Anytime Information Security Statement

This statement provides an overview of Anytime Booking’s approach to cyber security.

Technical Infrastructure

We aim to maintain a balanced and resilient infrastructure to maximise system performance and up-time:

We monitor our services 24/7.

We work under version control, we stage code and only release updates to “Live” after thorough testing.

We use load balancing for traffic distribution and managing performance, we backup hourly and offsite to AWS (Amazon Web Services) located in a UK data centre.

We are Cyber Essential Plus certificated, which is a Government-backed and industry-supported certification. It means Anytime has been rigorously tested by external cyber security experts who carry out vulnerability tests to make sure that we are protected against basic hacking and phishing attacks.

We document code and provide written and video user guides and as we develop.

We will let you know when we are undergoing scheduled maintenance. Our maintenance is carried out of working hours, unless absolutely essential.

Data Security

We take the ownership, management and protection of your data very seriously:

We have strict access control to client data. Only our data specialists can see your data, and only at your request.

Your data is your data, we never mine it for marketing purposes.

We believe in GDPR. We protect you and your data. Any guest data is sanitised before it is shared, and only then with partners and booking channels you have signed up to working with.

Full opt-in and opt-out is available for your guests, you can manage this yourself.

Our contract with you contains a termination clause making it clear that you may take your data with you, should you wish to migrate to another system. If you do decide to leave we render the data and any copies of the data ‘beyond use’ after one year.

Disaster Recovery

We recognise that data attacks and corruptions are still possible, and have robust disaster recovery procedures in place:

Our regular backups allow us to reinstate data in as timely and an accurate way as possible.

We have a great track record for up-time, both on uninterrupted normal service and when we make upgrades. Our records show an outstanding level of service availability for your business needs.

We promise to be online for 99.5% of the time in any given month, but always aim to beat that. We use Cloudflare as CDN to mitigate against DNS errors or DDoS attacks.

Honesty is our policy; we are proactive, communicative and breach ready:

In the case of a breach or outage, in addition to the usual and necessary operational reporting, we have defined service provider responsibilities for reporting the timeliness, root cause, fix and future mitigation strategy.

We will rank any incidents and will communicate with our users if the ranking reaches level 3 or above.

Business continuity management

We are a stable entity running on a sustainable business model and unlikely to disappear:

We interact with other services or tools supporting activities in the outdoor holiday market.

We continue to innovate in our segment of the market, matching and exceeding user expectations. Strength in this area ensures that the product continues to be viable.

We offer different levels of support and define them clearly in their terms.

Proactive monitoring and testing

A third party audit assesses security to make sure we are safe:

We penetration test the system annually using a third party, independent of our business.

Any recommendations from the pen tests are carried out within 90 days depending on the risk level.

Staff training and upskilling

We work together to learn and build on our knowledge:

We regularly upskill our dev team to ensure each team member understands another role.

We have full documentation and a full QA of new developments.

We have weekly upskilling sessions where we share new functionality and refresh knowledge of the team.