Booking Rooster is designed with security and data protection as core architectural principles.
This section provides an overview of how payments, authentication, and access controls are implemented within the platform. This overview covers:
- Payment Security
- Authentication & Access Control
- Multi-Factor Authentication (2FA)
- Responsibility Model
- Further Information
Payment Security
Booking Rooster does not store, process, or transmit Cardholder Data (CHD).
All credit and debit card payments are processed exclusively by PCI DSS validated third-party payment service providers using a hosted payment page model.
Cardholder Data is entered directly into the payment provider’s secure environment and does not pass through Booking Rooster systems.
For full details, see:
Credit Card Processing & PCI DSS Compliance
Authentication & Access Control
Booking Rooster uses a Role-Based Access Control (RBAC) model to manage user permissions.
Each user is assigned a role that determines:
- What data they can access
- What actions they can perform
- Whether they can view other users’ private data
User authentication is based on unique accounts and encrypted connections. Multi-Factor Authentication (2FA) is supported and can be enforced for higher-privilege roles.
For more information, see:
Authentication & Access Control
Multi-Factor Authentication (2FA)
Booking Rooster supports configurable Multi-Factor Authentication to strengthen protection of private data.
When enabled, 2FA is automatically enforced for users whose roles include access to other users’ private data.
Organisations define their authentication policy via Site Manager settings.
For configuration instructions, see:
Two-Factor Authentication (2FA) – Setup & Defaults
For background on why 2FA is recommended, see:
Why Two-Factor Authentication (2FA) Helps Keep Your Data Safe
Responsibility Model
Booking Rooster provides secure architecture and configurable security controls.
Each client organisation is responsible for:
- Assigning appropriate user roles
- Enabling and configuring 2FA as required
- Reviewing access permissions periodically
- Confirming PCI DSS obligations with their acquiring bank
Further Information
If you require formal compliance documentation or have specific security or procurement questions, please contact support@bookingrooster.co.nz.
Comments
0 comments
Please sign in to leave a comment.