Bank-grade encryption, role-based permissions, audit logs and venue-controlled access — every interaction protected.
Hotels and clubs handle some of the most sensitive data in the world: identity documents, payment cards, dietary and medical preferences, the schedule of high-net-worth guests. Butlr is built so this data never becomes a liability for the venue.
Every guest ↔ venue message and order is transmitted over TLS. All data at rest is encrypted using AES-256 on Google Cloud. Realtime streams between the iOS app and the venue portal use authenticated WebSocket connections, scoped per venue, per role.
Cleaners see only their assigned tasks. Supervisors see their department. Managers see their property. Owners see the whole group. Roles are enforced server-side — never trusted from the client — with policy rules defined per resource (rooms, guests, orders, payments, settings).
Every privileged action — opening a guest profile, refunding an order, exporting analytics, suspending a venue — is timestamped, attributed, and immutable. Owners can review any administrator’s actions over any time window. Compliance-ready from day one.
Butlr never stores raw card data. Payments flow through PCI-DSS certified processors — UPayments for Kuwait + GCC, Stripe for international. Tokenisation, 3D-Secure, and fraud detection are handled by the processor. The Butlr platform sees only the token and the result.
Discreet mode lets guests opt out of identification at any venue. Private requests can be visible only to the specific staff member fulfilling them. Marketing communication is opt-in, not opt-out. We never sell guest data; we never share it across venues without explicit consent.
You choose which staff see which rooms. Which departments handle which requests. Which managers can change which settings. Butlr enforces it; you control it.