Security
Your financial data is critical. Here's how we protect it.
Encryption
All data is encrypted in transit using TLS 1.3. Data at rest is encrypted using AES-256. Database connections are encrypted end-to-end. Sensitive fields like payment tokens and API keys are additionally encrypted at the application layer before storage.
Data Isolation
AdaptBooks uses PostgreSQL Row-Level Security (RLS) to ensure complete data isolation between tenants. Every database query is automatically scoped to your organization. There is no way for one customer to access another customer's data — the database enforces it at the query level.
Authentication & Access Control
Authentication is handled by Clerk, an enterprise-grade identity provider. We support email/password, Google OAuth, and multi-factor authentication. Role-based access control (RBAC) lets you set permissions per user — owner, admin, manager, cashier, and accountant roles with granular permission sets.
Infrastructure
AdaptBooks runs on hardened cloud infrastructure with automated deployments, health monitoring, and auto-scaling. Our database is hosted on Neon PostgreSQL with continuous backups and point-in-time recovery. The application layer runs on Railway with automatic TLS termination and DDoS protection.
Backups & Recovery
Database backups are performed continuously with point-in-time recovery available. We maintain a 30-day backup window. Backups are stored in a separate region from the primary database for disaster recovery. Our Recovery Point Objective (RPO) is under 1 minute, and Recovery Time Objective (RTO) is under 15 minutes.
Compliance Roadmap
We are actively working toward SOC 2 Type II certification. Our security practices are aligned with SOC 2 Trust Services Criteria (Security, Availability, Confidentiality). We follow OWASP security guidelines for application development and conduct regular security reviews. PCI DSS compliance for payment handling is managed through our payment processor partners — we never store raw card numbers.
Responsible Disclosure
If you discover a security vulnerability, please report it to jamie@adaptensor.com. We take all reports seriously and will respond within 48 hours. We do not pursue legal action against security researchers acting in good faith.