Last updated: 28 May 2026. Security should be treated as an operating practice, not a one-time document. This page will evolve as Welcomly grows.
What we protect
Welcomly projects may include guest-facing but sensitive operational details: WiFi credentials, access codes, lockbox location, backup contacts, bin instructions, property quirks, and emergency guidance. We use these details to build your guide and avoid exposing anything that should remain private.
Guest guide publishing
Finished guest guides are designed for sharing with booked guests. Hosts should only include details they are comfortable making available to people with the guide link. For highly sensitive access details, we can use wording that explains the process without publishing the full private credential if that is safer for the property.
Payments
Welcomly does not collect card details through the intake form. Payment is handled through Stripe payment links after project approval.
Hosting and transport security
- Welcomly public pages and hosted guides use HTTPS when deployed through Netlify or another modern host.
- Form submissions are handled by trusted infrastructure providers rather than a custom payment or credential database.
- Netlify function endpoints are not intended for search indexing.
- Optional Care plans include hosting oversight and backups for supported guides.
Host-side recommendations
- Rotate lockbox and smart-lock codes regularly.
- Avoid publishing owner-only phone numbers or internal maintenance details in a guest guide.
- Use a separate guest WiFi network where possible.
- Tell Welcomly promptly when access details, emergency contacts, or safety information changes.
Reporting issues
If you believe a Welcomly page exposes incorrect, private, or unsafe information, email hello@welcomly.org with the page URL and a short description. We prioritise safety and access-related corrections.