Security

Security Overview

How Semiora protects customer data and supports GDPR security obligations.

Effective: July 2, 2026Last updated: July 2, 2026

Overview

This Security Overview summarizes Semiora controls used to protect account, tenant, booking, integration, billing, and automation data.

Access Controls

  • Role-based access controls for tenant and admin actions.
  • Authentication and session management for app access.
  • Administrative access limited to authorized personnel and audited where applicable.

Data Protection

  • Payment card data is collected by Paddle and is not stored by Semiora.
  • OAuth tokens and integration credentials should be stored securely and removed when integrations are disconnected.
  • Sensitive logs should avoid raw tokens, secrets, and unnecessary webhook payload content.

Monitoring And Abuse Prevention

  • Rate limiting and abuse prevention controls protect authentication, API, and webhook surfaces.
  • Security and operational events may be logged to investigate abuse, failures, and incidents.
  • Cloudflare may provide CDN, WAF, bot mitigation, and edge security controls.

Incident Response

Semiora maintains incident response practices for triage, containment, investigation, user communication, and post-incident improvement. Personal data incidents are assessed for notification obligations under applicable law.

Stop losing bookings in your DMs.

Set up your first automation in the next four minutes.