Security at BM24 Hub

BM24 Hub is built around a clear set of security principles:

• minimise unnecessary data exposure between components
• use the principle of least privilege for systems and people
• separate environments and roles where appropriate
• encrypt data in transit and at rest where it is technically and operationally feasible
• monitor key services and react quickly to incidents
• design for long-term maintainability, not quick fixes

These principles guide architectural decisions, implementation and daily operations.

BM24 Hub acts as a central platform, but that does not mean everything is mixed together. The architecture is designed to:

• separate public-facing components from internal services
• isolate environments for development, testing and production
• keep sensitive configuration and credentials out of front-end layers
• limit the blast radius if an individual component behaves unexpectedly

Where appropriate, we treat different customer or partner areas as distinct zones with their own access rules.

Hotels and travel partners work with personal data, sometimes including payment-related information. BM24 Hub is designed to support privacy-friendly operations by:

• structuring data so that only relevant systems see personal information
• avoiding the inclusion of unnecessary personal details in logs and monitoring
• supporting data minimisation and retention concepts where technically feasible
• aligning with data protection requirements that are relevant for hotels and travel businesses

Details on how data is handled in specific projects depend on the systems and processes chosen by each customer and their partners.

Access to BM24 Hub is based on roles and responsibilities, not on generic “full access” accounts. Our approach includes:

• role-based access control for hotels, groups and partners
• clear separation between operational, administrative and read-only roles
• controlled access for agencies and external partners with defined scopes
• procedures for onboarding, changing and removing user access

This reduces the risk of accidental changes and supports compliance with internal access policies.

BM24 Hub follows modern practices for secure communication:

• use of HTTPS/TLS for web interfaces and APIs
• encryption of data in transit between key components where supported
• secure handling of credentials and tokens for connected systems
• preference for strong, up-to-date protocols and cipher suites

The goal is to protect data as it moves between browsers, servers and integrated systems, in line with industry best practices.

BM24 Hub runs on professionally managed infrastructure in multiple hosting regions to support resilience and performance. For security reasons, we do not publish exact data center locations or internal network details.

Operational security practices focus on:

• regular updates and patching of platform components
• controlled deployment processes for changes and new features
• separation of infrastructure management from application-level access
• backup and recovery procedures designed for critical data and configuration

This helps ensure that the underlying environment is maintained consistently over time.

Security is also about visibility and response. BM24 Hub includes:

• monitoring of key services and performance indicators
• logging that supports troubleshooting and incident analysis
• internal alerting when unusual or critical conditions are detected
• processes for investigating, mitigating and learning from incidents

Where appropriate, relevant information is aligned with the public Status Page so that hotels and partners stay informed about the state of core services.

BM24 Hub integrates with many external systems – booking engines, PMS, channel managers, payment providers, CRM platforms and more. Each integration is handled with security in mind:

• restricted access scopes for API keys and credentials where possible
• clear understanding of which system owns which data
• secure storage of secrets and configuration values
• review of integration patterns for reliability and risk

We treat integrations as part of the security surface, not as an afterthought.

Security in a hotel or travel environment is always a shared responsibility between:

• Bigmedia24 and the BM24 Hub platform
• hotels, groups and travel partners using the platform
• technology providers whose systems are connected

We provide a secure platform layer and integration patterns; customers and partners remain responsible for:

• secure operation of their own systems and networks
• access control and internal processes on their side
• compliance with applicable regulations in their jurisdictions

Our team is available to help map out these responsibilities clearly in joint projects.

If you suspect a security issue, data protection concern or unusual behaviour related to BM24 Hub or a Bigmedia24-powered website, we encourage you to contact us as soon as possible.

For initial contact, please:

• open the chat in the bottom-right corner of this page
• start your message with “Security” or “Data protection”
• briefly describe the issue without sharing sensitive data in the first message

Our team will acknowledge your report, route it to the appropriate specialists and, if necessary, agree on a more secure communication channel for further details.

Security is not a one-time project. BM24 Hub is continuously improved based on:

• changes in the technology and threat landscape
• feedback from hotels, partners and security-conscious stakeholders
• lessons learned from incidents and near-misses
• internal reviews and architectural evolution

We aim to keep the platform aligned with modern expectations for security and resilience in the hotel and travel technology space.

For legal and formal correspondence, you can reach us at:

Bigmedia24 Dynamics Ltd.
51 Bracken Road
Sandyford, D18 CV48
Dublin, Ireland

Phone (Ireland): +353 1 578 8066
Phone (USA): +1 306 261 9933
Email (legal use): support@bigmedia24.com
Website: https://bigmedia24.com

For operational support, tickets and day-to-day requests, please start via the chat (bottom-right) so we can route your case into the Ticket System and Support Portal where appropriate.