Your data is safe with BevSync
We take security seriously. Here's how we protect your business data.
Encryption everywhere
HTTPS for all traffic in transit. AES-256-GCM encryption for stored POS credentials. Supabase-managed encryption at rest for all database data.
PII stripping
Customer personal information from POS data — names, emails, phone numbers, card numbers — is automatically stripped before it ever touches our servers.
Role-based access
Six granular roles from Viewer to Owner. Managers, Bartenders, and Viewers can be scoped to specific locations. Complete data isolation between organizations.
US-based hosting
All data is stored in the United States on Supabase-managed PostgreSQL databases with automatic backups and point-in-time recovery.
Authentication security
Email/password authentication with optional TOTP two-factor authentication. HTTP-only secure cookies. Brute-force protection and rate limiting.
Audit logging
Every significant action is logged with user, timestamp, and change details. Available for review on Enterprise plans.
Our commitments
Data portability
Export all your data — products, inventory, brand deals, sales, and more — as JSON or CSV at any time from Settings > Data.
Data retention
Account data is retained as long as your account is active. POS sales records default to 2 years. Inventory history varies by plan (30 days for Free, up to 2 years for Enterprise). POS sync logs are retained for 90 days.
No data selling
BevSync never sells personal information or business data to third parties. Your organization's pricing, inventory, and deal data is never shared with other organizations through the shared catalog.
Account deletion
You can delete your account at any time via Settings > Security. A 30-day grace period allows reactivation. After that, data is permanently removed.