Security & Privacy
How Ananas GDS protects your data in transit and at rest, manages partner access control, handles API credentials, and approaches GDPR compliance.
Data in Transit
All communication between your browser and the Ananas GDS platform — as well as between the platform and any API consumer — uses HTTPS (TLS 1.2 or higher). Unencrypted HTTP connections are not accepted and are automatically redirected.
API responses are transmitted over encrypted channels. Image delivery via CDN is also served exclusively over HTTPS.
Data at Rest & Storage
Structured Data
- Stored in a secured relational database on Ananas GDS EU-based servers.
- Regular automated backups with multiple storage points.
- RAID disk configuration to prevent data loss from hardware failure.
Image Data
- High-resolution images stored in cloud object storage, separate from application servers.
- Automatic backup to a secondary protected location.
- Images are accessed only via hashed, non-guessable URLs — the storage path itself is never public.
- Metadata for each image is stored on application servers and linked to the image via secure hashing.
Image URLs in API responses and widget embeds are hashed and access-controlled. Even if someone intercepts an image URL, the platform verifies whether the requesting domain or token has permission to access it before serving the image.
Access Control
Account Level
- Each account is isolated. You cannot access another company's data without an accepted partnership contract.
- Admin accounts have full access to their own data only.
- Sub-users (Authorized Users) are limited to the roles and properties assigned to them by the admin.
Partnership Level
- Data access between companies requires a mutually accepted contract.
- Each contract defines which properties and data types (facts, photos, availability) are accessible.
- API tokens are scoped to the contract — they cannot access data outside the contract terms.
- When a contract expires or is cancelled, access is automatically revoked.
API Level
- All internal API endpoints require a valid session or token for access.
- Widget embeds are domain-checked against the embedding page's
Origin/Refererhost; the server-to-server v1 pull API is checked against the caller's source IP. - Rate limiting is applied to prevent abuse.
API & Token Security
Best Practices for Token Handling
- Never expose tokens in frontend code. Browser-based JavaScript is visible to anyone. Use tokens in server-side code only (Node.js, Python, PHP, etc.).
- Do not commit tokens to version control. Use environment variables or a secrets manager.
- Rotate tokens if compromised. Revoke a token in Developer Tools and issue a new one for the affected contract.
- Use the minimal access principle. If a contract only needs stop sale data, ensure the token's permissions reflect that — do not grant unnecessary facts or photo access.
Domain & IP Restriction
Each token carries a whitelist that is enforced differently per transport. Browser
widgets are checked against the embedding page's domain (from the Origin/Referer
header), with forgiving normalisation and apex-covers-subdomain matching; a request from a
non-authorised domain receives 403 Forbidden. Because widgets serve only
already-published public fact-sheet data, a request that arrives with no referrer still renders
and is logged rather than blocked, so the widget whitelist acts as a hot-link deterrent.
The server-to-server v1 pull API (which serves contracted, non-public data) is
gated on the caller's source IP (REMOTE_ADDR) against exact IP, CIDR, or
DNS-resolved domain entries; the spoofable X-Forwarded-For header is ignored, and an
empty whitelist fails closed. This prevents unauthorised third parties from embedding or pulling
your property data.
Image Security
- Images are never stored at predictable or enumerable public URLs.
- Each image URL is generated using cryptographic hashing tied to the property, image, and access configuration.
- URLs are validated on every request — the server checks both the token/domain and the URL hash before serving.
- Images uploaded to Ananas GDS are stored only for authorised use within the platform and via contracted API access. They are not indexed by search engines.
Account Security
Password Requirements
- Minimum 8 characters
- At least one number
- At least one special character
Two-Factor Authentication
2FA support is currently in development and will be available in an upcoming release. When launched, 2FA will be available via authenticator app (TOTP) and will be optional for all accounts, with mandatory enforcement available for Premium plans.
Session Management
- Sessions expire after a period of inactivity.
- Logging out invalidates the session token server-side — not just client-side.
- Suspicious login activity (multiple failed attempts) triggers a temporary account lock.
Account Verification
The Ananas GDS team manually verifies company information for new registrations. Accounts flagged as potentially fraudulent or impersonating another company may be suspended pending further review.
GDPR & Data Privacy
Ananas GDS operates under European Union data protection law (GDPR). The platform is designed for B2B use — the primary data handled is accommodation property information, not personal consumer data. However, several GDPR-relevant areas apply:
Data You Store
- Your account registration data (email, company name) is processed under the lawful basis of contractual necessity.
- Contact lists (emails in mailing groups) should only contain contacts who have given appropriate consent to receive commercial communications from your company.
- Sub-user data (name, email) is processed as part of your service administration.
Data Portability
You can export all your property data (fact sheets, availability history, photos) at any time via the Export Centre in Developer Tools. For a full account data export, contact client@ananas-gds.com.
Data Deletion
To request deletion of your account and all associated data, contact support. Following deletion, data is removed from active databases within 30 days. Anonymised aggregate statistics may be retained.
Data Processing Location
Data is processed and stored on servers within the EU. CDN edge nodes may cache image data globally for performance, but the origin storage remains EU-based.
For our full Privacy Policy and Data Processing Agreement (DPA), please contact client@ananas-gds.com. A DPA is available to all enterprise and contracted partners on request.
Reporting a Vulnerability
If you discover a security vulnerability in the Ananas GDS platform, please report it responsibly:
- Email: client@ananas-gds.com
- Subject: [SECURITY] followed by a brief description
- Include: steps to reproduce, potential impact, and your contact details
Please do not publicly disclose the vulnerability until we have had the opportunity to investigate and remediate it. We aim to acknowledge all reports within 48 hours.