Security

updated on: 11 february 2026

Introduction
HQ Rental Software (by Caag Software) provides a cloud-based information management solution for car rental companies worldwide. Protecting the confidentiality, integrity, and availability of our customers’ data is central to how we build and operate our platform. This page provides an overview of the technical and operational measures we have in place to safeguard your information.

Cloud Infrastructure & High Availability
HQ Rental Software operates on a cloud-based infrastructure hosted in certified Tier 3 data centers, providing enterprise-grade physical security and redundancy. Our infrastructure spans multiple regions — Americas, Europe, and Asia — with region-aware routing to ensure high performance and service continuity.

We guarantee a 99.9% uptime, which can be monitored transparently via our Live Status Page: https://status.hqrentalsoftware.com/

Data Isolation
Each customer operates on a dedicated and isolated database, ensuring complete separation of data between tenants. This architecture also allows us to move any customer to their own dedicated server if needed.

Uploaded files are stored on secure servers (Amazon S3) without their original filenames. Only the specific tenant database holds the metadata required to access these files.

Encryption & Identity Protection
All communications between users, third parties, and HQ Rental Software are encrypted using SSL/TLS 1.2/1.3 via HTTPS.

Sensitive data fields, such as API credentials and payment tokens, are encrypted at rest using the AES-256-GCM standard.

User passwords are stored using the bcrypt (12 rounds) one-way hash algorithm. This produces a fixed-length fingerprint that cannot be reversed. Even a small change to the input produces a completely different hash, ensuring that passwords remain protected while still allowing us to verify credentials during login.

Account Security & Two-Factor Authentication (2FA)
In order to access HQ Rental Software, users are provided with a username and password. It is the responsibility of the user to ensure this username and password combination is kept secure.

As an additional security measure, users can enable Two-Factor Authentication (2FA) directly within their user profiles. 2FA adds a token-based verification step on top of the standard username and password, and we recommend enabling it for accounts handling sensitive data.

Network Security
HQ Rental Software employs multiple layers of network defense to protect against external threats.

Our servers utilize firewalls that only allow traffic through Port 80 (HTTP) and Port 443 (SSL). Access for system administrators requires unique security certificates — password-based logins and root access are strictly disabled. Once authenticated, administrators must escalate their login status through an additional password.

We use Anti-DDoS protection and a Web Application Firewall (WAF) to filter malicious traffic at the perimeter before it reaches our infrastructure.

Our codebase is continuously scanned for vulnerabilities and insecure data flows through automated security analysis tools. We also proactively monitor for potential leaks of user credentials on the dark web to prevent unauthorized access.

Backups & Redundancy
Our backup strategy is designed for data integrity and recovery.

We operate a master-slave replication architecture, meaning your data is present in at least two different servers at all times. In addition, we perform automated full database backups every 2 hours during peak business hours (5 AM – 9 PM) based on your region and time zone. System logs are backed up daily.

Database backups are stored indefinitely on Amazon S3 to support long-term auditing and recovery needs.

Email
HQ Rental Software uses a third-party service to send and receive emails through the system via a shared account / IP address. We make all efforts to prevent being blacklisted by the most popular email services. Users can request a dedicated IP for an extra monthly cost.

Compliance
HQ Rental Software is committed to meeting international security and privacy governance standards. Our platform and internal processes are designed in alignment with the General Data Protection Regulation (GDPR) and NIST cybersecurity frameworks. We are actively pursuing ISO 27001 and SOC 2 Type 2 certifications.

Contact
If you have any questions or concerns regarding the security of your data, please contact us at [email protected]

Cookie	Duration	Description
__cfduid	1 month	The cookie is used by cdn services like CloudFare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information.
_icl_current_language	1 day	Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie	Duration	Description
_ga	2 years	Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information on how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number of visitors, the source where they have come from, and the pages visited in an anonymous form.

Cookie	Duration	Description
1P_JAR	1 month	Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
VISITOR_INFO1_LIVE	5 months 27 days

Security

Sorry, but You need to be on a desktop or laptop to sign up for a trial.

Start your 7-day free trial with HQ Rental Software