Security & privacy
Built on Supabase + Postgres with organization-level data isolation and modern security controls.
Organization data isolation
- Multi-tenant architecture with organization-scoped access controls
- Row Level Security (RLS) policies in the database to prevent cross-org access
- Strict server-side validation on sensitive operations
Transport security
- HTTPS/TLS for browser and API traffic
- Secure cookies and modern browser protections where applicable
- Least-privilege access for public endpoints
Access control
- Role-based permissions for staff and managers
- Per-terminal authentication for POS devices (when used)
- Optional two-factor authentication for admin access
Monitoring & abuse prevention
- Rate limiting on authentication and sensitive routes
- Audit logging for important actions
- Operational tooling to investigate issues and support customers
Privacy & compliance
- GDPR-aware data handling and customer rights support
- Data minimization: collect only what is needed to run the service
- Cookie controls for preferences
Need help with security requirements?
Start a free trial, or pick a bundle and explore the platform.