DigitalPrint
Legal

Security Policy

Last updated: May 7, 2026

Encrypted everywhere
TLS in transit, AES-256 at rest.
Least privilege
Role-based access and tenant isolation.
Hardened infrastructure
Managed cloud with audited providers.
Continuous monitoring
Logging, alerting, and routine reviews.

1. Our security commitment

DigitalPrint is built for printing, signage, PVC, and sticker businesses that trust us with their orders, customers, inventory, and finances. We treat that trust seriously and apply industry-standard practices to keep your data confidential, available, and intact.

2. Data encryption

  • In transit: All connections use TLS 1.2 or higher. HTTP traffic is automatically redirected to HTTPS.
  • At rest: Databases, backups, and file storage are encrypted with AES-256 by our managed cloud providers.
  • Secrets: API keys and credentials are stored in a secrets vault and never committed to source code.

3. Access control & tenant isolation

  • Each company workspace is logically isolated through row-level security so one business can never read another's data.
  • Roles (super admin, company owner, manager, employee) follow the principle of least privilege and are enforced both in the UI and on the server.
  • Internal access by our team is restricted to named staff, requires multi-factor authentication, and is logged.

4. Authentication

We use modern password hashing, rate limiting, and protections against brute-force and credential stuffing. We support strong passwords, email verification, and social sign-in. Sessions are short-lived and can be revoked from your account at any time.

5. Infrastructure & vendors

DigitalPrint runs on managed cloud infrastructure with audited security controls (e.g. SOC 2). Sub-processors (hosting, email delivery, analytics, payments) are reviewed and bound by confidentiality and data protection terms.

6. Backups & availability

Production data is backed up regularly with point-in-time recovery. We monitor uptime continuously and aim for high availability of the DigitalPrint platform. Status and major incidents are communicated to affected customers.

7. Logging & monitoring

Application, authentication, and admin activity is logged. Sensitive actions such as role changes and settings updates are recorded in an audit log accessible to company owners and super admins. We use automated alerts to detect suspicious activity.

8. Secure development

  • Code review is required for every change.
  • Dependencies are scanned for known vulnerabilities and patched regularly.
  • Server-side input validation, parameterized queries, and content security headers protect against common web threats.

9. Payments

Payments are handled by PCI-DSS compliant payment processors. We do not store full card numbers on our servers — only tokens required to manage your subscription.

10. Customer responsibilities

Security is a shared responsibility. We recommend that you:

  • Use a strong, unique password and enable 2FA where available.
  • Grant team members the lowest role needed to do their job.
  • Review your audit log and active sessions periodically.
  • Keep your devices and browsers updated.

11. Incident response

If we detect a security incident affecting your data, we will investigate, contain it, and notify affected customers without undue delay, in line with applicable laws.

12. Responsible disclosure

Found a vulnerability?

We welcome reports from security researchers. Please email security@digitalprint.app with details and steps to reproduce. Do not publicly disclose the issue until we have had a reasonable time to fix it. We will acknowledge your report within 3 business days.

13. Contact

For any security questions, contact us at security@digitalprint.app.