Security is designed into the way Six Star Stay handles auth, data, and guest workflows.

Admin and cleaner accounts are authenticated through Clerk. Guest checkout links are tokenized and intentionally scoped so guests do not need a full account to complete a checkout flow.

Operational records are stored in Convex. Sensitive credentials are managed through environment variables and deployment configuration, not exposed in public client code.

Messaging infrastructure is limited to operational use cases such as checkout and cleaner notifications. Delivery events and status records can be logged for support and audit purposes.

If you believe you have found a security issue, contact support@sixstarstay.com with the details. Please do not publicly disclose issues before we have a chance to investigate and respond.