FAQ
Technical and Security
Common questions about technical and security for commercial sauna, cold plunge, and wellness operators.
Zettlor is a web-based platform - nothing to install. Operators and guests access it through a browser on desktop, tablet, or mobile. The platform uses server-side rendering for fast page loads and is hosted on cloud infrastructure with a global CDN for reliability and speed.
Yes. Zettlor implements administrative, technical, and physical safeguards to protect business and guest data. All connections are encrypted, payment processing is handled by Stripe (PCI-DSS Level 1 certified), and Zettlor never stores raw credit card numbers. Application data is encrypted at rest, and access to operator accounts is protected by authenticated sessions with role-based permissions. For full details, see the Privacy Policy.
Yes. Upon termination, you can request a copy of your business data within 30 days. Zettlor provides the export in a commonly used format within 60 days of the request.
Contact the Zettlor team at [email protected] for any questions, technical issues, or onboarding help.
Yes. Zettlor runs on cloud infrastructure with automated monitoring, alerting, and redundancy. The platform is designed for high availability so booking and payment processing remain operational. Operators can contact [email protected] for uptime details or to discuss reliability requirements for high-traffic events.
Zettlor is not a healthcare platform and does not position itself as HIPAA-compliant. The platform collects waiver signatures and basic health acknowledgments (e.g., "I confirm I have no contraindicated conditions"), but does not store protected health information (PHI) as defined by HIPAA. Operators who need to collect detailed medical information should use a dedicated HIPAA-compliant system for that data.
Zettlor follows data protection practices aligned with GDPR and PIPEDA requirements, including data minimization, consent-based collection, the right to request data export, and the right to request deletion. For international operators or facilities serving EU or Canadian guests, Zettlor's data handling is designed to meet these standards. See the Privacy Policy for specifics.
Yes. Zettlor maintains a comprehensive activity log that records every operational event - bookings, payments, refunds, credits, membership changes, pricing updates, customer record changes, and more. Each event is logged with a timestamp and who performed the action. Operators access the full timeline from the staff dashboard with filtering by category and by customer.
Waivers have a dedicated audit record. Every signed waiver preserves the exact language the guest agreed to at the time of signing, along with their electronic signature and a stored copy. If a waiver template is updated later, past signatures retain the original text - critical for liability protection.
Refunds, outbound communications (SMS, email), and staff actions each have their own audit records so operators can trace exactly what happened and when.
Yes. Operators can serve their booking page on a custom domain or subdomain so guests see the operator's brand throughout the booking flow. The booking interface is configurable with the operator's branding, colors, and layout. Setup details are available during onboarding.