Tenant isolation
Restaurant data is scoped by tenant in backend services, route guards, API keys and support-session boundaries.
Trust Center for security, privacy and reliability.
Security posture, privacy boundaries and operational readiness for restaurants evaluating Limvero.
Public claim boundary
Limvero public pages describe implemented product capabilities and marked roadmap items honestly. Certification, fiscal, payment, marketplace, uptime and customer-logo claims appear only when those facts are real and documented.Isolation
Tenant-scoped backend
Scoped
Hashed API keys
Operational
Backup and rollback
Automated
Release gate
Security controls
Controls are described as implemented product behavior, not as generic security claims.
Separated cabinets
Restaurant Cabinet and Platform Admin sessions are separated in frontend guards and backend role requirements.
Credential controls
Admin password policy, POS PIN policy, refresh-token rotation, logout and session invalidation reduce account risk.
Support access
Support sessions are read-only by default, time-bounded and designed for controlled troubleshooting without shared passwords.
API key safety
API keys are tenant-scoped, shown once, stored hashed, protected by scopes and rate limits, and can be revoked.
Webhook protection
Webhook destinations are validated to reduce SSRF risk and delivery events use signature and retry workflows.
Operational controls
Reliability expectations are tied to release gates, backups, smoke checks and incident communication.
Production gates
Release checks cover route guards, source security, compose hardening, tests, typecheck, lint, build, smoke and audit.
Strict browser headers
Public and cabinet surfaces use browser hardening headers through the web runtime and production smoke checks.
Backups and rollback
Operational scripts cover PostgreSQL and Redis backups, restore checks, release manifests and rollback flow.
Worker recovery
Webhook, report export and print workers include stale-state recovery paths for safer long-running operations.
Status communication
The public status page avoids unsupported uptime claims and is ready for factual incident or maintenance updates.
Data lifecycle
Tenant export snapshots and deletion request workflows support offboarding and privacy operations.
Trust materials
Procurement and security-review pages describe how Limvero handles data lifecycle, recovery, incidents, subprocessors and future compliance work.
Data Retention
Retention categories, export snapshots, report export retention and deletion workflow boundaries.
Backup and Restore
PostgreSQL and Redis backup, restore validation, pre-migration backup and rollback boundaries.
Incident Response
Detection, containment, investigation, communication, recovery and post-incident review model.
Compliance Roadmap
Current controls, future audit roadmap and clear limits around unclaimed certifications.
Subprocessors
Provider categories, selection status, data categories and customer notice boundaries.
Vulnerability Disclosure
Responsible reporting rules, prohibited testing actions and coordinated disclosure process.
Clear claim boundaries
Limvero public materials are intentionally conservative. Restaurants can see what is implemented today, what needs provider-specific work and what requires procurement review.
Review legal centerNo SOC 2, ISO 27001, PCI or similar certification is claimed until the audit or certification is complete.
No certified acquiring, fiscal or delivery marketplace integration is claimed until a provider-specific integration is contracted and verified.
No customer logos, testimonials, uptime metrics or security badges are used unless the underlying facts are documented.
Public API docs describe implemented endpoints only and do not expose production Swagger try-it by default.
Plan a clean restaurant rollout.
Talk through locations, POS devices, kitchen workflow, menu migration, API needs and security review before launch.