Security & data ownership

Your payments. Your data. Your exit.

Two of the loudest complaints about legacy limo software are that the vendor holds your card processing funds and that leaving means losing your reservation history. Neither is true on Limozoft. This page spells out exactly how.

Your payments go to your own Stripe account

Every Limozoft account is wired to a Stripe account that you own and control. Card payments settle directly from Stripe into your business bank account on Stripe's normal payout schedule — usually 2 business days in the US, 7 days on a first payout. Limozoft never holds your money, never sits in the flow of funds, and cannot freeze payouts.

If you close your Limozoft subscription tomorrow, your Stripe account, your saved card tokens and your payout history stay with you. That is the opposite of the “merchant of record” model where the software vendor is the party Stripe pays.

Your data — full export any time, no exit fee

Every reservation, chauffeur, vehicle, customer, corporate account, rate card and invoice in Limozoft is exportable to CSV from the admin console at any time by any admin user. No support ticket, no service fee, no notice period.

On written request we will also provide a full SQL dump of your tenant data within 5 business days at no cost. This is a contractual right, not a favour — it is written into the standard Limozoft terms.

What's in a full export

  • Reservations (past, present, future) with every field
  • Customer records and saved payment method references (Stripe token IDs, not raw card data)
  • Chauffeur, vehicle and rate card configurations
  • Invoices, PDF copies and payment history
  • Corporate account structures and PO numbers
  • Booking-widget submission history

Where your data lives

Application and database are hosted on managed cloud infrastructure in the region closest to your operation — US East for North American accounts, EU (Frankfurt) for European accounts. Data at rest is encrypted with AES-256; data in transit uses TLS 1.2 or higher.

Nightly automated backups are retained for 30 days. Point-in-time restore is available on request for the past 7 days.

Access controls

  • Role-based permissions (owner, dispatcher, chauffeur, accountant, read-only)
  • Optional two-factor authentication on any user account
  • Session invalidation from the admin console — kick a device instantly
  • Full audit log of who did what, retained for 12 months

GDPR & privacy requests

Limozoft acts as data processor; you are the data controller for your customer records. Access, rectification and erasure requests from your end customers are handled through the admin console — search a customer, export their record, then delete it. Deletion propagates to backups within 30 days.

Subprocessors

A short, honest list — every third party that touches operator data:

  • Cloud hosting & database — managed cloud provider (US East / EU Frankfurt)
  • Payments — Stripe (your own account, not ours)
  • Transactional email — Resend
  • SMS notifications — Twilio (only if enabled on your account)
  • Flight status — FlightAware / AeroAPI

We update this list before adding a new subprocessor. Ask your account manager to be added to the change-notification list.

Uptime & incident response

Target monthly uptime is 99.9%. Actual uptime for the last 90 days is published on request. Incidents are triaged within 15 minutes during business hours and 60 minutes overnight. Operators on record for the account are notified by email within 30 minutes of a confirmed production incident.

Reporting a security issue

Suspected vulnerability or account compromise? Email security@limozoft.com. We acknowledge within one business day. Responsible disclosure is welcomed and credited.

Questions this page doesn't answer? Contact us and we'll add them.

Talk to the team behind the platform

Book a 30-minute demo. We'll answer any security or data-ownership question live, on the record.

Book a demo →