Security & Data Protection
Effective: March 2026 · Version 1.0
1. Introduction
dailyOps handles sensitive food safety compliance data for restaurants across the EU. Security and data protection are foundational to our platform.
2. Infrastructure
| Measure | Detail |
|---|---|
| Encryption in transit | TLS 1.3 enforced on all connections |
| Encryption at rest | Database and storage encryption via hosting infrastructure |
| Database | PostgreSQL 16 with connection pooling |
3. Authentication & Access Control
dailyOps implements multiple layers of authentication and access control:
- Email/password authentication with cryptographic password hashing
- Optional Google OAuth sign-in (OAuth 2.0)
- HTTP-only, Secure session cookies with server-side validation
- Three-role RBAC: Owner (full access), Manager (operational), Staff (execution)
- Roles enforced at API layer, not just UI
4. Multi-Tenant Data Isolation
- Every database query includes a tenantId filter enforced at the ORM level
- No cross-tenant data access possible through the application
- Session context includes active organization ID
- API routes validate user membership before processing
- Audit logs are tenant-scoped
5. API Security
| Protection | Implementation |
|---|---|
| Input validation | Zod schema validation on all API inputs |
| SQL injection prevention | Prisma ORM with parameterized queries |
| CSRF protection | Better Auth CSRF protection on state-changing requests |
| Error handling | No stack traces or internal details in production |
| Content security | Next.js built-in XSS and content-type protections |
6. Payment Security
All payment processing handled by Stripe (PCI-DSS Level 1 certified). Card data never touches dailyOps servers. Only Stripe IDs and subscription status stored locally. All webhook events verified via Stripe signing secret.
7. AI Data Handling
dailyOps uses Anthropic Claude AI for two features:
Label Scanner
Images processed ephemerally by Anthropic — not stored after response. Extracted data stored in tenant database. Images resized client-side to minimize data transmitted.
Chat Assistant
Messages processed ephemerally — not stored by Anthropic, not used for training. Conversation history stored in tenant database. AI actions require explicit user approval. All AI changes recorded in audit log.
8. Audit Trail
Immutable, append-only audit log capturing every Create and Update action. Records action type, entity, change snapshot (JSON), timestamp, and user ID. Tenant-scoped and queryable by entity type, date range, and user.
9. GDPR Compliance
- Data controller identity disclosed in Privacy Policy
- Lawful bases documented for all processing
- Data subject rights supported: access, rectification, erasure, restriction, portability, objection
- Data Processing Agreements with all sub-processors
- International transfers protected by Standard Contractual Clauses
- Breach notification within 72 hours per GDPR Article 33
- Privacy by design: multi-tenant isolation, minimal data collection, no tracking
10. Incident Response
- Detection and immediate containment
- Scope and impact assessment
- Notify Data Protection Authority within 72 hours
- Notify affected users without undue delay if high risk
- Remediation and preventive measures
11. Vulnerability Reporting
We welcome responsible disclosure. Report vulnerabilities to our security team with description, reproduction steps, and potential impact. We acknowledge within 48 hours and will not pursue legal action against good-faith researchers.
12. Compliance Summary
| Standard | Status |
|---|---|
| GDPR (EU) 2016/679 | Compliant |
| ePrivacy Directive 2002/58/EC | Compliant (strictly necessary cookies only) |
| PCI-DSS | Delegated to Stripe (Level 1 certified) |
| EU Food Safety Regulations | Platform designed for EC 852/2004, EC 853/2004, EC 178/2002 |
13. Contact
For security questions or to report a vulnerability, contact our security and privacy team.