HOSTELELLA Legal documentation

Security Policy

Version 1.5 Effective 27 June 2026 Art. 32 GDPR

HOSTELELLA applies reasonable technical and organizational measures appropriate to the risk to protect the confidentiality, integrity, availability and resilience of the Service. This policy summarizes the main measures without disclosing details that could weaken security.

1. Governance and access

2. Data protection

3. Application and API

4. AI processing and minimization

When AI features are used, HOSTELELLA applies specific controls to reduce the exposure of personal data:

5. Operations, monitoring and continuity

6. Reasonable limitations

This policy summarizes security controls without disclosing details that could weaken the Service. Measures may vary by environment, plan, managed provider and risk. No system is absolutely secure; HOSTELELLA will maintain appropriate and proportionate measures, but the Customer must apply its own internal controls.

7. Sub-processors

HOSTELELLA selects providers that offer adequate security measures for the purpose of the processing. The main sub-processors are published in the Sub-processors Annex.

8. Customer responsibilities

The Customer must protect its devices, accounts and credentials, use strong passwords, limit permissions, review active users, report suspicious access and keep its own copies/exports where required by its operational risk or regulations.