Back to home
Security

Encryption

AES-256 at rest, TLS 1.3 in transit, HSTS preloaded.

Encryption is applied uniformly to all customer data, in both directions. We do not have a tier with weaker crypto — every workspace gets the same protections.

At rest

Database storage is encrypted with AES-256 at the volume level. Row-level application encryption is additionally applied to highly sensitive fields such as guest contact details, with keys held in AWS KMS scoped per workspace. Backups inherit the same encryption.

In transit

All HTTPS traffic uses TLS 1.3. TLS 1.2 is supported as a fallback for older clients but TLS 1.0 and 1.1 are disabled. The DineOS apex domain is on the HSTS preload list, so browsers refuse to talk to us over plain HTTP even on first connection.

Key management

Keys are managed in AWS KMS with an explicit key per workspace. Annual key rotation is automatic. Key access is logged in CloudTrail and reviewed quarterly.

Independent verification
Owners can request our latest pen-test summary from Settings → Security → Reports. The full report is shared under NDA on request.