Data Security

At Toursgrid, we are committed to protecting customer data through strong security practices across our people, processes, and technology. As a tour management platform, we understand the importance of safeguarding booking data, customer information, operational records, and business communications.

This page provides an overview of the measures we take to maintain a secure, reliable, and trusted environment for our customers and partners.

Security Framework

Our security framework is built around the following key areas:

Organizational Security

Security Policies & Procedures

Toursgrid maintains internal security policies and operational procedures designed to ensure data confidentiality, integrity, and availability. These policies are reviewed regularly and updated to align with evolving risks, technologies, and industry best practices.

Employee Awareness & Training

All employees and contractors are required to follow confidentiality and acceptable use standards. Team members receive training on information security, phishing awareness, secure handling of customer data, and responsible access practices.

We encourage prompt reporting of suspicious activity or security concerns.

Device Security

Company-managed devices are protected using modern security controls such as:

• Endpoint protection and antivirus software
• Strong password policies
• Device encryption
• Automatic security updates
• Restricted access to company systems

Devices storing confidential information are securely wiped before reuse or disposal.

Internal Review & Compliance

We regularly review internal controls and operational practices to improve our security posture and support compliance with applicable standards and regulations.

Physical Security

Office & Staff Access

Access to company workspaces is restricted to authorized personnel only.

Hosting Environment

Toursgrid uses reputable cloud infrastructure providers that maintain enterprise-grade physical security controls such as:

• Controlled facility access with surveillance
• 24/7 monitoring and security personnel
• Environmental protections (fire suppression, climate control)
• Redundant power and connectivity systems
• Physical and logical isolation of infrastructure

Logical Access Control

Authentication

Access to internal systems and the Toursgrid platform is protected through:

• Unique user accounts for each individual
• Strong password requirements and policies
• Session timeout and automatic logout

Role-Based Access

We apply the principle of least privilege, meaning users receive only the minimum access required for their responsibilities. Access permissions are granted based on job roles and business needs.

Access Reviews

User access is reviewed periodically, and unnecessary or inactive accounts are removed or restricted promptly. Access privileges are revoked immediately upon employee departure or role change.

Data Security

Encryption

In Transit

All traffic between users and Toursgrid systems is encrypted using industry-standard HTTPS/TLS protocols. This ensures that data transmitted over networks is protected from interception and tampering.

At Rest

Sensitive data stored within our systems is protected using encryption mechanisms provided by trusted cloud platforms. Database encryption and encrypted storage volumes help safeguard data at rest.

Data Retention

We retain customer data only as long as necessary to provide services, meet legal obligations, support backups, or resolve disputes. Data deletion requests are handled according to applicable laws and agreements.

Data Segregation

Customer environments and records are logically separated to help ensure privacy and confidentiality. Your data is isolated from other customers' data through application-level controls and database segmentation.

Payment Information

Toursgrid does not store raw credit card information. Payment processing is handled through trusted, PCI-DSS compliant third-party payment gateways that maintain their own rigorous security and compliance standards. We only store necessary payment metadata such as transaction references and payment status.

Network & Infrastructure Security

Our infrastructure uses a layered security model to protect against threats.

Network Protection

We use security controls such as:

• Firewalls to control network traffic
• Traffic filtering and intrusion detection
• DDoS mitigation where available
• Secure DNS and TLS configurations
• Network segmentation to isolate critical systems

Application Security

Our systems are designed with secure coding practices and monitored for suspicious behavior. We implement measures such as:

• Input validation and sanitization
• Protection against common vulnerabilities (SQL injection, XSS, CSRF)
• Secure session management
• Regular security code reviews

Database Security

Production databases are restricted to authorized systems and users only, with private networking and controlled access. Database credentials are securely managed and rotated regularly.

Operational Security

Logging & Monitoring

We maintain logs for critical systems, authentication activity, operational events, and security-relevant actions. Continuous monitoring helps us detect issues quickly and respond effectively to potential security incidents.

Vulnerability Management

We routinely apply updates, patches, and security improvements to our systems. We may also perform vulnerability scans and security assessments as part of our ongoing security program to identify and remediate potential weaknesses.

Backup & Recovery

We maintain regular backups of critical systems and data to support business continuity and disaster recovery. Backup processes are regularly reviewed and tested to ensure data can be restored when needed.

Business Continuity

We maintain continuity and recovery procedures to reduce downtime and restore services efficiently in the event of incidents or outages. Our infrastructure is designed with redundancy and failover capabilities.

Incident Response

Toursgrid maintains an incident response process to manage security events effectively. This includes:

• Identification: Detecting and recognizing security incidents
• Containment: Limiting the scope and impact of incidents
• Investigation: Analyzing root causes and extent of incidents
• Recovery: Restoring normal operations safely
• Communication: Notifying affected parties as required by law
• Lessons Learned: Improving processes based on incident analysis

If you believe you have discovered a security issue, please contact our support or security team immediately at contact@artofbicycletrips.com.

Change Management

Secure Development

System changes are managed through documented development and release processes, including testing and approvals where appropriate. We follow secure development lifecycle practices to ensure code quality and security.

Version Control & Deployment

We use version control systems and controlled deployment practices to improve reliability and rollback capability. Code changes are reviewed before deployment, and we maintain the ability to quickly revert changes if issues arise.

Vendor & Third-Party Management

We work with selected vendors and service providers who support our operations. Where appropriate, we evaluate providers based on reliability, privacy practices, and security standards.

Access granted to third parties is limited to what is necessary, controlled through proper authentication mechanisms, and reviewed regularly to ensure it remains appropriate.

Customer Security Controls

Security is a shared responsibility. We recommend customers follow these best practices to protect their accounts and data:

Our Commitment

At Toursgrid, protecting customer data is a core responsibility and a fundamental part of our service. We continuously improve our security controls, systems, and processes to provide a safe and dependable platform for tour operators, travel businesses, and their customers.

Security is an ongoing journey, not a destination. We remain committed to:

• Maintaining transparency about our security practices
• Staying current with evolving security threats and technologies
• Investing in people, processes, and tools to enhance security
• Responding promptly and effectively to security incidents
• Collaborating with customers to protect their data

Thank you for trusting Toursgrid with your business operations. Together, we can maintain a secure environment for your tour management needs.

Questions or Concerns?

If you have questions about our data security practices or need to report a security concern, please contact us: