Protecting your data. powering your operations.

Information Security

At Wheelsys, security and compliance are not optional add-ons — they are foundational pillars of the Wheels Car Rental System. Every feature, integration, and workflow is designed to safeguard your data, ensure operational continuity, and keep your business compliant with global standards.

Whether you manage a small rental fleet or operate an international leasing and mobility network, your system must be secure, reliable, and aligned with the strictest regulatory frameworks. That’s why security is deeply embedded in every layer of the Wheels ecosystem.

Enterprise-Grade Security

Cloud Infrastructure Security

Wheels is hosted on robust, geographically distributed cloud infrastructure with built-in redundancy, secure networking, and continuous monitoring. Your data is protected at rest and in transit with modern encryption protocols.

Data Encryption

All sensitive information — including customer data, payment details, fleet records, financials, and contract documents — is encrypted using industry-leading standards.

Application-Level Protections

Firewalls, rate limiting, session controls, and multi-factor authentication (MFA) ensure that only authorized users can access your account and data.

Role-Based Access Control (RBAC)

Every user gets only the permissions they need — nothing more. This safeguards sensitive financial, operational, and contractual information from unauthorized access.

Compliance You Can Trust

GDPR Compliance

Wheels is fully aligned with GDPR requirements for data processing, storage, retention, and user privacy, ensuring European operators maintain legal compliance.

PCI-DSS Ready

For operators using online payments, Wheels integrates with PCI-DSS–certified payment partners, ensuring secure handling of credit card and digital payments.

IFRS 16/17 Support

Our financial workflows and reporting tools support IFRS 16/17 lease accounting requirements, making compliance easier for leasing companies and auditors.

Auditable Processes

Detailed logs, history tracking, and transparent records make Wheels audit-ready at all times.

Secure Integrations & API Management

Wheels communicates with dozens of services — OTAs, GDS platforms, payment gateways, telematics systems, kiosks, and more.
Every integration follows strict security practices:

Your ecosystem stays open where it should be — and locked where it must be.

Operational Continuity & Reliability

Redundant Architecture

If a server fails, your operations don’t. Wheels is built with redundancy at multiple levels to ensure consistent uptime.

Daily Backups

Your data is automatically backed up with secure retention policies. Recovery procedures are tested regularly for reliability.

High Availability

Our system is engineered to support thousands of users, across multiple geographies, with strong performance even under heavy loads.

Privacy by Design

We follow the principle of privacy by design, meaning:

This ensures operators respect end-user privacy from day one.

Continuous Monitoring & Updates

Security is never “done.” Wheelsys maintains a continuous improvement program that includes:

Our engineering and DevSecOps teams work every day to keep your environment safe.

Your Trust. Our Responsibility.

Mobility and leasing operations rely on sensitive data — customer identities, contract documents, payment details, fleet information, telematics data, and financial records. Protecting this data is our responsibility, and we take it seriously.

At Wheelsys, we build technology with the reliability, compliance, and security that enterprise operators demand.

Certificates

ISO 27001

ISO/IEC 27001 is an international standard for information security management systems (ISMS), designed to help organizations systematically manage sensitive information and ensure its confidentiality, integrity, and availability. It provides a risk-based approach to identifying, assessing, and mitigating security threats, and outlines best practices for implementing and maintaining effective security controls.

Achieving ISO 27001 certification demonstrates an organization’s commitment to information security, regulatory compliance, and continuous improvement. The standard is applicable to organizations of all sizes and industries, promoting a culture of security awareness and structured information governance.

Download the certificate ISO 27001

ISO 22301

ISO 22301 is an international standard for business continuity management systems (BCMS), aimed at helping organizations prepare for, respond to, and recover from disruptive incidents. It provides a structured framework for identifying critical business functions, assessing potential threats, and developing plans to maintain operations during crises such as natural disasters, cyberattacks, or supply chain failures.

By implementing ISO 22301, organizations can enhance their resilience, minimize downtime, and protect their reputation and stakeholder interests. The standard is applicable to all types and sizes of organizations, emphasizing proactive planning and continuous improvement to ensure operational continuity under adverse conditions.

Download the certificate ISO 22301

PCI DSS 4.1

PCI DSS Level 1 is the highest level of compliance under the Payment Card Industry Data Security Standard, required for organizations that process over 6 million credit or debit card transactions annually or have experienced a data breach. This level mandates the most stringent security requirements, including an annual on-site assessment by a Qualified Security Assessor (QSA) and regular network scanning by an Approved Scanning Vendor (ASV).

Level 1 compliance ensures that a company has robust security controls in place to protect cardholder data, covering areas such as encryption, access control, vulnerability management, and incident response. Achieving Level 1 compliance demonstrates a strong commitment to data protection and significantly reduces the risk of payment card fraud and data breaches.

Download the certificate PCI DSS 4.1