You trust us with your business data — orders, payments, ad spend, shipping. We take that seriously. Here's exactly how we protect it.
All data encrypted in transit (TLS 1.3) and at rest (AES-256). Database connections use SSL. API keys are hashed, never stored in plaintext.
Hosted on Supabase (AWS ap-south-1, Mumbai). SOC 2 Type II compliant infrastructure. Automated daily backups with 30-day retention and point-in-time recovery.
Powered by Clerk with enterprise-grade security. Supports SSO, MFA, and session management. Role-based access control for team accounts.
We only request the minimum OAuth scopes needed from each integration. Read-only access where possible. You control what data flows in.
Multi-tenant architecture with strict row-level security (RLS) in PostgreSQL. No tenant can access another tenant's data. Enforced at the database level.
Real-time error tracking via Sentry. Uptime monitoring with instant alerts. Incident response within 1 hour for critical issues on paid plans.
We never sell, share, or monetize your business data.
We never access your data without your explicit permission.
We delete all your data within 30 days of account cancellation.
We notify you within 72 hours of any security incident that affects your data.
We run vulnerability scans and dependency audits on every deploy.
We support responsible disclosure — report issues to security@ordscale.com.
Security questions? Contact security@ordscale.com