Security

Last updated: January 21, 2026

Our Commitment to Security

At My Chef, security is our top priority. We implement industry-leading security measures to protect your data, your customers' information, and your restaurant operations. This page outlines the comprehensive security practices we follow.

Data Encryption

Encryption in Transit

All data transmitted between your devices and our servers is encrypted using:

  • TLS 1.3: The latest and most secure transport layer security protocol
  • HTTPS: All pages served over secure HTTPS connections
  • Strong Cipher Suites: Only modern, secure encryption algorithms
  • Perfect Forward Secrecy: Each session uses unique encryption keys

Encryption at Rest

Your data stored on our servers is protected with:

  • AES-256 Encryption: Military-grade encryption for stored data
  • Database Encryption: All sensitive data encrypted at the database level
  • Encrypted Backups: All backups are fully encrypted
  • Secure Key Management: Encryption keys stored separately from data

Payment Security

We take payment security extremely seriously:

  • PCI DSS Compliance: We use Stripe, a PCI DSS Level 1 certified payment processor
  • No Card Storage: We never store credit card numbers on our servers
  • Tokenization: All payment information is tokenized by Stripe
  • 3D Secure: Support for additional authentication when required
  • Fraud Detection: Advanced fraud detection and prevention systems

Authentication & Access Control

Password Security

  • Bcrypt Hashing: Industry-standard password hashing algorithm
  • Salt & Pepper: Additional layers of password protection
  • Password Requirements: Minimum 8 characters with complexity rules
  • No Plain Text Storage: Passwords are never stored in readable form
  • Secure Password Reset: Time-limited, single-use reset tokens

Two-Factor Authentication (2FA)

Optional 2FA provides an extra layer of security:

  • Time-based One-Time Passwords (TOTP)
  • Compatible with Google Authenticator, Authy, and other apps
  • Recovery codes for account access if device is lost
  • Recommended for all restaurant owner and manager accounts

Role-Based Access Control

  • Granular Permissions: Different access levels for owners, managers, and staff
  • Principle of Least Privilege: Users only have access to what they need
  • Activity Logging: All sensitive actions are logged and auditable
  • Session Management: Automatic logout after inactivity

Infrastructure Security

Cloud Infrastructure

  • Secure Hosting: Enterprise-grade cloud infrastructure
  • DDoS Protection: Protection against distributed denial-of-service attacks
  • Web Application Firewall: Advanced firewall protecting against common threats
  • Automatic Scaling: Infrastructure scales to handle traffic spikes
  • Geographic Redundancy: Data replicated across multiple locations

Server Security

  • Regular Updates: Operating systems and software kept up to date
  • Security Patches: Critical patches applied within 24 hours
  • Hardened Configurations: Servers configured following security best practices
  • Intrusion Detection: Automated monitoring for suspicious activity
  • Isolated Environments: Separate staging and production environments

Application Security

  • Input Validation: All user inputs are validated and sanitized
  • SQL Injection Prevention: Parameterized queries and ORM protection
  • XSS Protection: Output encoding prevents cross-site scripting
  • CSRF Protection: Tokens protect against cross-site request forgery
  • Security Headers: HTTP security headers implemented (CSP, HSTS, etc.)
  • Rate Limiting: API rate limits prevent abuse and brute force attacks
  • Code Reviews: All code changes reviewed for security issues

Data Backup & Recovery

  • Automated Backups: Daily encrypted backups of all data
  • Point-in-Time Recovery: Ability to restore to any point in time
  • Geographic Distribution: Backups stored in multiple geographic locations
  • Regular Testing: Backup restoration tested regularly
  • 99.9% Uptime SLA: Commitment to service availability

Monitoring & Incident Response

24/7 Monitoring

  • Real-time security monitoring and alerting
  • Automated threat detection systems
  • Log aggregation and analysis
  • Performance and availability monitoring

Incident Response Plan

  • Documented incident response procedures
  • On-call security team available 24/7
  • Rapid response to security incidents
  • Transparent communication during incidents
  • Post-incident analysis and improvements

Compliance & Certifications

  • GDPR Compliant: Full compliance with EU data protection regulations
  • CCPA Compliant: California Consumer Privacy Act compliance
  • PCI DSS: Payment Card Industry Data Security Standard (via Stripe)
  • SOC 2: Service Organization Control audit (in progress)
  • Privacy Shield: EU-US and Swiss-US Privacy Shield frameworks

Employee Security

  • Background Checks: All employees undergo background verification
  • Security Training: Regular security awareness training
  • NDA Requirements: Non-disclosure agreements for all staff
  • Limited Access: Strict access controls to production systems
  • Audit Logs: All employee actions logged and monitored

Best Practices for Restaurant Users

We recommend following these security practices:

  • Use strong, unique passwords for your account
  • Enable two-factor authentication (2FA)
  • Don't share your account credentials
  • Log out when using shared devices
  • Keep your devices and software updated
  • Be cautious of phishing emails
  • Report suspicious activity immediately
  • Review your access logs regularly

Vulnerability Disclosure

We welcome reports from security researchers and the community:

  • Responsible Disclosure: We encourage responsible disclosure of vulnerabilities
  • Bug Bounty: Rewards for valid security findings
  • Quick Response: We respond to reports within 24 hours
  • Recognition: Security researchers credited in our hall of fame

Report security issues to: security@mychef.rest

Third-Party Security

We carefully vet all third-party services:

  • All vendors undergo security assessment
  • Data processing agreements in place
  • Regular vendor security audits
  • Compliance with our security standards

Security Updates

We continuously improve our security posture:

  • Regular security audits and penetration testing
  • Continuous monitoring of security advisories
  • Rapid deployment of security patches
  • Annual third-party security assessments

Contact Security Team

For security-related inquiries:

Your Security is Our Priority

We are committed to maintaining the highest security standards to protect your restaurant and your customers. If you have any security concerns or questions, please don't hesitate to reach out.

Privacy Policy Terms of Service Cookie Policy