Data Encryption
All data at rest is encrypted with AES-256-GCM. Data in transit is protected by TLS 1.2+ on every connection. Database backups are encrypted with separate keys rotated on a regular schedule.
Security
Security is not an add-on. It is built into every layer of the platform, from the database to the card reader.
All data at rest is encrypted with AES-256-GCM. Data in transit is protected by TLS 1.2+ on every connection. Database backups are encrypted with separate keys rotated on a regular schedule.
We never store raw card numbers, CVVs, or magnetic-stripe data. Payments run through PCI-DSS Level 1 certified infrastructure, and only a tokenized card reference — never the card itself — ever touches our systems.
Role-based access control (RBAC) ensures every user sees only what they should. Row-level security (RLS) policies enforce tenant isolation at the database layer. Every sensitive action is written to an immutable audit log.
Each tenant is logically isolated with enforced boundaries at the query layer. Automated daily backups with point-in-time recovery. Infrastructure runs on SOC 2 Type II certified cloud providers with redundancy across availability zones.
Our practices align with SOC 2 Type II controls. GDPR-ready data export lets any user request a full copy of their data. Data retention policies are configurable per tenant. We support data deletion requests within 30 days.
See how Batch protects your business from day one.
Get started free