Security is a core part of how Vesta OS is designed, built, and operated.
Vesta OS processes operational data that may include listings, guest messages, reservation details, pricing inputs, vendor tasks, QA records, photos, settlement information, and internal workflow data.
Our security approach is designed to protect customer data, support reliable operations, and give teams appropriate control over automation and access.
Our security program is guided by four principles: protect operational data, control access, maintain operational reliability, and keep automation accountable.
AI and automation should be configurable, reviewable, and auditable where appropriate.
Vesta OS applies technical and organizational measures designed to protect customer information from unauthorized access, misuse, loss, alteration, or disclosure.
These measures may include secure infrastructure practices, access controls, authentication requirements, logging, monitoring, encryption where appropriate, vendor review, secure development practices, and incident response procedures.
Access to Vesta OS should be limited to authorized users. Customers are responsible for managing their own users, roles, permissions, connected accounts, and internal approval workflows.
Depending on product configuration and account type, Vesta OS may support team-based access, role-based permissions, user invitation and removal workflows, administrative controls, and access review practices.
Because Vesta OS includes AI-assisted workflows, security also includes operational control over automation.
Recommended controls include human review for sensitive guest messages, escalation rules for refunds, complaints, damage, safety, and disputes, audit records for automated actions, reviewable task and QA history, and clear ownership of final operational decisions.
Security is a shared responsibility. Customers are responsible for managing user access, protecting login credentials, reviewing connected third-party accounts, configuring appropriate automation rules, reviewing sensitive AI outputs, maintaining internal controls, and complying with applicable laws and platform requirements.