DowntownWorks

Trust & Security

How we protect your booking, payment, and personal information.

Last updated: June 2026. This page describes the controls we have in place today. It is not an independent certification.

Data protection

  • All data in transit is encrypted with TLS. Stored data is encrypted at rest by our hosting provider.
  • Customer records (bookings, contact info, billing address) are isolated by account using row-level security in our database, so you can only see and manage your own bookings.
  • Internal operational fields (location IP allowlists, geofencing coordinates, check-in PIN hashes, internal integration IDs) are never exposed to public visitors or to customer accounts.

Payments

  • Payments are processed by Stripe. We never see or store your full card number, CVV, or bank credentials.
  • Each Downtown Works location uses its own Stripe account, so charges and refunds are scoped to the location you booked.
  • Bookings are only confirmed after Stripe sends us a verified payment webhook — never from a browser redirect alone.

Check-in & access

  • Your booking QR code is bound to a one-time nonce. If a booking is cancelled or marked no-show, the QR token is voided server side and can no longer be used to check in.
  • Check-in attempts are validated against the location's allowed network and geofence, and every successful or flagged check-in is recorded in an audit log.

Account & administrative access

  • Administrative actions (cancellations, room moves, no-show marks, configuration changes) require a signed-in admin and are written to an append-only audit log.
  • Operational role checks are enforced server-side; the browser cannot grant itself elevated access.

Reporting a security issue

If you believe you've found a vulnerability or have a security concern, please email security@downtownworks.com. We'll acknowledge your report and follow up with next steps.

Privacy & terms

For details on the data we collect and how it's used, see our Privacy Policy and Terms of Service.