Skip to main content

Documentation Index

Fetch the complete documentation index at: https://sailia-mintlify-intercom-migration-1776823910.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

Sailia is built with security and privacy at every layer — from payment processing to customer data handling. This page explains how your data is protected and what controls you have.

Payment security

All card payments are processed through Stripe, which is PCI DSS Level 1 certified — the highest level of payment security certification. Sailia never stores, processes, or has access to full card numbers.
LayerHow it works
Card dataEntered directly into Stripe’s secure payment fields. Sailia never sees or stores card numbers.
Online paymentsEncrypted via HTTPS/TLS between the customer’s browser and Stripe.
Card reader paymentsEncrypted end-to-end between the card reader and Stripe.
RefundsProcessed through Stripe’s API. Sailia sends a refund request; Stripe handles the fund transfer.
Because Sailia does not handle card data directly, your PCI compliance scope is significantly reduced. Stripe manages all card storage and processing.

Data encryption

  • All data transmitted between your browser and Sailia is encrypted using HTTPS/TLS.
  • Data at rest is encrypted in Sailia’s infrastructure.
  • API communications between Sailia and third-party services (Stripe, Xero, Adventuro) use encrypted connections.

Customer data

Sailia stores customer data that you and your customers provide during the booking process. This includes:
  • Contact information — name, email address, phone number
  • Booking history — reservations, purchases, cancellations, and refunds
  • Waiver responses — completed waivers including signatures and uploaded files
  • Membership and pass data — active plans, billing status, and redemption history
  • Family member details — names and details of family account members

Customer data controls

You have several options for managing customer data:
ActionHow to do it
View customer dataOpen the customer profile in your customer dashboard
Update customer detailsEdit the customer’s profile directly or ask them to update via their account
Export customer dataUse the financial dashboard to export transaction and booking records
Delete customer dataContact Sailia support to request deletion of a customer record
Deleting a customer record is permanent and removes all associated booking history, waiver responses, and membership data. This action cannot be undone.

Staff access controls

Sailia uses permission groups to control what staff members can see and do. This lets you follow the principle of least privilege — give each team member only the access they need. Key permission areas:
  • Schedule access — view and manage bookings
  • Financial dashboard — view payment data and exports
  • POS access — process in-person sales
  • Communications — manage workflows and marketing
  • Staff management — add and manage team members
See the Permissions reference for the full list of permissions and recommended role configurations.

Third-party integrations

When you connect Sailia to external services, data is shared only as needed for the integration to function:
IntegrationData shared
StripePayment details, customer email for receipts, refund requests
XeroPayout amounts, VAT breakdowns, invoice line items (no customer personal data)
AdventuroActivity details, availability, and booking confirmations
Google Tag Manager / PostHogAnonymous booking funnel events (no personal data by default)
Review your integration settings periodically to ensure you are only sharing the data you intend to. Disconnect integrations you no longer use.

Email and communication

Sailia sends emails on your behalf for booking confirmations, refunds, waitlist notifications, and automated workflows. These emails are sent through Sailia’s email infrastructure.
  • Emails include your business name and branding
  • Customers can unsubscribe from marketing communications
  • Transactional emails (booking confirmations, refunds) cannot be unsubscribed from as they relate to active transactions

Your responsibilities

As the business using Sailia, you are responsible for:
  • Communicating your privacy policy to customers, including how their data is used for bookings and marketing
  • Managing consent for marketing communications through your newsletter forms and booking flow
  • Responding to data requests from customers who want to access, correct, or delete their personal information
  • Configuring appropriate staff permissions to limit access to sensitive data
If you operate in a jurisdiction covered by data protection regulations (such as GDPR in the EU or UK), ensure your use of Sailia complies with your legal obligations. Contact Sailia support if you need assistance with a data subject request.

Reporting security concerns

If you discover a security vulnerability or suspect unauthorized access to your account:
  1. Change your password immediately.
  2. Review your staff permissions for any unauthorized changes.
  3. Contact Sailia support with details of the concern.

Permissions reference

Full list of staff permissions and role configurations.

Customer management

View and manage customer data and profiles.