Bumalik sa Login

Security Policy

Document Version: 1.0 | Effective: 2026-07-01 | Last Updated: 2026-06-29

1. Security Overview

At TindahanGo, data security is central to our engineering, deployment, and infrastructure operations. We recognize that retail shops, mini groceries, and sari-sari stores trust us with their sales, stock, and credit ledgers. We implement layered, industry-standard security controls to protect your data from unauthorized access, accidental alteration, or leakage.

2. Data Encryption

We secure data both in-transit and at-rest:

  • Encryption in Transit: All HTTP network traffic between cashier mobile apps, owner portals, superadmin terminals, and our Fastify backend API is forced over HTTPS/TLS (Transport Layer Security) with secure configuration parameters to block man-in-the-middle (MITM) attacks.
  • Password Hashing: We do not store raw text passwords or cashier security PINs. User credentials are encrypted at-rest using one-way cryptographic hashing (bcrypt) before database insertion.
  • API Session Hashing: Access tokens utilize signed JSON Web Tokens (JWTs) to verify permissions statelessly on every request.

3. Database Isolation & Tenancy Security

TindahanGo operates as a multi-tenant platform. This means multiple stores share the same cloud database infrastructure, but are fully isolated:

  • All transactional, customer, and cashier records are linked to a unique `companyId` (tenant key).
  • Database queries are dynamically restricted in the REST API layers using company constraints, ensuring cashiers or owners from one company can never query or view records belonging to another company.
  • Superadmins can review payment queues but operate under restricted access controls.

4. Backups & Disaster Recovery

We protect against server crashes and hardware failures:

  • Automated Daily Backups: System scripts execute PostgreSQL schema and record dumps daily at 2:00 AM. Backup files are compressed, encrypted, and synced offsite.
  • Disaster Recovery Plan: We maintain instructions and script routines to reconstruct service instances within hours of database failures, ensuring business continuity for your shop.

5. Monitoring, Logging, & Rate Limiting

We monitor application health continuously:

  • Sentry Logging: Technical execution crashes are logged to our Sentry cloud dashboards to capture stack traces, browser types, and device configurations. No raw password inputs are saved.
  • IP Rate Limiting: Auth endpoints enforce a rate limit map per IP address to block automated password scanning or cashier PIN brute-force attempts.
  • Uptime Monitoring: Third-party status nodes check the `/health` endpoint every five minutes, triggering Slack/email alerts to our engineering team upon outages.

6. Security Incident Response

In the event of a verified database breach or security failure:

  • Our security team will immediately isolate compromised server nodes, block access credentials, and patch target vulnerabilities.
  • We will notify affected Store Owners (PICs) via their registered account emails within 24 hours of confirmation, in compliance with DPA Circular 16-03 rules.

7. Responsible Disclosure Policy

We welcome reports from independent security researchers to make TindahanGo safer. If you find a security vulnerability:

  • Email the details to **legal@tindahango.ph**.
  • Allow our team reasonable time (e.g., 30 days) to resolve the issue before publishing details publicly.
  • Do not attempt to access, download, or manipulate other tenants' data during your research.