Cloudbeds Guest Experience Security

Media Attachment Security

Every image or file uploaded through Whistle is automatically scanned for potential security threats before it can be downloaded.

This malware detection process helps identify:

• Viruses
• Malicious file content
• Potentially harmful attachments

If a file is identified as unsafe, it may be blocked from download to protect users and devices.

QR Link Detection

QR codes contained within uploaded attachments are also subject to security scanning.

Supported Behavior

• QR codes containing URLs may be scanned and flagged if considered suspicious or unsafe.
• QR codes containing non-URL content, such as WiFi password strings or plain text data, are not flagged.

This additional layer of protection helps reduce phishing attempts and malicious redirect activity.

Supported Media Upload File Types

For security purposes, media uploads are currently limited to the following file types:

• image/jpeg
• image/jpg
• image/png
• image/gif
• image/webp
• image/heic

Files outside of these supported formats may be rejected during upload.

Link Security

External links containing unapproved domains may be blocked if the domain has not been previously whitelisted.

Automatically Approved Cloudbeds Links

The following Cloudbeds-related links are automatically allowed:

• Guest Portal links
• Booking Engine links
• Other internal Cloudbeds domains

Requesting Domain Approval

If a message is blocked due to an unapproved external link, please contact Cloudbeds Support to request domain review and whitelisting.

Once a base domain is approved:

• All links from that domain will send normally
• Subpages are automatically included
• UTM parameter variations are also supported

Example:

• example.com
• example.com/offers
• example.com/?utm_source=email

All would be permitted once example.com is approved.