Access control
Production admin access should use named accounts, strong passwords, two-factor authentication and least-privilege roles.
How Stay Summers protects accounts, product data and integrations.
Security
Security controls should become stricter before any public SaaS launch.
Controls
Baseline security standards.
Token handling
Meta access tokens and secrets should be stored server-side, encrypted at rest and never exposed in client code.
Logging
Important user, admin and integration events should be logged for abuse review and support.
Data retention
Personal data should be retained only as long as needed for product operation, support, safety or legal obligations.
Disclosure
Report a vulnerability.
Send security reports to security@staysummers.com. Include product name, affected URL, reproduction steps and impact.
security-contact: security@staysummers.com
preferred-language: vi, en
expected-response: 2 business days