Your shop data is your livelihood. We treat its security as our highest priority.
All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Database connections use SSL. API keys are hashed with bcrypt.
BayOS maintains SOC 2 Type II compliance, independently audited annually. Controls cover security, availability, and confidentiality.
Hosted on Vercel (frontend) and Supabase (database) with automated backups, point-in-time recovery, and multi-region redundancy.
Role-based access (Owner, Service Advisor, Technician, Accountant). Every action is logged in the audit trail. Session tokens expire after 30 days.
Payment processing is handled entirely by Stripe. BayOS never stores, processes, or transmits credit card numbers. Stripe is PCI DSS Level 1 certified.
Data is stored in US-based data centers by default. Enterprise customers can request specific data residency regions upon request.
We collect the information you provide when creating an account (name, email, shop details), customer and vehicle data you enter, and usage analytics to improve the product. We do not sell your data.
Your data powers BayOS features: repair orders, messaging, reports, etc. We use anonymized, aggregated analytics to improve the platform. We never share individual shop data with third parties.
Your data is yours. You can export everything at any time in standard formats (CSV, JSON). If you cancel, we retain your data for 90 days, then permanently delete it upon request.
We use Stripe (payments), Twilio (SMS/phone), Resend (email), and Supabase (database). Each service has its own privacy policy and security certifications. We only share the minimum data required for each integration to function.
For security concerns or privacy questions, email security@bayos.io. For data deletion requests, email privacy@bayos.io.
If you discover a security vulnerability, please report it to security@bayos.io. We take all reports seriously and will respond within 24 hours. We do not pursue legal action against researchers who report issues responsibly.