Security Policy
Last updated: 21st November, 2025
At Burra Motor Inn, we prioritize the security of our website, systems, and guests. This Security Policy explains how we protect our digital environment against threats and maintain a safe experience.
Scope of our Security Policy
This policy applies to any digital assets owned or operated by Burra Motor Inn, including our main website at burramotorinn.com.au.
Website & Infrastructure Security
We use industry-leading tools like Cloudflare to protect against Distributed Denial of Service (DDoS) attacks, malicious traffic, and common web vulnerabilities. We also use Cloudflare Turnstile and other spam-protection measures to detect and block automated abuse, ensuring genuine users can access our services securely.
Our servers run up-to-date software with regular security patches applied promptly. Sensitive data is stored on secure servers that undergo routine security audits.
All data transmitted between your browser and our systems is encrypted using secure protocols such as HTTPS/SSL.
Access Controls
We apply strict access controls to safeguard sensitive systems and data, reducing the risk of misuse, breaches, or unauthorised changes. Our approach includes
Limiting access to critical systems and personal data to authorised personnel only
Enforcing strong authentication methods and security best practices internally
Using role-based access to ensure staff only have permissions necessary for their role
Maintaining detailed access logs to monitor and review activity on critical systems
- Data minimisation practices
We review and update our internal procedures regularly to ensure that personal data is kept safe and treated in accordance with best industry practices.
Payment Security and RoomMaster Integration
All payment transactions are securely processed via RoomMaster, a PCI DSS-compliant property management system developed by InnQuest Software, with Australian support provided by InnQuest Australia Pty Ltd. RoomMaster uses
Tokenisation to ensure that card numbers are never stored in raw form
End-to-end encryption during transmission to protect sensitive data
Strict access controls and logging to monitor all payment-related activity
Role-based access controls to limit who can view or handle sensitive information
Full compliance with the Payment Card Industry Data Security Standard (PCI DSS)
Authorised staff at Burra Motor Inn may have access to certain card details only as required to process bookings and payments securely. These access rights are strictly limited, monitored, and handled in accordance with PCI DSS guidelines and industry standards.
We take this responsibility seriously and implement both digital and physical safeguards to protect your information from misuse or unauthorised disclosure. Sensitive data is securely destroyed when no longer needed.
Email Security Measures
We implement SPF, DKIM, and DMARC email authentication to prevent spoofing and phishing attempts.
Staff are trained to recognize and handle suspicious emails carefully.
Vulnerability Management
Regular security scans and audits are conducted to detect potential weaknesses.
We welcome responsible disclosure of security issues. You can contact us, or you can send us an encrypted message using our PGP public key referenced in our security.txt.
Incident Response
We maintain procedures to quickly respond to and mitigate security incidents.
Any data breaches will be handled promptly in line with legal obligations.
Response Timeline
We aim to acknowledge reports within 3 business days and resolve them as quickly as possible.
Your privacy
For details on how we collect, use, and protect your personal information, please visit our Privacy Policy.
