Security

Built to be deployed across every room you run.

Vaast is multi-tenant, encrypted, and operated for hotel estates from day one. Here's how we keep your data — and your guests' — safe.

How we protect your data

Security at every layer.

Tenant isolation

Every hotel's data is isolated by tenant. One account can never see another's screens, guests, or content.

Encryption

Data is encrypted in transit (TLS) and at rest. Upstream API keys and secrets are stored encrypted.

Access control

Role-based access for every dashboard user — front desk, content, and IT each get only what they need.

Infrastructure

Hosted on hardened, monitored infrastructure with backups and recovery procedures.

Application security

Secure development practices, dependency scanning, and regular review of the codebase.

Device & fleet security

TVs run kiosk-locked; devices pair with single-use claim codes and are managed as a controlled fleet.

Compliance

Standards we hold ourselves to.

Vaast is built on infrastructure designed for regulated environments. We follow industry-standard security practices and are actively pursuing formal certification for the frameworks below.

SOC 2 Type II·In progress

ISO 27001·Aligned

GDPR·Compliant

PCI DSS·Out of scope

Data handling

Your data, and your guests' data.

Vaast processes customer-account data and guest data on behalf of hotels. Customers own their data; Vaast processes it only to run the service.

Retention, export, and deletion are covered in the Privacy Policy.

Read the Privacy Policy

Report a vulnerability

Found something? Tell us.

We welcome reports from security researchers. Email us with details and we'll respond promptly.

security@vaast.tv

Ready to roll Vaast out safely?

See it on real hardware, or send us a question — we'll get back fast.

Book a demo Contact us