Security & compliance

Built for the bar industrial enterprises set.

The software we build runs in industrial environments where uptime, safety, and compliance are non-negotiable. Our security posture is built and maintained accordingly.

Architecture & data residency

  • Hosted on AWS (EU Frankfurt region)
  • Tenant isolation: per-customer data, per-customer integration credentials
  • Encryption at rest (AES-256) and in transit (TLS 1.2+)

Authentication & access

  • OTP-based authentication
  • Role-based access control (RBAC)
  • Audit logging on sensitive operations

Audits & approvals

  • BP InfoSec cleared
  • CBRE InfoSec cleared
  • External pen-test completed (annual cycle)

Compliance

  • GDPR-aligned (EU data residency, DPA available)
  • DPA available on request
  • DPO contact: [email protected]

Vulnerability disclosure

Found a security issue? Email [email protected]. We respond within 1 business day.

Detailed materials

SIG Lite, CAIQ, and pen-test attestations available under NDA.

Request access