Back to home
TrackYourShelves

Trust & security

How TrackYourShelves protects the product, customer, and financial data your business runs on. Every claim below traces to a control we already have in place — not a roadmap.

Authentication & access

Your sign-in is protected by modern session controls. Optional two-factor lets account owners require a one-time code on every login.

  • Passwords hashed with bcrypt (cost factor 12)
  • JWT-backed NextAuth sessions, password-change invalidation
  • TOTP-based 2FA (RFC 6238) with AES-GCM-encrypted secrets at rest
  • Role-based access control with module-level permission overrides

Multi-tenant isolation

Commercial and residential workspaces are partitioned at the query layer. A session locked to one side cannot read or write the other.

  • Workspace-scoped queries enforced by helpers, not optional filters
  • Session contextLock checked on every inventory route — same-user accounts on both sides cannot leak across
  • Employee accounts inherit their employer's data scope, never their own personal data

Encryption

Data is encrypted in transit and at rest. Sensitive fields (medical notes, secrets) get an additional AES-GCM field-level layer.

  • TLS for all browser ↔ server traffic
  • Encryption at rest provided by the managed Postgres host
  • AES-GCM application-layer encryption available for high-sensitivity columns
  • Encrypted automated backups

Payments & PCI

We never store credit-card numbers. Cards are tokenized by Stripe, so PCI scope is minimized for both us and you.

  • Stripe Elements + Payment Intents (no raw card data on TYS servers)
  • Stripe Connect for marketplace payouts
  • Webhook signatures verified end-to-end
  • Idempotent recording of charges and refunds

Audit trail

Sensitive actions write to an immutable audit log so you can answer 'who did what, when?' without spelunking through application logs.

  • Admin actions, finance actions, and permission changes logged separately
  • Personal-data access events tied to actor + IP + user agent
  • Account-tier changes, refunds, and overrides surfaced in the admin dashboard

Abuse & rate limiting

Brute-force attempts, credential-stuffing, and runaway scripts are throttled before they reach your data.

  • Upstash-backed sliding-window rate limiter on auth and high-cost APIs
  • Brute-force lockout after repeated auth failures
  • Anomaly alerts written to a security dashboard for owner review
  • Leaked-key detection on stale API tokens

HTTP & browser hardening

We ship strict HTTP security headers and a Content-Security-Policy that limits what the browser is willing to load.

  • Strict-Transport-Security with preload
  • X-Content-Type-Options, X-Frame-Options, Referrer-Policy
  • Permissions-Policy that disables microphone and geolocation by default
  • CSP allow-list for Stripe, OpenAI, and Google Analytics only

Responsible disclosure

Found something? We want to hear about it before it becomes a problem. Reports go straight to the team and follow a published response window.

  • Disclosure policy in SECURITY.md
  • Security contact email reaches engineering directly
  • Acknowledgement within 2 business days

Where your data lives

Customer records, inventory, orders, and uploaded files are stored on managed infrastructure with encryption at rest, automated encrypted backups, and TLS-only connections. Payment-card numbers are tokenized by Stripe and never touch our servers.

On account deletion, your data is purged within 30 days. You can request an export of your records at any time from the workspace settings page.

Reporting an issue

Security reports are read by engineering, not a generic support inbox. Email security@trackyourshelves.com with as much detail as you can share. We acknowledge within two business days and keep you in the loop until the issue is resolved.

For privacy questions or data-subject requests, see our Privacy Policy.

🧪 Test environment — data & payments aren't real
Trust & Security | TrackYourShelves