Security & privacy

Built to protect your business

Security isn't a bolt-on. Multi-tenant isolation, encryption, and least-privilege access are designed into Servtide from the ground up.

Every business is isolated at the database level with PostgreSQL row-level security (forced), so one company can never see another's data.

Traffic is served over HTTPS; sensitive third-party tokens are encrypted at rest with AES-256-GCM.

First-party email/password with hashed credentials and signed sessions. The super-admin console requires TOTP multi-factor auth.

Card data never touches our servers — payments run through Stripe with hosted, PCI-compliant flows.

Sensitive actions are recorded to an append-only audit trail for accountability.

Fine-grained roles and permissions, plus a non-superuser database role at runtime so isolation is always enforced.

In production the app refuses to start with missing or weak secrets — misconfiguration can't ship insecurely.

Your data is yours: export to CSV anytime, with optional backups to your own OneDrive or Google Drive.

Found a vulnerability? We appreciate responsible disclosure — email security@servtide.app and we'll work with you to fix it.

Run your shop with confidence

Set up your business in minutes. Free for 14 days — no credit card required.