Authentication
Passwords are hashed — never stored in plain text.
Sessions use Better Auth with secure cookies. Google OAuth is supported for sign-in.
Security
How we protect your data
StoreBoard handles shift times, photos, and incident records. Here is what we do to keep that data safe.
Encrypted in transit
HTTPS/TLS on every request
Tenant-isolated
Org-scoped data access
PCI via Stripe
No card numbers on our servers
By topic
Payment data
We never store full credit card numbers.
Billing runs through Stripe. PCI compliance for payment data is handled by Stripe, not on StoreBoard servers.
Photos & files
Proof photos stay inside your organization.
Task proof, incident images, and stock alert attachments upload to encrypted cloud storage (AWS S3). Only members of your org can access them.
Location data
GPS only at clock-in and clock-out — not continuous tracking.
Coordinates verify employees are at assigned store locations when they punch. We do not track location in the background.
Organization isolation
Each org’s data is walled off from others.
Team members only see locations and records they are assigned to. Roles separate owners, admins, managers, and employees.
Infrastructure
Modern cloud stack with restricted database access.
StoreBoard runs on encrypted infrastructure. Database access is limited to application services — not open to the public internet.
Questions or a security review?
Read the full Privacy Policy and Terms of Service. For security-specific questions, email support@mystoreboard.com.