Your business data, protected at every level
From the moment you sign in to the moment an order ships, your data is encrypted, access-controlled, and monitored. Here's exactly how we protect it.
Security across every layer
Encryption in Transit & at Rest
All data transmitted between your browser and our servers is encrypted using TLS 1.3. All data stored on our infrastructure — including your product catalogue, customer contacts, pipeline, and orders — is encrypted at rest using AES-256.
- TLS 1.3 for all data in transit
- AES-256 encryption for all stored data
- Database backups encrypted before storage
- Encryption keys managed with rotation policies
Access Control & Authentication
Access to your account and data is controlled through industry-standard authentication. We enforce strict role-based permissions so only the right people on your team can see and edit sensitive information.
- Two-factor authentication (2FA) available on all accounts
- OAuth 2.0 sign-in with Google
- Role-based access control (RBAC) for team members
- Session tokens invalidated on logout and password change
GDPR & Data Privacy Compliance
Ash Stores is designed with GDPR compliance in mind. You retain full ownership of your data. We act as a data processor on your behalf and never sell your data to third parties.
- You own your data — we process it on your behalf only
- Data deletion available on account closure
- No selling or sharing of your data with third parties
- Data Processing Agreement (DPA) available on request
Infrastructure & Hosting
Our platform is hosted on Vercel's global edge network, backed by enterprise-grade cloud infrastructure. We use isolated environments for production, staging, and development to protect live data.
- Hosted on Vercel's globally distributed edge network
- Isolated production and staging environments
- Automated backups with point-in-time recovery
- 99.9% uptime SLA across all services
Monitoring & Incident Response
Our systems are monitored continuously for anomalous activity. In the event of a security incident, we follow a defined response protocol and notify affected users promptly in line with regulatory requirements.
- 24/7 automated anomaly detection and alerting
- Defined incident response plan with clear escalation paths
- Breach notifications within 72 hours as required by GDPR
- Post-incident reviews to prevent recurrence
Data Retention & Deletion
We retain your data for as long as your account is active. You can export or delete your data at any time from your dashboard. On account closure, all personal data is purged within 30 days.
- Export your full data set at any time from settings
- Request deletion of specific data without closing your account
- Full account data purged within 30 days of closure
- Backup data removed within 90 days of closure
What we secure. What you control.
Ash Stores secures
- Platform infrastructure and servers
- Encryption of all data in transit and at rest
- Authentication systems and session management
- Database security and backups
- Third-party integrations and API security
- Security monitoring and incident response
You control
- Team member access and permissions
- Strength and security of your login credentials
- Two-factor authentication setup for your account
- Which integrations and third-party tools you connect
- How and where you share data exported from the platform
- Your own device and network security
Frequently asked
Where is my data stored?
Your data is stored on Vercel's infrastructure, which uses AWS and other enterprise cloud providers with data centres across multiple regions. Production data is stored in EU and US regions.
Does Ash Stores have access to my customer contacts?
Our engineering and support staff can access your data for the purpose of providing the service and resolving issues. All access is logged and audited. We never use your customer data for our own marketing or share it externally.
Can I get a Data Processing Agreement (DPA)?
Yes. If your business requires a formal DPA for GDPR compliance, contact us at security@ashstores.com and we'll provide one.
What happens to my data if I cancel my account?
You can export all your data before cancelling. After account closure, all personal data is deleted within 30 days and backup copies within 90 days.
Is Ash Stores ISO 27001 certified?
We are not currently ISO 27001 certified, but we follow the security controls and principles defined in the ISO 27001 framework. Certification is on our roadmap.
Security questions or concerns?
Contact our security team directly at security@ashstores.com. We respond to all security enquiries within 24 hours.