How YouPOS protects your data and our platform.
Effective: May 10, 2026 · Last updated: May 10, 2026
This page summarizes the security practices in place for YouPOS. It is intended for transparency — to help Tenants and their customers understand how their data is protected. It is not a full security audit report.
All communication between your browser and YouPOS is encrypted using HTTPS/TLS. Unencrypted HTTP connections to the platform are not permitted.
Passwords are stored as one-way bcrypt hashes. We never store plain-text passwords, and no one at YouPOS — including our own team — can read your password.
Database encryption at rest is provided by our hosting infrastructure (Supabase). We rely on our hosting provider's encryption-at-rest capabilities for all stored data.
YouPOSis a multi-tenant platform. Each Tenant's data is logically isolated from every other Tenant's data through:
YouPOS implements role-based access control (RBAC) with two role levels per tenant:
A separate Super Adminrole exists at the platform level for platform administration only. Super Admins cannot access any Tenant's operational data.
Permission checks are enforced server-side on every Server Action and API route. UI-level restrictions mirror server-side rules but are not relied upon as a security boundary.
YouPOS performs automated database backups:
Backups are stored separately from the primary database. In the event of data loss, backups provide the ability to restore to a recent point in time.
Note: deletion requests applied to live data may persist in backup archives until those backups expire. See our Privacy Policy for details.
YouPOS logs structured application events including authentication attempts, permission-denied events, and application errors. Logs do not include passwords, session tokens, or customer personal data payloads.
In the event of a security incident affecting Tenant data, we will notify affected Tenants without undue delay as described in our Data Processing Addendum.
If you believe you have discovered a security vulnerability in YouPOS, please report it to us before disclosing it publicly. We take security reports seriously and will investigate and respond promptly.
Contact: support.youpos@dfchub.comwith subject line “Security Disclosure”.
We ask that you:
We do not currently offer a formal bug bounty program, but we genuinely appreciate responsible security research and will acknowledge your contribution where appropriate.
For security questions not covered here, contact us at support.youpos@dfchub.com.