🔐
Encrypted in transit
All data between your devices and SnapTray is encrypted using TLS 1.3 (HTTPS). No menu data, order data, or login credentials ever travel in plain text.
Your data is safe. Here is the proof.
We take security seriously. Encrypted connections, hashed passwords, role-based access, and a strict no-data-selling policy. Here is exactly how we protect your restaurant.
Our commitment
Security by design, not by afterthought
Your restaurant data, your menu, and your customers' ordering experience are protected at every layer. Here is exactly how.
🔑
Encrypted at rest
Passwords are hashed using industry-standard algorithms (bcrypt). Sensitive restaurant data is encrypted on our servers. We cannot read your password — even internally.
🛡️
Access controls
Role-based access ensures your data is only visible to authorized users. Your branch manager sees their branch. Your kitchen sees orders. You see everything.
🚫
No data selling
We do not sell your restaurant data, your menu data, or your customers' ordering data to any third party. Your data is yours. Period.
🗑️
Data deletion
Request account deletion anytime. We export all your data and permanently delete it from our servers within 30 days. No data retention games.
👤
Minimal guest data
We collect the bare minimum from diners — no names, no emails, no phone numbers. Just a browser session ID to enable the shared cart. Nothing more.
Infrastructure
Where your data lives and how it is protected
Cloud infrastructure
✓
Cloud-hosted — Our infrastructure runs on industry-leading cloud providers with SOC 2 and ISO 27001 certifications.
✓
Automated backups — Your data is backed up daily with point-in-time recovery available.
✓
DDoS protection — We use CDN-level DDoS mitigation to keep the platform available even during attacks.
✓
Monitoring — 24/7 uptime monitoring with automated alerting for any anomalies or downtime events.
Application security
✓
Input validation — All user inputs are sanitized to prevent SQL injection, XSS, and other common vulnerabilities.
✓
Session management — Shared cart sessions use secure, time-limited tokens that expire after inactivity.
✓
Rate limiting — API rate limiting prevents abuse and brute-force attacks on authentication endpoints.
✓
Regular updates — Dependencies and frameworks are kept current with security patches applied promptly.
Questions about security?
If you have specific security questions or need more details about our data protection practices, our team is here to help.