touch RAYN.

Deposits and payments run through established payment providers. Card and payment data is handled by them, not stored by RAYN.

  • Processed by Stripe and N-GeniusPayments are handled by PCI-DSS-compliant providers built for card data.
  • No card storage at RAYNRAYN never stores raw card or payment credentials — they stay with the processor.
  • Deposits captured securelyDeposit and payment links are taken through the provider's secure flow, not a RAYN form.
  • Reconciliation without exposureRAYN works from booking and settlement references, not sensitive card data.

AI you can trust

RAYN Brain recommends. Your team approves.

RAYN's intelligence is built around human approval. The platform surfaces recommendations; sensitive actions — campaigns, pricing and guest outreach — are reviewed before they run, and actions are logged with the evidence and outcome behind them.

01

Human-approval model

The AI proposes; operators decide. Sensitive actions do not fire automatically without review.

02

Sensitive actions reviewed

Campaigns, pricing changes and guest outreach are held for approval, so nothing reaches a guest without a person behind it.

03

Audit trail

Decisions are logged with the evidence and outcome tracked, so you can see what was recommended, what was approved and why.

Guest data & privacy

Guest data serves the venue's operations.

Guest information is used to run the venue's own booking, service and communication — not resold or repurposed. Access is role-scoped, and consent is respected. The privacy policy sets out the detail of what is collected and why.

  • Purpose-limitedGuest data supports the venue's reservations, service and pre-arrival communication.
  • Role-scoped accessTeam members see what their role needs — access is least-privilege, not all-or-nothing.
  • Consent respectedMarketing and messaging preferences are honoured, and consent can be withdrawn.
  • Detail in the policyData collected, processing reasons and retention are set out in full in the privacy policy.

Infrastructure & monitoring

Managed cloud, monitored in production.

RAYN runs on established managed cloud infrastructure and is watched in production, so problems surface quickly rather than sitting unseen.

01

HTTPS everywhere

All traffic is served over HTTPS with TLS. There is no unencrypted path to the platform.

02

Managed cloud platform

The platform runs on managed infrastructure — hosting on Vercel and a managed Supabase database — rather than hand-run servers.

03

Error monitoring

Errors and platform health are monitored with Sentry, so failures are caught and traced instead of going quiet.

Responsible disclosure

Found something? Tell us.

If you believe you have found a security issue in RAYN, we want to hear from you. Please report it to contact@rayn-co.com with enough detail to reproduce it, and give us reasonable time to respond before disclosing publicly.

Ask us anything

Walk through it with your requirements.

A short walkthrough — we take you through how RAYN handles your venue's data, payments and guest information against your own security and compliance questions.