Security · Built for the trust restaurants depend on

Multi-tenant isolation,by construction.

Every venue is sealed at the database layer with row-level security. No code path lets a query cross tenants. Audit, encryption, rate-limiting, and a strict Content Security Policy are the floor — not a paid add-on.

Request access Read the security posture

Posture shipped today

Live6controls shipped · 8 AU states · 1 audit ledger

Six controls. Shipped, not promised.

What's actually enforced on every request.

Each control is implemented and tested in production. The specs live in Sub-PRD-12 (Security Infrastructure & Tenant Isolation). Nothing on this page is on a roadmap.

01 · Isolation

Row-Level Security on every table

Postgres RLS policies enforce tenant_id on every tenant-bound table. The application can't bypass them — the database does the check on every row read or written.

Postgres RLSPer-tenant policiesNo service-role in app code

02 · Audit

Immutable audit log

Every write is recorded with actor, tenant, action, payload, and timestamp. Append-only, exportable, and visible inside the admin surface for the tenant owner.

Append-only ledgerActor + tenant + payloadAdmin UIExport

03 · Rate limits

OWASP-aligned rate limiting

Upstash Redis rate limits map directly to the OWASP API Security top-10. Per-route, per-tenant, per-actor — graceful 429s with retry headers, not silent drops.

Upstash RedisPer-routePer-tenantOWASP-mapped

04 · CSP

Strict Content Security Policy

A strict CSP, frame-ancestors, HSTS, and Permissions-Policy ship by default on every response. No inline scripts, no eval. Nonces for the few things that need them.

Strict CSPHSTSNo inlineNonce-onlyFrame-ancestors

05 · Encryption

Encrypted at rest and in transit

TLS 1.3 on the edge. Database encryption at rest via Supabase-managed keys. Per-tenant integration secrets stored encrypted with envelope keys — not in plain config.

TLS 1.3AES-256 at restEnvelope encryptionNo plaintext secrets

06 · Identity

Supabase Auth with server sessions

JWT issued by Supabase Auth, session enforced via HTTP-only server cookies. MFA available. Staff PIN for floor terminals separate from owner credentials.

Supabase AuthHTTP-only cookiesMFAStaff PINRBAC roles

Australian-first compliance posture

The jurisdictions and frameworks we're built around.

NexDine is built for Australian hospitality first. The compliance surface is jurisdiction-aware across all eight states and territories, and the data layer is designed for the obligations operators carry locally.

Australian Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles guide our data handling.

Single Touch Payroll (STP) submissions are wired through to the ATO via accredited adapters.

HACCP, RSA/RCG, temperature, and cleaning logs are per-state aware across all eight AU jurisdictions.

Responsible disclosure

Found a vulnerability?

We treat security reports as a priority. Email us with the issue and reproduction steps. We aim to acknowledge inside one business day and to patch critical issues in days, not weeks.

security@nexdine.com.auEmail security

Please do not test against pilot tenants. Use the staging environment we'll provide on request.

Security · the floor, not the ceiling

Run service on a platform that takes isolation seriously.

We'd rather build trust through the architecture than the marketing. Ask us anything — the answer is usually in code.

Apply for a pilot slotorTalk to security

Sub-PRD-12 · Production-ready · Reviewed quarterly

Multi-tenant isolation,by construction.

Posture shipped today

Live6controls shipped · 8 AU states · 1 audit ledger