Your data is sacred

Bank-grade
security

End-to-end encryption, 2FA for everyone, audit log on every action. Your restaurant is safe.

8 Layers of Protection

2FA Authentication

TOTP via Google Authenticator or Authy, 10 backup codes for emergencies, enforced on login.

End-to-end Encryption

TLS 1.3 in transit, AES-256 at rest. Passwords bcrypt-hashed (12 rounds).

Immutable Audit Log

Every sensitive action (void, discount, refund, permission change) logged with user + time, cannot be erased.

Granular Permissions

8 roles ร— 50 permissions. Cashier needs manager auth for void/refund/manual discount. Multi-layer.

Secure Sessions

Short-lived JWTs (15 min) + rotating refresh tokens, Redis-blacklisted on logout.

Local Infrastructure

Servers in Saudi Arabia, PDPL-compliant. Daily backups, data never leaves the kingdom.

Tenant Isolation

Each restaurant has a separate business_id. Prisma middleware ensures one tenant never sees another โ€” ever.

Sentry Observability

Errors in the API caught instantly and fixed before you notice. PII scrubbed before send.

Compliance & Certifications

โœ…ZATCA Phase 1
Live
๐ŸŸกZATCA Phase 2
Ready
โœ…PDPL (SDAIA)
Compliant
โœ…PCI DSS
Via payment gateways
๐ŸŸกSOC 2
In audit

Report a security issue to security@alifood.co

Bug bounty program: 500 - 50,000 SAR

Ali Food โ€” Cloud POS for Restaurants ยท Ali Food