> ## Documentation Index
> Fetch the complete documentation index at: https://docs.vouchergrid.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Security & Privacy

> How VoucherGrid protects your data

VoucherGrid is built with security at every layer. Here's how we protect your business and your customers' data.

## Authentication

### Sign-in methods

* **Email and password** – passwords must be at least 10 characters
* **Google** – sign in with your Google account
* **Apple** – sign in with your Apple ID
* **Passkeys** – passwordless biometric authentication (Touch ID, Face ID, or security keys)

### Password security

* Passwords are hashed using a modern adaptive algorithm (scrypt) before storage – we never store plain text passwords
* New passwords are checked against the [Have I Been Pwned](https://haveibeenpwned.com/) breach database to prevent use of compromised passwords
* Account lockout triggers after repeated failed login attempts

### Two-factor authentication (2FA)

Two methods are available:

* **Email OTP** – a one-time code sent to your email (valid for 10 minutes)
* **Authenticator app (TOTP)** – time-based codes via apps like Google Authenticator or Authy

Backup codes are provided when you enable 2FA. You can also mark devices as trusted to skip 2FA for 30 days.

<Tip>We recommend enabling 2FA for all team members, especially Owners and Admins.</Tip>

## Data encryption

### In transit

* All connections use HTTPS (TLS)
* Database connections use SSL with certificate verification
* Redis connections use TLS

### At rest

* Integration credentials (Xero, QuickBooks) are encrypted with AES-128 using a versioned keyring
* OAuth tokens are stored encrypted
* 2FA secrets are stored encrypted
* Personal information (email, name, phone) uses a dedicated encryption key separate from other data
* API keys are stored as one-way hashes – the plaintext key is shown only once when generated

## Data isolation

Every query is scoped by your account. Your data is completely isolated from other VoucherGrid accounts:

* Account ID is resolved from your authenticated session – it's never accepted from request parameters
* Background jobs receive account context explicitly
* Team members with location restrictions can only access data from their assigned locations

## Audit logging

Every significant action is recorded in an append-only audit log:

* Voucher events – created, redeemed, voided, refunded, expired
* Authentication – logins, logouts, password changes, 2FA events
* Team changes – invites, role changes, removals
* Settings and integration changes
* Billing events

The audit log uses a cryptographic chain so that any tampering with entries can be detected. Email addresses in the log are stored in masked form.

Default retention is 3 years. Logs can be exported from the [Reports](/reports) page.

## Payment security

VoucherGrid uses [Stripe](https://stripe.com) for all payment processing. Card details are entered directly into Stripe's secure payment form – they never touch VoucherGrid's servers. This qualifies us for **PCI DSS SAQ-A**, the simplest compliance level.

## Data privacy

### Your rights

* **Export your data** – Owners can export all account data at any time
* **Delete your account** – account deletion removes all data, including files stored in cloud storage
* **Data retention** – after account cancellation, access continues through the grace period, then account access locks; customer personal information is anonymised where appropriate, and voucher and financial records are retained as legally required

### Customer rights (GDPR)

Gift voucher buyers can:

* **Request a copy** of their personal data
* **Request deletion** of their personal data

These requests are handled through a verified process with a 48-hour download link.

## Hosting

| Service          | Provider      | Region            |
| ---------------- | ------------- | ----------------- |
| API and database | Render        | Oregon, US        |
| Frontend         | Vercel        | Sydney, Australia |
| File storage     | Cloudflare R2 | Global CDN        |

## Compliance

| Standard                | Status                                                      |
| ----------------------- | ----------------------------------------------------------- |
| PCI DSS SAQ-A           | Card data handled entirely by Stripe                        |
| GDPR                    | Data subject access requests and right to erasure supported |
| Australian Consumer Law | Built around Australian voucher expiry rules                |
| Australian GST          | Reporting built around cash and non-cash accounting methods |
