Data Protection and Security

1. Privacy-by-design approach

The Vayento architecture separates public data from protected user, host and admin data. Role-based access control ensures that each user sees only the data relevant to their role.

2. Security controls

The application includes hashed passwords, JWT access control, refresh tokens, rate limiting, account lockout, input validation, safe user serializers, media validation and Stripe webhook signature verification.

3. Auditability

Important administrative and host actions are recorded as audit logs so that moderation, role changes, listing publication and operational changes can be reviewed.

4. Data minimisation

Public property pages display only the information needed for discovery and booking decisions. Sensitive user fields and authentication secrets are not exposed to frontend clients.