StokUp
Try free

StokUp Legal

Data Security

StokUp is built for retailers who trust us with sales, inventory, and customer records. This page describes the technical and organizational measures we use to protect your data.

Last updated: May 27, 2026

1. Secure infrastructure

The Service runs on modern cloud infrastructure with network isolation, automated patching, and continuous monitoring. Production environments are separated from development and testing.

Database connections use TLS encryption. Backups are encrypted at rest and tested on a regular schedule.

2. Encryption

We protect data in transit and at rest:

  • HTTPS/TLS for all web and API traffic
  • Encrypted database storage for production data
  • Hashed passwords using industry-standard algorithms — we never store plain-text passwords
  • Signed session tokens and HttpOnly cookies for authentication

3. Access controls

Multi-tenant architecture ensures each business can only access its own data. Row-level isolation is enforced at the application and database layers.

Role-based permissions let owners control who can view reports, edit products, open registers, or change settings. Cashier PINs add a second layer for POS operations.

  • Granular permission keys per module
  • Audit logs for sensitive actions
  • Session timeout and secure logout
  • Optional two-factor authentication where enabled

4. Application security

We follow secure development practices including code review, dependency monitoring, and input validation. API endpoints require authentication unless explicitly public (e.g. storefront catalog).

Webhook endpoints for WooCommerce use secret verification. Integration credentials are stored encrypted and never exposed in client-side code.

5. Operational security

Access to production systems is limited to authorized personnel on a need-to-know basis with logging. We maintain incident response procedures for suspected breaches.

Report security vulnerabilities responsibly to support@tecunitgh.com. We investigate and remediate confirmed issues promptly.

6. Your security responsibilities

Security is shared. We recommend:

  • Use strong, unique passwords and enable available 2FA
  • Review user roles regularly and remove departed staff promptly
  • Protect WooCommerce and payment gateway API keys
  • Use HTTPS on custom domains and keep WordPress updated
  • Export backups periodically for your own records

7. Incident notification

If we become aware of a data breach affecting your personal data, we will notify affected account owners without undue delay and in accordance with applicable law, including steps taken and recommended actions.

8. Compliance & subprocessors

We work with subprocessors (hosting, email, payments, SMS) under agreements requiring appropriate security standards. A list of key subprocessors is available on request.

You are responsible for your own compliance obligations (e.g. customer consent for SMS marketing, tax record retention) when using the Service.