Security & Data Protection
DubLedger is built with security and data protection as foundational principles.
#
Authentication Security
Session Management
- Staff sessions use HMAC-signed tokens (no JWT library, uses Web Crypto API).
- Sessions expire after 30 days.
- Shopper sessions are separate from staff sessions.
- Magic link login tokens expire after 30 minutes.
Two-Factor Authentication (2FA)
- Enable 2FA for all users or admin only.
- Supports authenticator apps (Google Authenticator, Authy).
- SMS backup codes available.
- Recovery codes for lost devices.
Password Policy
- Minimum password length configurable.
- Require uppercase, lowercase, numbers, and symbols.
- Password expiration policies.
- Prevent reuse of recent passwords.
#
Network Security
CSRF Protection
- All state-changing requests validate origin.
- Prevents cross-site request forgery attacks.
- Webhooks are exempt (use HMAC signatures instead).
Rate Limiting
- In-memory IP-based rate limiting.
- Default: 60 requests per minute.
- Configurable per endpoint.
- Prevents brute force attacks.
Security Headers
- Content-Security-Policy (CSP): Restricts script sources.
- Strict-Transport-Security (HSTS): Forces HTTPS.
- X-Content-Type-Options: Prevents MIME sniffing.
- X-Frame-Options: Prevents clickjacking.
- Referrer-Policy: Controls referrer information.
- Permissions-Policy: Restricts camera, microphone, geolocation.
WWW to Apex Redirect
- All `www.dubledger.com` traffic redirects to `dubledger.com`.
- 301 permanent redirect for SEO.
#
Data Encryption
At Rest
- All data encrypted in the database.
- API keys and secrets encrypted with AES-256.
- METRC API keys never displayed in full after entry.
In Transit
- All connections use HTTPS (TLS 1.2+).
- WebSocket connections use WSS.
- No unencrypted data transmission.
#
Access Controls
Role-Based Access
- OWNER: Full access to everything.
- MANAGER: Operations access for assigned locations.
- BUDTENDER: Limited to POS and customer lookup.
- DRIVER: Delivery app only.
- ADMIN: Employee and settings management, no sales.
Location Scoping
- Users are restricted to their assigned locations.
- Owners see all locations.
- Data is scoped per location throughout the application.
Audit Logging
- All login attempts (successful and failed).
- All data changes (who, what, when).
- All exports and downloads.
- All permission changes.
- Retained for 1 year minimum.
#
Privacy Compliance
HIPAA-Aware Handling
- Medical patient data handled with appropriate safeguards.
- Encryption at rest and in transit.
- Access logs for all medical data views.
- Data retention follows state medical privacy laws.
- Patients can request access to their data.
Data Retention
- Transaction data: 7 years (compliance requirement).
- Customer data: Per state requirements (3-7 years typical).
- Employee data: Per state requirements (3-7 years typical).
- System logs: 1 year.
- After retention period, data is anonymized.
Customer Rights
- Customers can request data access.
- Customers can request data deletion (subject to legal requirements).
- Marketing opt-out processed within 24 hours.
- No selling of customer data to third parties.
#
Payment Security
PCI Compliance
- No full card numbers stored in DubLedger.
- Card data is tokenized by the payment processor.
- Receipts show only last 4 digits.
- Payment processing follows PCI DSS requirements.
Webhook Verification
- Payment webhooks use HMAC-SHA256 signatures.
- Timing-safe comparison to prevent timing attacks.
- Payload sanitization prevents injection.
#
Incident Response
Security Incident Steps
1. Immediately change all affected passwords.
2. Review login activity in Settings → Security.
3. Deactivate any unauthorized accounts.
4. Contact security@dubledger.com immediately.
5. Document the incident timeline.
6. Follow instructions from the security team.
7. Review and update security policies.
Data Breach Response
- Affected customers are notified per state requirements.
- Law enforcement notified if required.
- Credit monitoring offered if applicable.
- Full investigation conducted.
- Preventive measures implemented.