LoyalStack
How it works Pricing FAQ Blog
Log in Start free →
LoyalStack Support
Typically replies within a few hours
🛡️
We're here to help you!
Send us your query on WhatsApp — our team is supporting you. Replies may take a little time but we always respond. 🙏

How can we help you?

⏱️ We read every message — please be patient, we'll reply shortly.
WhatsApp only · No calls please
← Close
🛡️ Security

Security at LoyalStack

Last updated: 10 July 2026  ·  We take security seriously, always

Our commitment: We build LoyalStack with security as a first principle — not an afterthought. Your shop data and your customers' data are protected using modern, industry-standard practices.

How We Protect Your Data

🔒
HTTPS / SSL Encryption
All traffic between your browser and our servers is encrypted using HTTPS. No data travels in plain text.
🔑
Password Hashing (bcrypt)
Shop owner passwords are hashed using bcrypt with a cost factor of 12. We never store or see your plain-text password.
🛡️
CSRF Protection
Every form and API request is protected with a CSRF token to prevent cross-site request forgery attacks.
💉
SQL Injection Prevention
All database queries use PDO prepared statements. User input is never concatenated directly into SQL.
📧
Email OTP Verification
New shop accounts are verified via a 6-digit OTP sent to your email. OTPs expire in 10 minutes with a 3-attempt limit.
🚫
Rate Limiting
OTP requests, login attempts, and API calls are rate-limited to prevent brute-force and abuse.
📁
Secure File Uploads
Logo uploads are validated for file type and size. Uploaded files are stored outside the web root and served safely.
💳
PCI-Safe Payments
All payments are processed by Razorpay. We never see or store card numbers, CVVs, or bank credentials.

Account Security Tips

Here's what you can do to keep your account safe:

  • Use a strong, unique password for your LoyalStack account.
  • Never share your login credentials with anyone.
  • If you suspect unauthorized access, change your password immediately from the Settings page.
  • Use a secure, private device when accessing your dashboard.
  • Log out from your dashboard when using a shared or public computer.

Data Access Controls

  • Each shop owner can only see their own shop data — accounts are fully isolated.
  • Customer data (mobile numbers, reward history) is visible only to the shop owner it belongs to.
  • Our team does not access shop data unless required for support and with your explicit permission.

Incident Response

In the unlikely event of a security incident affecting your data, we will:

  • Notify affected shop owners via email within 72 hours of discovery.
  • Provide clear information about what was affected and what steps to take.
  • Work quickly to contain and remediate the issue.

Responsible Disclosure

Found a security vulnerability?

We appreciate researchers and developers who responsibly disclose security issues. If you've found a vulnerability in LoyalStack, please report it to us privately — do not post it publicly.

Email: support@loyalstack.in
Subject: "Security Disclosure — [brief description]"

We will acknowledge your report within 48 hours and keep you updated on the fix. We do not offer a formal bug bounty at this time but we genuinely value your help. 🙏

Contact

For any security-related questions or concerns:

  • Email: support@loyalstack.in
  • WhatsApp: +91 87965 09552
LoyalStack

Plug-and-play loyalty for Indian local shops. Spin. Scratch. Win. Repeat.

Product

  • Features
  • Games
  • Pricing
  • Demo

Resources

  • Blog
  • Case studies
  • Help Center
  • Status

Account

  • Shop Login
  • Register
  • Billing
  • Affiliate Program

Legal

  • Privacy
  • Terms
  • Refunds
  • Security
© 2026 LoyalStack · Made with ❤️ in India for shops everywhere support@loyalstack.in · +91 87965 09552