We know how critical is the security of your information.
Here is how we keep it safe.
Your Airbnb account
We made some radical design decisions to protect your Airbnb accounts.
Why? Ultimately, because ours are stored here too.
Your password is not stored.
Your Airbnb account password is never stored by us. As a matter of fact, it would be useless to us, since we connect to Airbnb using their API. This is for example how we obtain the profile of a user. As you will notice, there is no form to enter a password.
Instead of using your password, your account is authenticated using a token that is requested to Airbnb the first time you connect your account to Smartbnb. Once a token has been obtained, the password is wiped out of memory, and never touched our database.
Airbnb's API helps us secure your account.
Airbnb's API offers a system of authentication with a disposable token. Using this method of identification helps secure your Airbnb credentials:
- 1. It is impossible to change the account's password with the token. We couldn't change the password if we wanted to.
- 2. If the password is changed by the account's owner, all tokens generated previously are immediately rendered useless by Airbnb.
This means the account's owner retains full control over their Airbnb account.
Your token is heavily encrypted and secured.
A token looks like
LuBxHJyXmX7oB9x33IMg5Tm4C. However, for security considerations, the token cannot be stored in that form and has to be securely encrypted.
We encrypt your token using the same encryption standard that is used to secure the Internet (RSA-2048 bits). There is no master password: each token is encrypted using their own key pairs. The (private) key is itself encrypted using AES-256. In addition, the encrypted token, and the keys, are not accessible from the public Internet.
The token would be useless without the keys. As a result, a data thief would not be able to make use of the token.
What it means
Still worried? Use Co-Hosts.
The ideal solution would be for Airbnb to give public access to their API. The next best thing is Airbnb's new "additional host" feature.
If you are still reluctant with giving us access to your main account, you can still use Smartbnb with a secondary account.
Once that secondary account is created (with another email address and password), give it permission to manage a listing. Go to your Manage Listing page and select a Listing. On the left menu, under Management, select Additional Hosts. Invite your secondary account and approve it.
You can then connect that secondary account to Smartbnb. Just like other connected accounts, we won't be able to access payout information or personal details.
This will also give you access to two tools on Airbnb's side:
- Airbnb will give you control tools to remove access from that secondary account to your main account. Of course, you can already sever the link with your Airbnb account from Smartbnb.
- Airbnb will give you access to an independent history of our actions on your Airbnb account. This is something we already do on our side by giving you access to our logs.
All communications between Smartbnb and your browser are transmitted over TLS (HTTPS). This allows us to protect your security details against any eavesdropping. HSTS is also implemented to ensure browsers interact with Smartbnb only over HTTPS.
HTTPS is also enforced when our servers exchange information with Airbnb's API.
All communication by email from us will identify you by name, or will be cryptographically signed for email@example.com. We will never ask you for any personal information by email.
To securely countact Smartbnb by email, we advise you to use the PGP key below.
In compliance with PCI-DSS requirements, we do not process or store credit card details. No payment method information ever hits our servers.
We hand off credit card and PayPal processing to Braintree. They power online transactions for thousands of businesses and comply with PCI standards in the storage and handling of credit card information.
We follow industry standards practices to secure our servers (located on premium data centers with restricted access, strong authentication and identification required, firewall protection).
To make sure that our efforts are always up to date, we submit ourselves to daily security vulnerabilities scans by McAfee and Qualys. In addition to our own efforts, those frequent security scans help ensure that no vulnerability is putting your data at risk.
Report a security issue
Security vulnerabilities are an unfortunate but common issue in software. We take them very seriously and we appreciate your help in notifying us of vulnerabilities in a responsible manner. We will respond to any security issue within a maximum of 24 hours.
Responsible Disclosure: We would like to keep Smartbnb safe and secure for everyone. If you have discovered a security vulnerability we would greatly appreciate your help in disclosing it to us in a responsible manner.
Publicly disclosing a vulnerability can put the entire Smartbnb community at risk. If you have discovered a possible vulnerability we would greatly appreciate you emailing us at firstname.lastname@example.org. We will work with you to assess and understand the scope of the issue and fully address any concerns. We will ensure that issues are addressed rapidly. Any security emails are treated with the highest priority as the safety and security of our service is our primary concern.
Secure your message
E4F2 22D1 3AFE 646B 1EB8 6C74 3CFC 256B 3680 8E44