Where is DashAdvisr data stored?

Your data is stored in Supabase (PostgreSQL on AWS) with SOC 2 Type II compliant infrastructure. All data is encrypted with AES-256 at rest and TLS 1.3 in transit.

Can other venue owners see my data?

No. DashAdvisr enforces Row Level Security (RLS) at the database level. Every query is scoped to your account. It is architecturally impossible for one venue owner to access another's data.

Does DashAdvisr sell my data?

No. DashAdvisr does not sell, share, or monetize your business data. This commitment is written into our Terms of Service.

How do POS integrations work securely?

All POS integrations use OAuth 2.0. DashAdvisr never sees or stores your POS login credentials. We request read-only access by default, and you can disconnect anytime from Settings.

Can I delete all my data?

Yes. You can request complete account and data deletion at any time by emailing admin@dashadvisr.com. All data is permanently purged within 90 days. We also support CCPA and GDPR deletion requests.

Can I export my data?

Yes. You can export all your business data in JSON and CSV formats at any time from your dashboard settings.

Your Data Security

Q: Does DashAdvisr use my data to train AI?

No. DashAdvisr uses Anthropic's Claude API, which contractually does not use customer data for model training. Your data is processed in a single request and discarded by the AI provider.

We take security as seriously as you take your business. Here is exactly how we protect your data — no vague promises, just specifics.

Infrastructure

Where your data lives

Every layer of our stack is built on enterprise-grade infrastructure from providers who specialize in security.

🗄️

Database: Supabase (PostgreSQL on AWS)

Your business data is stored in a managed PostgreSQL database on AWS infrastructure. Supabase maintains SOC 2 Type II compliance, meaning their security controls are independently audited annually.

🌐

Hosting: Netlify (AWS-backed CDN)

The DashAdvisr application is served through Netlify's enterprise-grade CDN, backed by AWS. All traffic is served over HTTPS with automatic certificate management.

🧠

AI: Anthropic's Claude API

Sage AI runs on Anthropic's Claude. Anthropic contractually does not use customer data for model training. Your data is processed in a single request and discarded by the AI provider.

🔒

Encryption: TLS 1.3 + AES-256

All data in transit is encrypted with TLS 1.3. All data at rest is encrypted with AES-256. API keys and OAuth tokens are stored in Supabase Vault, a dedicated secrets manager.

Data Isolation

Your data is yours alone

We don't just promise data isolation — we enforce it at the database level so it is architecturally impossible to violate.

🛡️

Row Level Security (RLS)

Every database query is scoped to your authenticated account using PostgreSQL Row Level Security policies. Even if a bug existed in our application code, the database itself would block unauthorized access.

🏢

No cross-venue access

Venue owners can never see each other's data. Your revenue, staffing, inventory, and customer data is invisible to every other account on the platform. Period.

🔑

Service keys stay server-side

Administrative database keys are never exposed to client-side code. All privileged operations run exclusively on server-side edge functions behind authentication checks.

AI & Privacy

How Sage AI handles your data

Sage is powerful because it reads your actual business metrics. But we've built strict boundaries around what it sees and what happens to that data.

📊

Aggregated metrics only

Sage sees your Waypoint Score, domain scores, and trend data. It receives aggregated business metrics — never raw personally identifiable information like customer names, phone numbers, or email addresses.

🎭

CRM data is anonymized

When Sage needs customer context (like churn patterns), CRM records are anonymized before being sent to the AI. Names and contact details are stripped out and replaced with anonymous identifiers.

🗑️

No storage, no training

AI responses are generated in real-time and are not stored by Anthropic or used to train future models. This is guaranteed by Anthropic's enterprise API terms.

🧹

Delete your AI history anytime

All AI interaction history stored in DashAdvisr (your saved insights and Sage conversations) can be deleted from your account settings at any time. Once deleted, it's gone.

Trust

What we don't do

Trust is built by what you choose not to do. Here are the lines we will never cross.

We don't sell your data. Ever.

Your business data is yours. We don't monetize it, broker it, or share it with anyone. This is written into our Terms of Service, not just a marketing promise.

We don't share data with third parties

No advertisers, data brokers, or partner companies receive your data. The only third-party processing is Anthropic's Claude API for AI insights, which discards data after each request.

We don't use your data for advertising

No ad pixels, no behavioral tracking, no retargeting based on your business data. We use only essential cookies. See our Cookie Policy.

We don't retain data after account deletion

When you delete your account, all data — scores, insights, integration tokens, and stored snapshots — is permanently purged within 90 days. No backups are kept.

Your Controls

You're always in charge

You should never feel locked in. Here is what you can do with your data at any time, no questions asked.

Export all your data anytime. Download your complete business data in JSON and CSV formats from your dashboard settings. Your data is always portable.
Pause or cancel without losing data. If you cancel your subscription, your data is preserved through the end of your billing cycle. You can reactivate without starting over.
Delete your account and all data permanently. Request complete deletion at any time. All data is purged within 90 days with no residual backups.
CCPA & GDPR compliance. We honor data deletion requests under CCPA and GDPR. Email admin@dashadvisr.com and we will process your request promptly.

Integrations

POS integration security

Connecting your POS or accounting tool is the most sensitive step. Here is exactly how we handle it.

🤝

OAuth 2.0 — we never see your password

Every integration (Square, QuickBooks, Toast, Clover, etc.) connects through OAuth 2.0. You authorize DashAdvisr directly on the provider's site. We never see, touch, or store your login credentials.

👁️

Read-only access by default

We request the minimum permissions needed: read access to transactions, sales, and scheduling data. We do not modify, create, or delete anything in your POS or accounting system.

🔄

Token refresh handled server-side

OAuth tokens are stored encrypted in Supabase Vault and refreshed automatically on the server. Tokens are never exposed to your browser or any client-side code.

⛓️‍💥

Disconnect anytime

Revoke DashAdvisr's access from your Settings page or directly from the provider's platform. The moment you disconnect, data syncing stops immediately.

Common Questions

Security FAQ

Is DashAdvisr SOC 2 certified?

DashAdvisr itself is a startup and does not hold a SOC 2 certification. However, our infrastructure providers do: Supabase maintains SOC 2 Type II compliance, AWS is SOC 2 certified, and Netlify operates on AWS-backed infrastructure. We inherit their security controls and add our own application-level protections (RLS, encryption, server-side key management).

What happens if there is a data breach?

In the unlikely event of a security incident, we will notify all affected accounts within 72 hours, provide a clear description of what data was involved, and offer guidance on protective steps. We comply with all applicable breach notification laws.

Do you have access to my POS login?

No. We use OAuth 2.0 for all POS and accounting integrations. You authorize DashAdvisr directly on the provider's website. We receive a scoped access token — never your username or password. You can revoke this token at any time.

Can DashAdvisr employees see my data?

Access to production data is restricted to a very small number of team members who need it for support or debugging, and all access is logged. We never browse customer data casually. Our RLS policies mean that even with database access, queries must be explicitly scoped to a specific account.

I have a specific security question not listed here.

Email admin@dashadvisr.com with the subject line "Security Question" and we will give you a direct, specific answer. No form letters.

Questions about security?

We believe in straight answers. Reach out and we'll respond within 24 hours.

Email us

Last updated: March 19, 2026. DashAdvisr is committed to protecting your data. For full legal details, see our Terms of Service and Privacy Policy. All third-party product names mentioned are the property of their respective owners.