Data Security
How we keep your shop's data private and safe.
Security is not a checklist for us — it is a habit. Here is what we do today and how we keep raising the bar.
Encryption
All traffic between your device and VendIQ is encrypted with TLS 1.2 or higher. All data at rest is encrypted using industry-standard AES-256. Backups are encrypted too.
Authentication
Sign-in uses secure passwords with strength checks, plus one-time codes over SMS for password resets. Sessions are protected by short-lived tokens with automatic rotation.
Premium authorisation
Premium-only features are verified on the server before they run. A tampered client cannot unlock a paid feature — this is enforced by row-level security and server-side capability checks.
Role-based access control
Staff members you invite see only what their role allows. Cashiers can bill; managers can bill, manage inventory, and run udhaar; only owners can invite staff or change subscriptions.
Audit logging
Sensitive actions — staff invites, deletions, subscription changes, refund approvals — are recorded in an admin audit log with actor, time, and target. This log is tamper-evident and reviewed regularly.
Financial integrity
Bills, udhaar transactions, and refunds are written inside database transactions so partial writes are impossible. A daily integrity job re-computes every customer's udhaar balance and flags any drift immediately.
Backups
Automatic backups run every night with 30–90 day retention depending on your plan. See the Backup & Recovery Policy for details.
Infrastructure
VendIQ is hosted on managed cloud infrastructure with hardened network policies, DDoS protection, and geographic redundancy. Only a small number of engineers have production access, protected by strong authentication.
Monitoring
We monitor errors, slow queries, and unusual activity around the clock. Critical alerts wake an on-call engineer.
Security best practices for you
Use a unique, strong password. Do not share your password with staff — invite them instead. Sign out of shared devices when done. If you suspect your account is compromised, change your password and use "Sign out other devices" from Profile → Password & security.
Responsible disclosure
If you believe you have found a security issue, please report it to security@vendiq.in. Do not publicly disclose it before we have had a chance to fix it. We are grateful for responsible reports and will credit you once the issue is resolved, if you wish.