Isolation
Guest and reservation isolation
Ownership filters on reservation, message and request queries. No authenticated guest can read another's conversation, invoice or request by changing an ID.
0 cross-reservation leaks
Service · AI code audit · Hotels & hospitality
AI code audit for hotels and hospitality.
You shipped an AI concierge on Lovable, a booking widget on v0 or a review-reply bot on Cursor. We audit before one guest reads another's conversation — or before a PMS token ends up in the client bundle.
What we solve
PCI scope doesn’t disappear because an AI built it.
An AI concierge has access to guest requests, reservation records and, if the booking-engine integration was rushed, fields close to payment data. A booking widget built on v0 can ship with the Supabase service_role key in the bundle. A review-reply bot sometimes trains on past responses that contain last names and room numbers.
We audit the code your team built with AI through the sector lens: guest and reservation isolation, careful handling of PCI scope, custody of PMS and booking-engine tokens, and the logs where last names, dates and truncated card references show up when they shouldn’t.
What we build for this sector
Use cases that ship to production.
PCI
Watch what touches payment scope
If the AI agent sees any payment-flow data — even truncated fields or card references — PCI scope follows. We trace what reaches the model, what stays in logs and what travels to external providers.
PCI scope drawn and documented
Tokens
Custody of PMS and booking-engine tokens
Tokens for Mews, Cloudbeds, Opera, SiteMinder, Booking — where they live, what they can do, whether they're in the client bundle, whether they rotate. And what happens if one property's token leaks into another's.
Tokens off the client · rotatable
PII in logs
Last names, room numbers and dates in logs
console.log statements with guest data surviving the build. Hosting platforms retaining logs for weeks. What's ‘debug’ for your team is personal-data retention under GDPR.
Zero guest PII in external logs
A real scenario
A hotel group with 11 properties.
Boutique chain, 11 hotels, single AI concierge across all of them, built in six weeks on Lovable. Audit done before enabling the agent to handle requests touching reservations and billing.
Before the audit
The concierge answered wifi, breakfast and transfer questions well. When they started testing it on real requests (date change, invoice, cancellation policy), they discovered the reservations API accepted any reservation ID without verifying the guest. The Supabase service_role key was reaching the client so the check-in photo upload would work.
After the audit
9 findings. 3 criticals resolved before the full rollout: ownership filter on the reservations API, service_role key removed from the client and replaced with a signed upload endpoint, RLS policies on reservations and messages tables, and a sweep of the Vercel logs where last names and room numbers were showing up.
3 criticals fixed before rollout to 11 properties
We connect to your stack
Integrations that matter in this sector
CRM
HubSpot
Mid-market CRM with broad APIs — a natural fit for sales agents and lead enrichment.
COMMS
Microsoft 365 / Outlook
Email, calendar and SharePoint as channel and context — triage, drafting and RAG over your inbox and files.
Frequently asked
What clients ask us
- 01
We handle guest data and room numbers. How do you treat it?
Under NDA, with read-only repository access. We don't touch real data: we read code and migrations. If we need to probe an endpoint, we use synthetic accounts in a staging environment.
- 02
We have an old PMS (Opera, Sihot) and the AI agent talks to it via API. Do you cover that?
Yes. We audit the connector — what permissions it asked for, what tokens it stores, how it handles errors and retries. If your PMS has no modern API and integration runs on flat files, we read that too.
- 03
If the AI agent brushes against the payment flow, does it affect our PCI scope?
Probably yes, though the exact shape depends on what the agent sees. We document which payment-flow data reaches the model and logs, tell you how to isolate it, and provide what your PCI auditor will ask for.
- 04
We get reviews on Booking and reply with a bot. Is there risk in that?
Small but real: the bot can train on past replies that include last names, cite room numbers or specific stays, and post text you wouldn't want on a public review. We audit what context reaches it and what it publishes before it goes live.
Same sector, other services
Trust
Safe, traceable AI,
enterprise-ready.
We design for privacy from the start, human control, traceability, usage limits, permissioning and documentation. For sensitive processes, we help assess risk and applicable obligations under GDPR and the EU AI Act.
- 01We never train models on your data without explicit authorization.
- 02Human review built-in for processes where risk demands it.
- 03Traceability: prompts, sources, permissions, errors and metrics — documented.
- 04Privacy, security and control integrated from day one.
- 05Solutions engineered to be maintained, audited and improved over time.
GDPREU AI ActAEPDISO 27001 readyEU data residency
Personal diagnosis
We work with
few clients.
Every engagement is led personally by one of the partners. If there's a fit, you get a personal first read of your case within one business day — not a canned demo.
How we work
- 01Tell us which process eats your time
- 02Personal reply within one business day
- 0320-minute call — no demo, no pitch