Security

HTTPS and Encryption

Our site is served over HTTPS. All traffic between your browser and our servers is encrypted, helping to prevent interception or tampering. You should always see a padlock or secure indicator in your browser when visiting Haunted Hotels UK.

How We Protect Your Data

• Secure hosting: The site is hosted on infrastructure that follows industry security practices and is regularly updated.
• Database security: User submissions and reviews are stored in a secure database (Supabase) with access controls, encryption at rest, and no public exposure of sensitive credentials.
• No payment data: We do not collect or store credit card or payment information. Any booking or purchase is handled entirely by third-party booking sites.
• Security headers: We use headers such as Strict-Transport-Security, X-Content-Type-Options, and X-Frame-Options to reduce risks like clickjacking and content sniffing.

What You Can Do

To stay secure when using our site and the internet in general:

• Use a strong, unique password for any account you create on other sites you reach from our links (e.g. booking or review platforms).
• Be cautious when clicking links in emails. We will not ask you for passwords or payment details by email.
• Keep your browser and device updated so you benefit from the latest security fixes.

Reporting a Security Issue

If you believe you have found a security vulnerability on Haunted Hotels UK, please report it responsibly. Contact us via our contact page and describe the issue in general terms (e.g. type of vulnerability and page or feature affected). We will respond as quickly as we can and will not take legal action against researchers who report in good faith.