Our commitment: We build LoyalStack with security as a first principle — not an afterthought. Your shop data and your customers' data are protected using modern, industry-standard practices.
How We Protect Your Data
🔒
HTTPS / SSL Encryption
All traffic between your browser and our servers is encrypted using HTTPS. No data travels in plain text.
🔑
Password Hashing (bcrypt)
Shop owner passwords are hashed using bcrypt with a cost factor of 12. We never store or see your plain-text password.
🛡️
CSRF Protection
Every form and API request is protected with a CSRF token to prevent cross-site request forgery attacks.
💉
SQL Injection Prevention
All database queries use PDO prepared statements. User input is never concatenated directly into SQL.
📧
Email OTP Verification
New shop accounts are verified via a 6-digit OTP sent to your email. OTPs expire in 10 minutes with a 3-attempt limit.
🚫
Rate Limiting
OTP requests, login attempts, and API calls are rate-limited to prevent brute-force and abuse.
📁
Secure File Uploads
Logo uploads are validated for file type and size. Uploaded files are stored outside the web root and served safely.
💳
PCI-Safe Payments
All payments are processed by Razorpay. We never see or store card numbers, CVVs, or bank credentials.
Account Security Tips
Here's what you can do to keep your account safe:
- Use a strong, unique password for your LoyalStack account.
- Never share your login credentials with anyone.
- If you suspect unauthorized access, change your password immediately from the Settings page.
- Use a secure, private device when accessing your dashboard.
- Log out from your dashboard when using a shared or public computer.
Data Access Controls
- Each shop owner can only see their own shop data — accounts are fully isolated.
- Customer data (mobile numbers, reward history) is visible only to the shop owner it belongs to.
- Our team does not access shop data unless required for support and with your explicit permission.
Incident Response
In the unlikely event of a security incident affecting your data, we will:
- Notify affected shop owners via email within 72 hours of discovery.
- Provide clear information about what was affected and what steps to take.
- Work quickly to contain and remediate the issue.
Responsible Disclosure
Found a security vulnerability?
We appreciate researchers and developers who responsibly disclose security issues. If you've found a vulnerability in LoyalStack, please report it to us privately — do not post it publicly.
Email: support@loyalstack.in
Subject: "Security Disclosure — [brief description]"
We will acknowledge your report within 48 hours and keep you updated on the fix. We do not offer a formal bug bounty at this time but we genuinely value your help. 🙏
Contact
For any security-related questions or concerns: