Trust
Concrete practices, not vague promises.
We'd rather show you what we actually do than make claims we can't back. Everything below either runs in production today or has a public artefact you can verify.
Multi-tenancy
Data isolation
- Row-level tenancy
- Every database row carries a
tenantId. Every API query is scoped to the caller's tenant. We don't use shared schemas with a dropdown filter — wrong-tenant data simply isn't in the response. - Role-gated endpoints
- Owner, manager, cashier, kitchen, staff. The role is checked on the server, not in the UI. A cashier who guesses at the audit-log URL gets a 403.
- Append-only audit log
- Refunds, voids, manager overrides, role changes, and price edits land in an append-only audit log. You can review who did what, when, from which device — non-repudiable.
Money
Payments
- We never see card numbers
- Card details go straight to Stripe via Stripe Connect. Bina has no PAN data, no PCI scope, no offline card storage. Settlements flow from Stripe to your bank — Bina is never in the money path, only the software path.
- No per-transaction take
- Bina is a flat monthly subscription. We don't skim 1% of every cup of coffee you sell.
- Idempotent operations
- Every mutating endpoint accepts an
Idempotency-Key. Network blips and offline-queue replays can't double-charge or duplicate orders.
Operations
Infrastructure
- Daily backups
- Postgres backed up nightly. We run a restore drill against the latest backup as part of the same job — a backup that hasn't been restored is a hope, not a backup.
- Public status page
- Live system health at bina.so/status. Shows real dependency state — Postgres latency, Anthropic configured, Clerk configured, etc. No green-by-default; we don't hide outages.
- Performance proven under load
- Load-tested at 50 concurrent QR scans + 30 concurrent order creates. p95 menu read under 1.5s, p95 order create under 5s. 0.00% error rate across 1234+ requests.
- Security headers on every response
- HSTS (2-year max-age), X-Frame-Options, X-Content-Type-Options nosniff, Referrer-Policy, and an explicit Permissions-Policy denying every sensitive browser API we don't actively use (USB, MIDI, accelerometer, etc.).
The paperwork
Legal & compliance
- UAE PDPL aligned
- See /legal/pdplfor what data we collect, why, where it's stored, and how to request export or deletion.
- DPA available
- Standard data-processing agreement at /legal/dpa. For B2B customers who need it on file before procurement signs off.
- Terms & privacy public
- /legal/terms ·/legal/privacy. No legal-team-locked PDFs you have to email for.
- UAE VAT on every order
- 5% VAT applied, tracked, and surfaced on Z-reports for daily reconciliation. ZATCA extension on the V1.5 roadmap.
Honest about gaps
What we don't have yet
- SOC 2 Type II
- Not yet. Once paying B2B customers ask for it, we'll pursue it. For most café/F&B buyers it isn't a procurement gate today.
- On-prem deployment
- Not offered. Bina is cloud-only. If you need on-prem, we're not your fit.
- ISO 27001
- Future. Not blocking V1 sales.
Got a security question?
Email hello@bina.so— we'll answer with what we actually do, not marketing copy.
Found a vulnerability? See /.well-known/security.txt for our disclosure policy (RFC 9116).