Trust & Security

Built secure from day one.

Your restaurant data is sensitive. We take security seriously at every layer — from infrastructure to application code to access controls.

Encryption

TLS 1.3 + AES-256

Uptime

99.9% SLA target

Backups

Daily + PITR

Isolation

Per-org data separation

Security Architecture

Encryption

All data is encrypted in transit with TLS 1.3 and at rest with AES-256. Database connections are encrypted and credentials are never stored in plaintext.

TLS 1.3 in transit
AES-256 at rest
Encrypted database connections
Hashed passwords (bcrypt)

Infrastructure

Veyrra is built on enterprise-grade cloud infrastructure managed by AWS and Supabase with redundant, isolated environments.

AWS-hosted infrastructure
Multi-region redundancy
Automated failover
DDoS mitigation

Access Controls

Strict role-based access controls ensure each user can only access data relevant to their organization and role.

Row-Level Security (RLS)
Org-scoped data isolation
Role-based permissions
Audit logging

Authentication

Industry-standard authentication powered by Supabase Auth, supporting secure email/password and OAuth flows.

PKCE OAuth flow
Secure session tokens
Email verification
Password reset via secure links

Backups & Recovery

Your data is automatically backed up with point-in-time recovery, ensuring business continuity in any scenario.

Daily automated backups
Point-in-time recovery (PITR)
30-day backup retention
Tested recovery procedures

Incident Response

We maintain a documented incident response plan and will notify affected customers of security incidents within 72 hours.

24/7 monitoring & alerting
72-hour breach notification
Documented response playbooks
Post-incident reports

Secure Development Practices

Security is built into our development process, not bolted on.

Dependency scanning on every build

Static code analysis (SAST) in CI/CD pipeline

Secrets never committed to version control

Principle of least privilege for all services

Regular dependency updates and patching

Secure software development lifecycle (SSDLC)

Environment variable management via Vercel

Content Security Policy (CSP) headers

Responsible Disclosure

We welcome reports from security researchers. If you discover a security vulnerability in Veyrra, please report it responsibly. We are committed to:

Acknowledging your report within 2 business days
Keeping you informed of our investigation progress
Crediting you publicly (if desired) once the issue is resolved
Not taking legal action against good-faith security researchers

security@veyrra.techPGP key available on request

Security Architecture

Encryption

All data is encrypted in transit with TLS 1.3 and at rest with AES-256. Database connections are encrypted and credentials are never stored in plaintext.

TLS 1.3 in transit
AES-256 at rest
Encrypted database connections
Hashed passwords (bcrypt)

Infrastructure

Veyrra is built on enterprise-grade cloud infrastructure managed by AWS and Supabase with redundant, isolated environments.

AWS-hosted infrastructure
Multi-region redundancy
Automated failover
DDoS mitigation

Access Controls

Strict role-based access controls ensure each user can only access data relevant to their organization and role.

Row-Level Security (RLS)
Org-scoped data isolation
Role-based permissions
Audit logging

Authentication

Industry-standard authentication powered by Supabase Auth, supporting secure email/password and OAuth flows.

PKCE OAuth flow
Secure session tokens
Email verification
Password reset via secure links

Backups & Recovery

Your data is automatically backed up with point-in-time recovery, ensuring business continuity in any scenario.

Daily automated backups
Point-in-time recovery (PITR)
30-day backup retention
Tested recovery procedures

Incident Response

We maintain a documented incident response plan and will notify affected customers of security incidents within 72 hours.

24/7 monitoring & alerting
72-hour breach notification
Documented response playbooks
Post-incident reports

Secure Development Practices

Security is built into our development process, not bolted on.

Dependency scanning on every build

Static code analysis (SAST) in CI/CD pipeline

Secrets never committed to version control

Principle of least privilege for all services

Regular dependency updates and patching

Secure software development lifecycle (SSDLC)

Environment variable management via Vercel

Content Security Policy (CSP) headers

Responsible Disclosure

We welcome reports from security researchers. If you discover a security vulnerability in Veyrra, please report it responsibly. We are committed to:

Acknowledging your report within 2 business days

Keeping you informed of our investigation progress

Crediting you publicly (if desired) once the issue is resolved

Not taking legal action against good-faith security researchers