Security, privacy and control for hospitality products
Temelj products, including GuestNesty and Libar, are built for hospitality teams that handle privacy-sensitive messages, reservations, operational tasks and property data. The approach is based on role-based access, tenant isolation and clear human control.
Our products are built around control, not blind automation
Hospitality software must preserve context: who is using the system, for which property, with which data and in which operational role. That is why the security model is practical and operational.
Property isolation
Data, messages, tasks, knowledge and operational context must stay scoped to the correct hotel, villa, apartment or portfolio.
Role-based access
Teams should see only what they need to do their work. Admin, operations, support and reception roles stay separated.
Human control
Automation helps with routine work, but important decisions, exceptions, finance and sensitive requests stay under team control.
Privacy by design
Guest, reservation and team data is treated as sensitive. The goal is to reduce unnecessary data and limit access.
Aligned with serious security frameworks
GuestNesty, Libar and other Temelj products are aligned with enterprise-grade security controls, ISO/IEC 27001:2022 principles, OWASP ASVS/WSTG guidance and GDPR-oriented privacy practices. In practice, that means architecture, access, message validation, API flows and production setup are shaped around recognized security requirements.
ISO/IEC 27001:2022 alignment
Internal rules, risks, access and operational controls are viewed through information security management principles.
OWASP ASVS/WSTG review
Authentication, sessions, access control, API validation, webhook security and production hardening are reviewed through OWASP logic.
GDPR-oriented privacy
Data collection and processing should stay limited to the business purpose, with scoped access, secure handling and careful treatment of guest, reservation and team data.
What this means in practice
Tenant and property isolation
Knowledge, conversations, reservations, tasks, users and operational context stay scoped to the correct property and client.
Secure message and API validation
Connected channels, webhook flows and API requests should use validation, source checks and duplicate-event protection.
Controlled automation
Automation is used for known and approved workflows. Exceptions, sensitive decisions and unclear cases are routed to the team.
HTTPS production setup
Production communication runs through HTTPS, with public website, application, API and internal service layers separated.
Careful logging
Sensitive data, credentials and private message content should not be exposed unnecessarily through logs.
Audit-friendly operations
Operational events, changes and handoffs should be understandable to the team reviewing service quality and system security.
Simple answers about Temelj product security
Are Temelj products formally ISO certified?
We do not claim formal certification unless it has been separately issued. We say the products and documentation are aligned with ISO/IEC 27001:2022 principles.
Does this apply to both GuestNesty and Libar?
Yes. GuestNesty, Libar and future Temelj products are developed under the same security approach: tenant isolation, role-based access, secure validation and careful data handling.
Who can see client data?
Access should be restricted by role, property and purpose. Teams see the data they need for their work, not every client’s data.
Is property data kept separated?
Yes. The architecture is designed so tenants, properties, users, knowledge, conversations and operational data stay inside their authorization boundaries.
How are sensitive or complex cases handled?
Those cases should go to the human team. Automation helps with routine work, but it does not replace staff or management responsibility.
Do the products support a GDPR-oriented approach?
Yes, through data minimization, scoped access, careful logging and processing tied to a clear business purpose. The specific legal basis depends on the client setup.
Discuss a secure setup for your property
If you want to see how GuestNesty or Libar can support communication, reception and daily operations with controlled access and secure setup, start with a short call.