Security isn't an afterthought — it's built into every layer of the platform.
All data in transit is encrypted using TLS 1.3. Older protocol versions are disabled by default.
Customer data, payment info, and booking records are encrypted at rest using AES-256 on every storage layer.
JWT tokens with short expiry, refresh token rotation, and optional 2FA for all business accounts.
We never store raw card numbers. All payment data flows through Stripe and Paystack PCI-compliant vaults.
Every sensitive action (login, booking change, refund) is logged with timestamp, IP, and user ID for full traceability.
Data residency controls, right to erasure, consent management, and a Data Processing Agreement available on request.
If you discover a security vulnerability in AionBooking, please report it responsibly. We investigate all reports promptly and recognize researchers who help keep the platform safe.
Report a VulnerabilityEmail: security@aionbooking.com · We aim to respond within 24 hours.
Transparency in how we operate and protect your data.