Security and Compliance

Keep your guest and property data secure

Protect sensitive information with enterprise-grade security and privacy features. With Mews, safeguarding your property and guest's trust is built into every part of the platform.
Book a demo

Highlights

  • Thumbnail showing the Microsoft Azure logo.

    Simplify access

    Centralize user management with SSO + SCIM and onboard new users in under 30 seconds. No extra software or complicated setup required.

  • Thumbnails showing Mews compliance with ISO2700, AICPA SOC2, GDPR and PCI DSS.

    Get peace-of-mind

    Trust in our 99.97% uptime, 24/7 monitoring, disaster recovery and adherence to global standards like ISO 27001, SOC 2, PCI DSS, GDPR, and NF525.

  • Thumbnail showing secure lock icon.

    Stay secure

    Protect staff accounts with passkeys, 2FA, trusted devices and device-level approvals. Reduce password fatigue and avoid shared login risks.

  • A thumbnail showing 4 shield outlines with the second one filled in.

    Grow with confidence

    Mews security covers every property, location and user role, and is included in all of our packages.

01

User Access

  • Passkeys

    Enable logins with biometrics or PINs on a phone or hardware key. Setup takes less than 30 seconds per user. Free and available to all Mews users as standard.

  • SCIM Logo

    SCIM user provisioning and deprovisioning

    Grant or revoke access automatically when staff start or leave. Increase onboarding and offboarding security and boost consistency across all properties.

  • SSO Cloud icon with a key within it.

    Single Sign On (SSO)

    Say goodbye to passwords on sticky notes. Give your staff members a secure way to log in to all authorized tools using one set of credentials you control.

  • Two-factor authentication

    2FA provides an added layer of protection against unauthorized access to sensitive information and data breaches from hackers.

02

Platform security you can trust

  • Microsoft Azure Icon Logo

    Built on Microsoft Azure

    Along with the security guarantees and SLAs from Microsoft and utilization of their multi-geography data centers, having a cloud-based (and native) platform minimizes the surface exposed to potential attacks. If an attack were to occur, automatic and continuous data backup allow for rapid restoration.

  • Continuous security testing

    To bolster system security, parts of our system continuously undergo penetration testing by a third party, looking for risks or weaknesses in the security, before they can be hacked. Additionally, we have established a Bug Bounty Program to leverage a community of ethical hackers for continual testing and disclosures. We also go through audits, certifications, due diligence processes and pen tests.

  • Automatic updates

    Stay protected against emerging threats with regular automatic updates and patches to the platform.

  • 99.9% uptime

    The Mews PMS SLA guarantees 99.9% uptime, with a 12-month average of 99.97%.

03

Compliance and certifications

To give you and your guests peace of mind, Mews meets industry standards and best practices in safeguarding sensitive data – we are GDPR, ISO27001, NF525, PCI DSS and SOC 2 Type 2 compliant. Our policies and processes are designed to meet the stringent standards of security and privacy certifications, prioritizing your privacy and data security at every step.

    GDPR EU Logo
    ISO 27001 logo
    PAR AFNOR Certification logo
    PCI DSS logo
    AICPA SOC 2 Logo
04

Payments data, protected

  • Tokenization

    Guest payment details are securely tokenized and stored, so properties never see unencrypted card data. This enables seamless repeat payments, reduces PCI DSS compliance scope, and enables one-click payments without exposing sensitive card data.

  • PCI P2PE logo

    Point-to-Point Encryption (P2PE)

    Cardholder information is encrypted directly at the Mews Terminal card reader and only decrypted securely on the Mews system. This ensures properties never access unencrypted card data, keeping payments safe at every step. 

  • PCI DSS logo

    PCI DSS

    Mews is fully certified under the Payment Card Industry Data Security Standard (PCI DSS). This rigorous compliance helps properties prevent fraud, build guest trust, and ensures account data is handled securely. 

  • PSD2 logo

    Payment Services Directive 2 (PSD2)

    Mews Payments follows PSD2 regulations, including Strong Customer Authentication (SCA), to verify that customers are who they claim to be. This protects guest accounts and reduces the risk of fraudulent transactions. 

05

Disaster recovery

  • Local high availability cluster

    Two identical replicas of the database are stored so that we can retrieve the second one in the case of an incident.

  • Point in time restore

    If needed, we’re able to restore a complete database to a particular point in time – even up to 35 days back.

  • Daily snapshots

    Every day, we take a snapshot of the primary database using the point-in-time restore capability to another backup server.

Giving guests control

Guests can manage their personal data, request profile deletion and select which data can be shared with the property.
A family on holiday diving into a swimming pool.