SalesVu
Trust Center

How we earn the trust of operators who run real-world commerce.

SalesVu protects every transaction, customer record, and inventory event flowing through our platform with controls designed for retailers, restaurants, museums, and hospitals — the businesses that depend on us not to lose a beat.

Last updated: November 2025

PCI DSS Level 1

Card data is tokenized at the device. SalesVu's payment infrastructure is operated under PCI DSS Level 1 controls.

GDPR

Standard Contractual Clauses, data subject rights tooling, and an EU representative available on request.

CCPA / CPRA

Consumer rights workflows for access, deletion, and opt-out of sale or sharing of personal information.

HIPAA-aware

BAAs available for in-scope deployments serving hospital and medical-facility customers.

SOC 2 readiness

Continuous controls aligned to SOC 2 Type II Trust Services Criteria. Reports available under NDA.

Regional residency

US and EU data residency options for customers with regulatory hosting requirements.

Overview

SalesVu operates the AI-native operating system that thousands of brick-and-mortar businesses use every day. Trust is foundational to that role. This page explains the controls and practices behind that responsibility — security, compliance, reliability, privacy, and how we respond when things go wrong.

Security architecture

  • Encryption in transit: TLS 1.2 or higher for every public endpoint, with HSTS preloaded.
  • Encryption at rest: AES-256 for application databases, object storage, and backups.
  • Tokenized payments: Card data is tokenized at the terminal or in the browser. Sensitive cardholder data never lands in our application database.
  • Identity & access: Role-based access control inside the product, enforced multi-factor authentication for staff accounts, and single sign-on for enterprise customers.
  • Network controls: VPC isolation, least-privilege security groups, and bastion-only access to production.
  • Secrets management: Centralized secrets vault with automated rotation and access logging.
  • Application security: Mandatory code review, dependency scanning, static analysis, and regular third-party penetration testing.

Compliance

SalesVu maintains an active program aligned to PCI DSS Level 1, GDPR, CCPA / CPRA, and SOC 2 Type II Trust Services Criteria. HIPAA-aware operations and BAAs are available for in-scope deployments serving hospital and medical-facility customers. Reports and attestations are available under NDA on request to [email protected].

Reliability & uptime

  • Service target: 99.9% monthly uptime for core POS, payments, and online ordering.
  • Multi-AZ architecture: Application and database tiers run across multiple availability zones with automated failover.
  • Offline mode: Counter and Handheld POS continue ringing transactions during temporary connectivity loss and reconcile when service is restored.
  • Backups: Encrypted point-in-time backups retained per the documented retention policy in the customer agreement.
  • Change management: Continuous deployment behind feature flags, with progressive rollouts and automated rollback triggers.

Privacy & data handling

Customer data is processed only to deliver the SalesVu service, support customers, and meet legal obligations. We do not sell customer data. Data subject access, deletion, and portability requests are honored through documented workflows. See the Privacy Policy for full details and the Data Processing Agreement for processor-controller terms including Standard Contractual Clauses.

Sub-processors

SalesVu relies on a small number of vetted sub-processors to deliver the platform. Each is contractually bound to confidentiality and data-protection terms equivalent to or stricter than our own.

Sub-processorPurposeRegion
Amazon Web ServicesPrimary cloud infrastructure, storage, and computeUS / EU
StripeCard processing for select marketsGlobal
TwilioSMS notifications and Customer Service Agent telephonyUS
SendGridTransactional email deliveryUS
CloudflareEdge security, DDoS mitigation, CDNGlobal
DatadogApplication monitoring and observabilityUS

Customers are notified at least 30 days before any new sub-processor is added to in-scope processing activities.

Incident response

SalesVu maintains a documented incident response plan with defined severity levels, on-call rotation, and 24/7 monitoring. Confirmed security incidents that affect customer data are communicated to impacted customers within the timelines required by applicable law and the customer agreement, with a written post-incident report to follow.

Vulnerability disclosure

If you believe you have found a security vulnerability in any SalesVu product or service, please report it confidentially to [email protected]. We commit to acknowledging your report within 2 business days and providing a status update within 10 business days. Please do not test against production data, do not access accounts you do not own, and give us a reasonable window to remediate before any public disclosure.

Audit reports

Penetration test summaries, SOC 2 reports, and compliance attestations are available under a mutual non-disclosure agreement. Contact [email protected] from a verified business email to request access.

Contact our security team

General security questions: [email protected]

Vulnerability reports: [email protected]

Privacy questions: [email protected]

Real-time service status will be available at status.salesvu.com.

We use cookies to personalize content and analyze our website traffic. Additionally, we share information about your site usage with our analytics partners to improve performance and user experience. Additional details are available in our Cookie Policy.
Accept All Cookies Choose Cookies