Trust

Data Security

How we keep your shop's data private and safe.

Security is not a checklist for us — it is a habit. Here is what we do today and how we keep raising the bar.

Encryption

All traffic between your device and VendIQ is encrypted with TLS 1.2 or higher. All data at rest is encrypted using industry-standard AES-256. Backups are encrypted too.

Authentication

Sign-in uses secure passwords with strength checks, plus one-time codes over SMS for password resets. Sessions are protected by short-lived tokens with automatic rotation.

Premium authorisation

Premium-only features are verified on the server before they run. A tampered client cannot unlock a paid feature — this is enforced by row-level security and server-side capability checks.

Role-based access control

Staff members you invite see only what their role allows. Cashiers can bill; managers can bill, manage inventory, and run udhaar; only owners can invite staff or change subscriptions.

Audit logging

Sensitive actions — staff invites, deletions, subscription changes, refund approvals — are recorded in an admin audit log with actor, time, and target. This log is tamper-evident and reviewed regularly.

Financial integrity

Bills, udhaar transactions, and refunds are written inside database transactions so partial writes are impossible. A daily integrity job re-computes every customer's udhaar balance and flags any drift immediately.

Backups

Automatic backups run every night with 30–90 day retention depending on your plan. See the Backup & Recovery Policy for details.

Infrastructure

VendIQ is hosted on managed cloud infrastructure with hardened network policies, DDoS protection, and geographic redundancy. Only a small number of engineers have production access, protected by strong authentication.

Monitoring

We monitor errors, slow queries, and unusual activity around the clock. Critical alerts wake an on-call engineer.

Security best practices for you

Use a unique, strong password. Do not share your password with staff — invite them instead. Sign out of shared devices when done. If you suspect your account is compromised, change your password and use "Sign out other devices" from Profile → Password & security.

Responsible disclosure

If you believe you have found a security issue, please report it to security@vendiq.in. Do not publicly disclose it before we have had a chance to fix it. We are grateful for responsible reports and will credit you once the issue is resolved, if you wish.