Your data is our highest priority

Every business operates in complete isolation. Row-Level Security ensures no cross-tenant data access — ever.

• RLS policies on every database table
• Tenant context validated on every API request
• No cross-business visibility paths
• Automated isolation testing on every release

Granular permissions enforced on the backend. The UI reflects permissions but never determines them.

• Predefined roles: Admin, Manager, Cashier, Viewer
• Custom permission sets per role
• Server-side enforcement on every mutation
• Activity logging for every permission change

All data encrypted with AES-256 at rest and TLS 1.3 in transit. Webhook payloads signed with HMAC.

• AES-256 database encryption
• TLS 1.3 for all API communication
• HMAC-signed webhook deliveries
• Automatic key rotation support

Every mutation logged with who, what, when, and the complete before/after state. Tamper-evident and queryable.

• Before/after state on every change
• Immutable audit log
• Filterable by user, action, entity
• Exportable reports for compliance reviews

Continuous backups with point-in-time recovery. Your data is always recoverable, even after accidental deletion.

• Point-in-time recovery (PITR)
• Daily automated backup verification
• Encrypted backup storage
• Cross-region disaster recovery ready

The store agent communicates over encrypted channels with PIN authentication and scoped access.

• Encrypted agent-to-cloud channel
• PIN-based operator authentication
• Scoped to receipt printing and sync only
• Automatic session timeout and lockout