Skip to main content
VentaLens is launching soon — sign-ups open shortly.
VentaLens
Coming soon →
Trust

Security & data handling.

Seven straight answers to "what do you do with my data?" — sourced from our internal data-use policy, not marketing copy.

  1. 1. What we read

    Receipts (line items, totals, taxes, timestamps), items and variants, categories, shifts, stock levels, stores, and employees (id + display name only). Strictly read-only via Loyverse's public REST API.

  2. 2. What we don't touch

    Customer records and contact PII (names, phones, emails) — we never ingest them; only an opaque customer id may appear on a receipt. Payment-card data (Stripe handles that — we never see it), Loyverse account settings, and anything outside the documented receipts/items/employees scope.

  3. 3. Where it lives

    Supabase Postgres in Singapore (ap-southeast-1). Every row is tagged with your tenant ID and protected by Postgres Row-Level Security — isolation is enforced at the database layer, not just the application layer. Even our internal queries are tenant-scoped.

  4. 4. Who can see it

    Only authenticated users on your account see your data in the product. For support and debugging, our internal admin tooling can query data across accounts (the only role that bypasses Row-Level Security); these privileged actions are written to an audit log. We do not sell or share your data, and we never mix it with another business's.

  5. 5. Encryption

    TLS 1.3 in transit (HSTS enabled, HTTP redirects to HTTPS). AES-256 at rest (Supabase default). Your Loyverse Personal Access Token is encrypted with a separate key before being stored.

  6. 6. Your data, your control

    Delete your account from your Profile page ('Delete account'). After a 30-day recovery grace period, all your data — raw receipts, derived insights, audit logs — is purged. Export anytime via 'Export my data' on your Profile page. A Data Processing Agreement is available on request: [email protected].

  7. 7. Who operates VentaLens

    VentaLens is operated by SKANDAN PTE. LTD. (UEN 202621966R), a Singapore-incorporated company. For privacy or data-handling questions, email [email protected].

Standards

Standards we align with

PDPA

Singapore Personal Data Protection Act.

GDPR

EU General Data Protection Regulation.

OWASP

Top-10 web application security risks.

TLS 1.3

Strict transport security on every page.

Get in touch

Need a DPA or have a privacy question?

Email us — we send the DPA within a day.

Email us Loyverse relationship
Get started

Ready to see your numbers clearly?

Connect Loyverse in 60 seconds. No credit card, cancel any time.

Coming soon →