Security & Compliance

Enterprise-Grade Security

Your data is protected by industry-leading security practices, encryption, and compliance standards.

Security Architecture

Six pillars that protect your data from ingestion to insight.

Encryption at Rest & in Transit

All data is encrypted using AES-256 at rest and TLS 1.3 in transit. API keys and credentials are stored in isolated, encrypted vaults - never in source code.

Secure Integrations

POS, payroll, and inventory connections use OAuth 2.0 or encrypted API tokens with least-privilege scoping. We never store raw credentials from third-party systems.

Role-Based Access Control

Granular RBAC lets you control who sees what - from location-level operators to portfolio-level executives. Every action is audit-logged.

Data Isolation & Residency

Each customer's data is logically isolated. We support regional data residency requirements and can deploy within specific geographies on request.

Infrastructure & Monitoring

Hosted on enterprise-grade cloud infrastructure with automated failover, active monitoring, and documented incident response practices.

Audit Logging & Transparency

Every data access, export, and configuration change is logged. Customers can request audit trails and compliance documentation at any time.

Compliance & Certifications

GDPR

Full compliance with EU General Data Protection Regulation including data subject rights, lawful basis processing, and DPA availability.

SOC 2 Type II

In progress

Pursuing SOC 2 Type II certification covering security, availability, and confidentiality trust service criteria.

Data Processing Agreements

Standard DPAs available for all enterprise customers. Custom data handling terms negotiable for large deployments.

Penetration Testing

Regular third-party penetration testing and vulnerability assessments. Findings are remediated within defined SLAs.

Questions About Security?

Our team is happy to discuss our security practices and compliance certifications.