Security Practices

All connections between guest browsers, merchant dashboards, and our API servers are encrypted using TLS 1.3 (HTTPS). This protects order data, menu configurations, and account credentials from interception in transit. We enforce HTTPS strictly — HTTP connections are automatically upgraded and rejected at the gateway level.

• TLS 1.3 enforced on all API and CDN connections
• HSTS (HTTP Strict Transport Security) headers enabled
• Certificate pinning on mobile dashboard clients
• All subdomains covered under wildcard SSL certificate

Restaurant menu data, table configurations, and order records are stored in PostgreSQL databases encrypted at rest using AES-256. Automated hourly snapshots are taken and retained for 30 rolling days. Daily backups are retained for 90 days. All backup files are stored in geographically separate cloud storage buckets with restricted access IAM policies.

• AES-256 encryption at rest on all database volumes
• Hourly automated snapshots retained for 30 days
• Daily backup export retained for 90 days
• Off-site replica storage in secondary GCP region

Each restaurant account operates with strict data isolation at the database row level. Restaurant A can never access, view, or modify the menu, orders, or settings of Restaurant B. Row-level security (RLS) policies are enforced at the database layer — not just at the application layer — providing defense in depth against misconfigured query access.

• Row-level security (RLS) on all restaurant data tables
• Separate API authentication tokens per restaurant account
• No cross-tenant data leakage validated by automated tests
• Logical partition isolation enforced at DB layer

Merchant dashboard access requires secure authentication with hashed password storage (bcrypt, salt rounds 12). Admin accounts support role-based access controls that limit which team members can view orders, edit menus, or access billing settings. All session tokens expire after 24 hours of inactivity and are rotated on each login.

• Passwords hashed using bcrypt (12 rounds)
• Role-based access: Owner, Manager, Kitchen-only views
• Session tokens expire after 24h of inactivity
• Failed login attempt rate limiting (5 attempts/15min)

The guest QR menu interface does not collect any personally identifiable information from diners. No registration, no email, no phone number is required to browse or submit a table order. Order submissions contain only the table ID, selected item IDs, and quantities. We deliberately architect our guest experience to be privacy-preserving by default.

• Zero PII collected from dining guests
• No cookies tracking guests across sessions
• Orders contain only: table ID, items, quantities
• No third-party analytics on the guest menu page

Primary production data for Indian restaurant accounts is stored within India (GCP Mumbai, asia-south1 region). We do not transfer Indian restaurant data outside of India unless explicitly requested and consented to for backup redundancy purposes. Accounts in UAE are hosted on GCP Dubai (me-central1). We comply with applicable data localization requirements.

• Indian data stored in GCP Mumbai (asia-south1)
• UAE data stored in GCP Dubai (me-central1)
• No cross-border data transfers without consent
• Data residency certificates available on request

We operate a responsible disclosure program for security researchers who identify vulnerabilities in our systems. Researchers who report valid security issues in good faith will not face legal action. We aim to acknowledge reports within 48 hours and release patches for critical vulnerabilities within 5 business days.

• Responsible disclosure policy in place
• 48-hour acknowledgment SLA for reported issues
• Critical patches deployed within 5 business days
• Contact: security@dineflow.in for reports

We commission annual penetration testing from an independent third-party security firm. The testing scope covers our API gateway, authentication systems, database access controls, and admin dashboard interfaces. Findings are remediated before the next release cycle, and executive summaries are available to enterprise partners on request under NDA.

• Annual third-party penetration tests
• OWASP Top 10 vulnerability coverage
• Bug bounty scope includes all public APIs
• Audit summaries available to enterprise clients (NDA)