MendzCo

Security

Security and data handling.

MendzCo is built for operators who can't afford surprises. Here's how we keep your calendars, credentials, and team access safe.

Encryption in transit

All traffic to MendzCo and to your iCal sources is served over TLS. Feed tokens are transmitted only over HTTPS.

Read-only by default

Inbound sources are polled read-only, and shared feeds expose availability only — never guest details or platform credentials.

Token-scoped feeds

Every shared feed and public status page is reachable only via a unique, unguessable token that you can rotate or revoke at any time.

Least-privilege access

Team members are granted access per property with clear roles, so people see only the properties they are responsible for.

Secrets kept secret

Sensitive values such as Telegram bot tokens are stored securely and shown masked throughout the panel.

Data you control

Export your data or delete your organisation at any time from Settings. We process data on your instruction.

Data processing

We act as a data processor for the booking and availability data you connect. Our Data Processing Addendum, Privacy Policy, and Terms set out the full detail.

Have a security question? Get in touch.