Row-level security
Data sits in Supabase PostgreSQL with row-level security enforced at the database, so records are gated by policy — not only by application code.
Security & Trust
RAYN sits close to a venue's most sensitive information — guests, bookings, spend and messages. That data is isolated per venue, held under least-privilege access, and every AI-driven action is reviewed by your team before it happens. This page sets out the principles and practices behind it.
Data protection
Venue data lives in a managed PostgreSQL database with row-level security. Access is scoped so a venue sees its own data and nothing else, and traffic is encrypted the whole way through.
Data sits in Supabase PostgreSQL with row-level security enforced at the database, so records are gated by policy — not only by application code.
Each venue's guests, bookings and spend are scoped to that venue. Access is least-privilege by design — you reach your own data, not another operator's.
Traffic is served over HTTPS with TLS, and data is encrypted at rest by the managed database platform.
Payments
Deposits and payments run through established payment providers. Card and payment data is handled by them, not stored by RAYN.
AI you can trust
RAYN's intelligence is built around human approval. The platform surfaces recommendations; sensitive actions — campaigns, pricing and guest outreach — are reviewed before they run, and actions are logged with the evidence and outcome behind them.
The AI proposes; operators decide. Sensitive actions do not fire automatically without review.
Campaigns, pricing changes and guest outreach are held for approval, so nothing reaches a guest without a person behind it.
Decisions are logged with the evidence and outcome tracked, so you can see what was recommended, what was approved and why.
Guest data & privacy
Guest information is used to run the venue's own booking, service and communication — not resold or repurposed. Access is role-scoped, and consent is respected. The privacy policy sets out the detail of what is collected and why.
Infrastructure & monitoring
RAYN runs on established managed cloud infrastructure and is watched in production, so problems surface quickly rather than sitting unseen.
All traffic is served over HTTPS with TLS. There is no unencrypted path to the platform.
The platform runs on managed infrastructure — hosting on Vercel and a managed Supabase database — rather than hand-run servers.
Errors and platform health are monitored with Sentry, so failures are caught and traced instead of going quiet.
Responsible disclosure
If you believe you have found a security issue in RAYN, we want to hear from you. Please report it to contact@rayn-co.com with enough detail to reproduce it, and give us reasonable time to respond before disclosing publicly.
Where we operate
Built for premium hospitality across India, the United Kingdom and the Middle East.
Ask us anything
A short walkthrough — we take you through how RAYN handles your venue's data, payments and guest information against your own security and compliance questions.