Security at POSavoir

Compliance & attestations

• SOC 2 Type II , annual audit of security, availability, and confidentiality controls.
• PCI DSS , card data is processed by PCI-validated providers; POSavoir's environment is reviewed annually.
• GDPR / UK GDPR / CCPA , privacy program aligned to leading data-protection regimes.

Encryption

• TLS 1.2+ in transit, AES-256 at rest.
• Secrets stored in a managed key-management service with hardware security module backing.

Access control

• Single sign-on (SAML/OIDC) and enforced multi-factor authentication for employees.
• Least-privilege access reviewed quarterly. Production access is gated by approval, audit-logged, and time-bound.

Application security

• Code review and automated static analysis on every change.
• Dependency scanning and patch management on a defined SLA.
• Annual third-party penetration test; report available under NDA.

Infrastructure

• Hosted in tier-1 cloud regions with 24/7 monitoring and on-call rotation.
• Encrypted, geographically isolated backups; recovery objectives documented in our DR plan.

Incident response

We maintain a documented incident response plan with a 24/7 on-call rotation. We will notify affected operators without undue delay if we determine that personal data has been compromised, in line with applicable law and contractual commitments.

Responsible disclosure

If you believe you've found a security vulnerability, please email security@POSavoir.com. We will acknowledge within 2 business days and work in good faith to investigate and resolve. We do not pursue legal action against good-faith researchers.

Documents available on request

• SOC 2 Type II report (under NDA)
• Penetration test summary
• Sub-processor list
• Business continuity / disaster recovery summary

Email security@POSavoir.com.