Enterprise-Grade Security

Your Data Security Is Built In

We designed Kynetik with security at the foundation, not as an afterthought. Your store data is protected by isolated databases, industry-standard encryption, and trusted infrastructure partners.

Isolated Databases

Every merchant gets their own dedicated database. Your data is completely separated from other stores — not just filtered, but physically isolated.

Encrypted Everywhere

All data is encrypted in transit with TLS and at rest on Cloudflare's infrastructure. Credentials are hashed with industry-standard algorithms.

Card Data Never Stored

Payment card data flows directly to Stripe — it never touches our servers. Your PCI compliance scope stays minimal.

Your Data Stays Yours

Each Kynetik customer gets their own isolated database. Your products, customers, transactions, and staff information are completely separated from other stores.

This architecture means that even if another store experienced a security issue, your data would remain protected. There's no shared database where a query error could expose one merchant's data to another.

What this means for you:

  • Your data is in a separate database, not just a filtered view
  • Each device is authenticated to your specific store
  • Uninstalling removes your data — we don't keep it

Secure Staff Access

Staff members authenticate with PINs that are securely hashed before storage. We never store PINs in plain text, and each PIN uses a unique random salt.

PIN Security

  • Hashed with 100,000 iterations (PBKDF2)
  • Unique random salt per staff member
  • Timing-safe comparison prevents attacks
  • Weak PINs rejected (no 1234, 0000)

Account Protection

  • Automatic lockout after failed attempts
  • Role-based access controls
  • Escalation required for sensitive actions
  • Complete audit trail of staff activity

Payments Handled Right

We partnered with Stripe — the world's most trusted payment platform — specifically so card data never touches our systems. When a customer taps their card at your register, that data flows directly to Stripe's PCI-certified infrastructure.

Your Kynetik system never sees, stores, or processes actual card numbers. This dramatically reduces your PCI compliance burden and eliminates a whole category of risk.

Powered by Stripe

PCI DSS Level 1 certified payment processing

Built on Cloudflare

Kynetik runs on Cloudflare's global edge network — the same infrastructure that protects millions of websites from attacks. This means:

DDoS Protection

Automatic protection against denial-of-service attacks

Encryption at Rest

Your data is encrypted on Cloudflare's storage

Global Edge Network

No single server to target, fast from anywhere

SOC 2 Type II

Cloudflare's compliance covers your data

Complete Audit Trail

Every action in Kynetik is logged. Know who did what, when, and from which device. This helps you maintain compliance, investigate discrepancies, and hold staff accountable.

What we track:

  • Staff logins and logouts
  • Failed login attempts
  • Order creation and modifications
  • Refunds processed
  • Escalation requests and approvals
  • Device registration and removal
  • Settings changes
  • Price overrides and discounts

BigCommerce Remains Your Source of Truth

Your products, orders, customers, and inventory data all live in BigCommerce. Kynetik caches product data locally for fast offline access, but BigCommerce is always the authoritative source.

This means you maintain full control of your data through BigCommerce. If you ever uninstall Kynetik, your commerce data is exactly where it's always been — safe in BigCommerce.

Trusted Infrastructure Partners

Cloudflare
Stripe
BigCommerce

Security Questions?

If you have questions about our security practices or need documentation for your vendor review process, we're here to help.

security@kynetik.cc