Data Protection and Safeguards Against Security Breach

March 2022
  1. Servers and Databases

    As a key provider of technology to the travel industry BeMyGuest takes the security and resilience of its systems very seriously. All our systems are hosted securely within AWS Asia Pacific data centres.

    All resources sit within the Southeast Asia AWS region. AWS are a trusted provider on this CSA Star certification:
    https://cloudsecurityalliance.org/star/registry/amazon

    The application services are handled by a cluster of AWS EC2 instances, these sit behind a Load Balancer that handles distribution of traffic load to the application servers.

    Load balancers maintain an even distribution of traffic to each of our application nodes, and all systems are designed in a way that allows easy scaling of additional nodes.

    The load balancer only accepts TCP traffic over ports 80 and 443, it is also protected by a Web Application Firewall (WAF) that filters out malicious activity, access or DoS attempts from Bot networks etc.
  2. Data Protection

    All servers and databases are not accessible without authentication into a VPC (Virtual Private Cloud). All data is stored on a cluster of AWS RDS instances where no access outside of the private cloud is allowed. BeMyGuest technical staff can access these networks only via secure key-based authentication, a second factor authentication is also required, no passwords are used.

    Our partners expect high levels of security in handling their customer data and we ensure we maintain the highest standards. This includes making sure that all communication where customer data may be transferred happens over HTTPS with secure authentication protocols in place. Only BeMyGuest staff who need to access this information in the course of their duties have access to customer data. Additionally, all BeMyGuest staff have two-factor authentication protection on their accounts that can access any backend systems which helps to mitigate the risk of breaches from compromised passwords.

    BeMyGuest is regulated by the the Personal Data Protection Act of 2012 (https://www.pdpc.gov.sg/overview-of-pdpa/the-legislation/personal-data-protection-act) and its subsidiary legislation (as may be amended, supplemented or substituted from time to time) which apply to BeMyGuest Data Confidentiality.

    BeMyGuest ensures that its employees comply with the Personal Data Protection Act of 2012 of Singapore and the regulations made thereunder in relation to the Customer Data collected by it.
  3. Backup and Recovery

    All of our database systems have multi-zone availability and thus are resilient against data centre connectivity problems, additionally they support point-in-time recovery in cases where data recovery is needed.

    This means that data collected is simultaneously stored on multiple database systems in different locations providing protection in the event of a database failure. Additionally, AWS supports point-in-time recovery and historical data recovery in cases where recovery is needed.
  4. Logs and Audit Trails

    All communications between API integrations and all requests and responses to our API systems are logged, we operate a dedicated ELK cluster, (Elastic Search, Logstash and Kibana) which collects, indexes and makes searchable the raw logs of all traffic in an easily accessible format.
  5. Uptime and Notifications

    BeMyGuest also commits to a 99.8% uptime via its standard SLA, appropriate channels will be put in place for raising and escalating technical issues. BeMyGuest uses PagerDuty to manage technical support scheduling and engineers are on hand to deal with any incidents.

    Any Planned outage notifications from BeMyGuest to its partners will be communicated via dedicated Slack channel or email with a minimum 72 hours’ notice.
  6. Payments

    When BeMyGuest collects payments from partners or on behalf of its partners, Payments are handled via the selected payment gateway provider(s), all communications between BeMyGuest and the payment gateway provider(s) is protected via Asymmetric encryption.

    No payment details are stored in the BeMyGuest database, except for payment references and the last 4 digits of the payment card.
Privacy Policy
Travel Agent Licence: TA02367
Company Registration: 201205177M
© 2025 BeMyGuest Pte. Ltd. All rights reserved