FoodBase is built with enterprise-grade security measures to protect your restaurant's data and your customers' sensitive information.
All data in transit is encrypted using industry-standard TLS 1.3 encryption. Customer payment information and sensitive business data are protected with 256-bit AES encryption at rest, ensuring maximum security even if systems are compromised.
FoodBase is compliant with PCI Data Security Standard (PCI DSS) Level 1, the highest level of compliance. Through our integration with Paystack, all payment card data is processed securely without ever being stored on our servers.
Implement granular permissions with role-based access control (RBAC). Assign specific roles to team members—owner, manager, or staff—and control exactly what features each role can access, ensuring sensitive data remains restricted.
FoodBase is hosted on secure cloud infrastructure with automated backups, redundancy, and disaster recovery. Our data centers are located in compliant regions with physical security controls, environmental monitoring, and 24/7 surveillance.
FoodBase implements multi-factor authentication (MFA) for all user accounts. We support both SMS and authenticator app-based MFA. Passwords are hashed using bcrypt with strong salt values, and sessions are managed securely with HTTP-only cookies that expire after periods of inactivity.
Admin accounts receive additional security measures including mandatory MFA, IP whitelisting options, and detailed login activity logs that you can monitor in real-time.
We are committed to data privacy and are fully compliant with GDPR requirements. All personal data collected is processed lawfully, transparently, and only for specified purposes. Users have the right to access, correct, and delete their personal data.
FoodBase provides tools for data export and deletion requests. We maintain detailed records of all data processing activities and conduct regular privacy impact assessments to ensure compliance with evolving regulations.
FoodBase undergoes regular penetration testing by independent third-party security firms at least quarterly. We employ both manual and automated vulnerability scanning tools to identify and remediate security weaknesses before they can be exploited.
We maintain a responsible disclosure program and encourage the security community to report vulnerabilities through our dedicated security@foodbase.ng email address, which we monitor continuously.
All software dependencies are continuously monitored for known vulnerabilities using automated security scanning tools. Security patches are applied immediately and thoroughly tested before deployment to production environments.
We maintain a detailed changelog of all security updates and critical patches. System updates are deployed with zero-downtime strategies to ensure service continuity and reliability for our users.
Every action within FoodBase is logged and timestamped, creating a complete audit trail for compliance and investigation purposes. Logs include user actions, data modifications, access attempts, and configuration changes with full context.
Our 24/7 monitoring systems track all system activities in real-time. Suspicious activities trigger automated alerts, and our security team investigates anomalies immediately to prevent potential security incidents or breaches.
FoodBase has a comprehensive incident response plan in place with defined procedures for detecting, containing, and remediating security incidents. Our team includes certified security professionals trained to respond to threats quickly and effectively.
We maintain 99.9% uptime with redundant systems, automated failover, and geographic distribution of infrastructure. Regular disaster recovery drills ensure we can recover from any incident and restore service within minutes.
All FoodBase employees receive mandatory security training when joining the company and undergo annual refresher training. We emphasize secure coding practices, data handling procedures, and phishing awareness to maintain our security posture.
Employees with access to customer data sign strict confidentiality agreements and undergo background checks. Access is granted on a need-to-know basis with regular audits to ensure access rights remain appropriate.
Highest level of compliance for payment card data security. Verified and audited annually.
Full compliance with General Data Protection Regulation for European user data.
Independent audit confirms our security and operational controls meet industry standards.
International standard certification for information security management systems.
Our security team is here to help. Contact us with any security-related questions or to report vulnerabilities.