Data Security

How we protect your business data

FreshTally handles sensitive hospitality business data — inventory records, financial transactions, staff schedules, and event details. We take security seriously at every layer of the platform.

Encryption in Transit

All data transmitted between your browser and our servers is encrypted using TLS 1.2+ (HTTPS). No exceptions.

Encryption at Rest

Database storage and file uploads are encrypted at rest using AES-256 encryption on cloud infrastructure.

Tenant Isolation

Every organization's data is logically isolated. Your inventory, staff, and events are never accessible to other tenants.

Access Control

Role-based access control (RBAC) ensures staff only see what they need. Nine distinct roles from Viewer to Owner.

Automated Backups

Database snapshots are taken regularly. In case of data loss, recovery is available within the retention window.

Secure Infrastructure

Hosted on enterprise-grade cloud infrastructure with DDoS protection, firewalls, and monitoring.

Authentication Security

  • Passwords hashed with bcrypt (cost factor 12) — never stored in plain text
  • Session tokens signed with HMAC-SHA256 and rotated on authentication events
  • Staff PIN-based access uses separate authentication flow with limited permissions
  • CSRF protection on all form submissions and API endpoints
  • Secure password reset flow with time-limited tokens

Data Protection Practices

  • All API endpoints validate authentication and authorization before processing requests
  • Audit logging tracks sensitive operations (inventory adjustments, count postings, approval actions)
  • Payment processing handled entirely by Stripe (PCI DSS Level 1 certified) — we never store card data
  • File uploads stored in encrypted cloud storage with access-controlled signed URLs
  • Data deletion available upon account cancellation with 90-day retention window

Responsible Disclosure

If you discover a security vulnerability in FreshTally, please report it responsibly to [email protected] with the subject line "Security Vulnerability". We will acknowledge receipt within 48 hours and work to address the issue promptly.

Questions about security?

Enterprise customers can request a detailed security questionnaire or schedule a security review. Contact us at [email protected].