Booker Security Policy

Booker Software, Inc. ("Booker", "we", "us" or "our") has created this security policy ("Security Policy") in order to demonstrate our commitment to safeguarding our customers’ data using commercially reasonable and appropriate security controls for such data that we obtain from you on our mobile sites and applications,,, and/or (the "Site") and the services, features, content, or applications we offer (collectively with the Site, the "Booker Service" or "Service").

We reserve the right to change this Security Policy from time to time. Your access and use of the Site and Service is subject to the Security Policy in effect at the time of such access. If we make material changes to our security controls, we will notify you by posting an announcement on the Service or sending you an email; and we will post the most up-to-date version of this Security Policy at Please review this Security Policy frequently to remain informed of Booker’s information security practices. You are bound by any changes to the Security Policy when you use the Service after such changes have been first posted.

We take the confidentiality, integrity and availability of our customers’ data seriously. As part of this effort, we have established a dedicated Information Security team, tasked with all aspects of security: from the physical security of corporate offices and data centers, to the development and operational areas of Information Technology.

Data Security

Booker Software is a PCI Level 1 Service provider and merchant, and must maintain compliance with the PCI DSS standard. Booker Software is listed on the Visa CISP website.

Our information security program is a comprehensive risk management and governance framework designed to assess, educate, protect, detect, and respond to security incidents. It includes controls and procedures from the PCI-DSS standard and other industry standards and best practices.

We conduct automated scans of all our corporate, non-production, and production environments, looking for missing patches and vulnerabilities. We do similar tests on our web applications, including regular penetration testing exercises performed by highly skilled ethical hackers.

We follow alerts issued by various vendors and security groups, especially related to newly found vulnerabilities, also called zero-day vulnerabilities.

We maintain anti-virus, anti-malware, and anti-intrusion controls on all our systems and networks. We review our firewall traffic on an ongoing basis and firewall policies periodically to ensure we only allow legitimate traffic in.

We protect data in transit with strong encryption and selectively use data at rest encryption, tokenization, and data masking.

We use other controls, including but not limited to multi-factor authentication, user lifecycle automation, DDoS protection, web application firewalls, proxy inspection, redundant providers, risk assessments, audits, and contractual provisions.

All security data is analyzed by a dedicated Security Information Event Management system and the Booker Security Team.

Hosting Security

Our hosting providers, Rackspace and Azure, are PCI compliant and have completed the industry standard SOC 1 and SOC 2 certifications. This includes controls and processes such as multi-factor authentication, role-based access controls (RBAC), highly redundant utilities, and a strict change management processes.

More information can be found at:

Recommended Best Practices For You

While Booker meets the PCI requirements of a service provider, you also have your own PCI obligations and other recommended security practices that you are responsible for:

How to Contact Booker

If you have questions about Booker’s security, please email us at

Effective Date: This Security Policy is effective as of December 12, 2018.

Mindbody Logo

Booker is now part of the MINDBODY family. Learn more here.