Platform Security

Enterprise Grade Protection

Security is not merely an optional feature at TressyPOS; it is the core foundation upon which our entire point-of-sale software architecture is developed. We implement multi-layered physical, logical, and cryptographic systems to guarantee that your business ledger, commercial records, and client files remain private and secure.

1. Encryption Protocols (Data in Transit & at Rest)

Whenever your TressyPOS local desktop terminal transmits backup packages, scheduling logs, or staff performance evaluations to our database cluster, the connection is wrapped in bank-grade encryption layers:

• TLS 1.3 Transport Encryption: All remote synchronization queries processed through the internet are protected utilizing industry-standard Transport Layer Security (TLS 1.3). This effectively eliminates intercept-based security vulnerabilities.
• Cryptographic Local Sandboxing: Within your physical device, local variables, authentication keys, and transaction queues live inside highly secure browser sandboxes (IndexedDB) equipped with system-level folder permission firewalls.

2. Database Isolation & Row-Level Security (RLS)

Standard legacy SaaS software often mixes multiple business databases into massive shared database tables, introducing risks of data leak. TressyPOS eliminates this vector completely:

A. Supabase PostgreSQL Integration

We leverage isolated Supabase PostgreSQL relational schemas structured under strict Row-Level Security (RLS) policies. Your specific data is securely locked behind customized encryption keys assigned only to your administrative login token.

B. Private Hosting Architecture

All database instances are hosted on dedicated, high-performance virtual private servers managed via Hetzner Online GmbH. These instances run behind hardware-level firewalls and continuous operational monitoring software.

3. Local Device & Hardware Level Security

Because TressyPOS operates as a local-first desktop engine, the physical security of your local machines represents a critical component of your overall defense. We support your local security measures through the following built-in systems:

• Web-Isolated Operations: The billing, scheduler, and checkout engines operate completely sandboxed on your hard drive, running with zero active network dependencies during critical transactions to minimize remote exploit risks.
• Role-Based Administrative Controls: Owners can define strict access controls within the software. This limits permissions so staff members can access basic checkout functions but cannot view sensitive profit/loss logs, master business balances, or bulk export your client lists.

4. Continuous Platform Hardening

Our engineering team at AsanWebs regularly monitors our infrastructure to deploy software updates, database security patches, and structural dependencies. Our continuous integration model ensures that your local TressyPOS software setup is protected against newly discovered vulnerabilities.