We're a young company building security into our DNA from day one. Here's exactly what we do to protect your data.
Concrete measures we have in place today — not aspirational roadmap items.
All data is encrypted in transit using TLS 1.3 — the same standard used by banks. Data at rest is encrypted with AES-256.
All payment processing goes through Stripe, which holds the highest level of PCI-DSS certification. We never touch raw card numbers.
When customers save a card, Stripe stores it as a token. We never store, see, or have access to full card numbers. Ever.
Every order gets a trust score based on caller history, phone number verification, and behavioral signals. Suspicious activity is flagged before it processes.
Customer data, order history, and account information are encrypted at rest using industry-standard AES-256 encryption on Railway infrastructure.
We don't sell customer data to third parties. Your customer relationships belong to you — that's the whole point.
Honesty is our moat. We'd rather tell you what we haven't done yet than pretend we have. Here's where we are:
We haven't completed SOC 2 certification. It's on our roadmap as we grow, but we won't claim it until it's done.
HIPAA isn't applicable to restaurant ordering, and we're not certified. We mention this because some platforms vaguely imply compliance certifications they don't have.
We don't advertise 99.9% uptime or offer a formal SLA yet. We aim for high availability, but we won't put a number on it until we can back it with a contractual guarantee.
We don't build everything from scratch. We use the best in the business.
Stripe
Payment Processing
PCI-DSS Level 1 certified. Processes billions in payments for companies like Shopify, Amazon, and Instacart.
Railway
Cloud Infrastructure
Our servers, databases, and storage run on Railway — modern cloud infrastructure with built-in CI/CD, scaling, and monitoring.
Twilio
Voice & SMS
Phone calls and text messages are powered by Twilio, trusted by Uber, Airbnb, and hundreds of thousands of businesses.
We're an open book. If you have questions about how we handle your data, reach out — we'll give you a straight answer.