Takos Cantina Ranch Lake Blvd
Security and Trust
This page summarizes the controls we use to protect restaurant operators, staff, and customers across storefront, admin, POS, KDS, payments, wallet, and platform surfaces.
Each restaurant runs on the same platform codebase, but business data is tenant-scoped. Requests resolve a restaurant before data access, application queries include tenant context, and database row-level security adds a second isolation layer.
Card payments are handled by Stripe. The platform does not store full card numbers, CVV values, magnetic stripe data, or raw payment method details. Restaurants connect payment processing through controlled Stripe flows.
Production database backups are encrypted before off-site storage. Restore drills are practiced against scratch databases first, and tenant-specific recovery is reviewed so one restaurant's data is not replayed into another tenant.
The platform monitors application health, platform errors, uptime, TLS certificates, system resources, cron jobs, email health, and backup freshness. Security-relevant denials are audit logged for investigation.
Restaurant admin access, staff access, platform operator access, and API tokens are separated. High-risk platform actions require explicit capabilities, audit logs, and additional confirmations where appropriate.
Restaurants own their restaurant data, menu data, customer relationships, order history, loyalty records, and operational settings. The platform processes that data to provide ordering, POS, reporting, loyalty, and support workflows.
If you believe you found a vulnerability or data exposure, email [email protected]. Include the affected URL, tenant or restaurant name if known, timestamps, and a safe description of what you observed. Do not include passwords, private keys, full card data, or unrelated customer information.
We review reports in good faith and prioritize issues involving tenant isolation, payment handling, authentication, authorization, secrets, and customer data exposure.
