Security

Our approach

Security is an ongoing practice. We prioritize sensible defaults, least‑privilege access, and regular reviews of systems and vendors.

Data protection

• Encryption in transit via TLS for all application traffic.
• Encryption at rest for databases and object storage managed by our cloud providers.
• Separate environments for development and production.

Access & identity

• Role‑based access controls and least‑privilege access for internal tools.
• Multi‑factor authentication required where available.
• Periodic access reviews for critical systems.

Reliability

We monitor application health and error rates, back up data regularly, and aim for quick recovery from incidents with documented runbooks.

Payments

When payments are enabled, bank connections and processing are handled by trusted third‑party providers. Sensitive payment data is not stored on Llama Lodge servers.

Responsible disclosure

If you believe you’ve found a security issue, please email support@llamalodge.com with details. We appreciate responsible research and will review reports promptly.

Sub‑processors

We use reputable infrastructure and service providers to run Llama Lodge (for example, hosting, storage, email). We review vendors for security posture and limit data shared to what is necessary.

Questions

For any security questions, contact us at support@llamalodge.com.