Security

Encryption in transit

TLS 1.2 or higher on all customer-facing endpoints. HSTS preload across the production domain.

Encryption at rest

AES-256 at the database, object-storage, and backup layers. MFA TOTP secrets are separately encrypted at the application layer.

Role-based access (RBAC)

Production access is least-privilege and reviewed quarterly. All staff sessions are short-lived and revocable.

Multi-factor authentication

TOTP MFA is required for every administrator account. End-user MFA is opt-in and supported via the same flow.

Comprehensive audit log

Every administrator action is recorded to an append-only audit log with actor, IP, user-agent, before/after state, and request id.

Continuous error tracking

Server and client errors are captured with severity tiers; critical incidents page on-call within minutes.

Dependency scanning

Automated dependency vulnerability scanning runs on every commit; high-severity advisories block release.

Responsible disclosure

We welcome reports at security@teamstores.ai. We acknowledge within 2 business days and credit reporters where requested.

Breach notification

Customers are notified without undue delay — within 72 hours where feasible — per our Data Processing Agreement.

Tabletop exercises

We rehearse our incident-response plan at least annually and after every material change to our infrastructure.

Backups

Encrypted point-in-time database backups, retained per our data-retention policy.

Disaster recovery

Regional failover and a documented restore runbook tested at least annually.

Subprocessor due diligence

Every subprocessor is reviewed for security posture before onboarding and on a recurring basis.

Public catalog

Our full vendor list is public on the subprocessors page below.