Security Policy
Last Updated: November 14, 2025
1. Introduction
At RaspberryPints, we take the security of your data and our services very seriously. This Security Policy outlines our commitment to protecting your information and the measures we implement to ensure the security, integrity, and availability of our services.
By using our services, you acknowledge and agree to the practices described in this Security Policy.
2. Our Security Commitment
We are committed to:
- Protecting the confidentiality, integrity, and availability of your data
- Implementing and maintaining appropriate technical, organizational, and physical safeguards
- Continuously monitoring and improving our security practices
- Responding promptly to security incidents
- Complying with applicable laws and regulations
- Providing transparency about our security practices
3. Data Security Measures
We employ multiple layers of security controls to protect our systems and your data:
3.1 Data Encryption
We use industry-standard encryption technologies to protect data both in transit and at rest:
- All data transmitted between your devices and our services is protected using TLS (Transport Layer Security) encryption
- Sensitive data stored in our databases is encrypted using AES-256 encryption
- We securely store encryption keys separate from the encrypted data
3.2 Infrastructure Security
Our infrastructure is designed with security in mind:
- We host our services on secure, trusted cloud infrastructure providers that maintain SOC 2, ISO 27001, and other relevant certifications
- We implement network security controls, including firewalls, intrusion detection systems, and network segmentation
- We regularly apply security patches and updates to our systems
- We employ redundant systems and data backups to ensure availability
3.3 Access Controls
We implement strict access controls to limit who can access our systems and your data:
- Employee access to systems and data follows the principle of least privilege
- We require multi-factor authentication for all staff accessing internal systems
- We maintain detailed access logs and regularly review them for suspicious activity
- We implement formal processes for granting, changing, and revoking access
3.4 Physical Security
We ensure physical security for our operations:
- Our office locations maintain physical access controls
- Our data centers employ 24/7 security personnel, video surveillance, intrusion detection, and multi-factor access authentication
- We maintain environmental controls to protect against fires, floods, and power outages
4. Application Security
We develop and maintain our software with security as a priority:
- We follow secure coding practices and conduct security training for our development team
- We perform regular automated and manual security testing, including static code analysis and dynamic application security testing
- We conduct periodic penetration testing by independent security experts
- We have implemented a secure software development lifecycle (SDLC) that includes security reviews
4.1 Brewery Management Software
Our brewery management software includes the following security features:
- Role-based access control with customizable permissions
- Secure multi-tenant architecture that prevents data leakage between brewery accounts
- Audit logging of critical actions for transparency and accountability
- Timeout and automatic logout features
4.2 FlowBox Hardware Security
Our FlowBox hardware includes security measures:
- Secure boot process to verify firmware integrity
- Encrypted communication between hardware devices and cloud services
- Signed firmware updates to prevent unauthorized modifications
- Hardware-level authentication mechanisms
4.3 Mobile Application Security
Our mobile applications incorporate security features:
- App data encryption for sensitive information
- Secure authentication implementation
- Certificate pinning to prevent man-in-the-middle attacks
- Secure local storage practices
5. Authentication and Password Security
We implement strong authentication mechanisms:
- We enforce strong password requirements
- We support multi-factor authentication for account access
- We securely hash passwords using bcrypt with appropriate work factors
- We implement account lockout policies to prevent brute force attacks
- We provide secure password reset mechanisms
We recommend that you:
- Use strong, unique passwords for your RaspberryPints account
- Enable multi-factor authentication when available
- Never share your account credentials
- Log out from shared devices
- Update your password regularly
6. Monitoring and Incident Response
We actively monitor our systems and have procedures in place to respond to security incidents:
- We maintain real-time monitoring systems to detect and alert on suspicious activities
- We have a documented incident response plan that is regularly tested
- We have established a dedicated security team to respond to incidents
- We conduct post-incident reviews to improve our security measures
In the event of a security incident that affects your data, we will:
- Promptly investigate and contain the incident
- Notify affected users in accordance with applicable laws and regulations
- Provide relevant information and recommended actions
- Cooperate with law enforcement if necessary
7. Third-Party Security
We carefully select and monitor our third-party service providers:
- We assess the security practices of our vendors before engagement
- We require our vendors to maintain appropriate security measures
- We regularly review our vendors' security and compliance posture
- We limit vendor access to only the data necessary to provide their services
8. Compliance
We adhere to applicable industry standards and regulations:
- We maintain a compliance program that includes regular assessments
- We conduct periodic internal and external audits
- We implement security controls aligned with industry frameworks such as NIST Cybersecurity Framework and CIS Controls
- We comply with relevant data protection regulations, including GDPR and CCPA as applicable
9. Security Awareness and Training
We foster a security-aware culture:
- All employees receive security awareness training during onboarding and regularly thereafter
- We conduct phishing simulations and other security exercises
- We share security updates and best practices with our team
- We encourage reporting of security concerns
10. Your Role in Security
While we implement strong security measures, you also play an important role in security:
- Keep your account credentials secure
- Maintain up-to-date software and operating systems on devices you use to access our services
- Be vigilant about phishing attempts and suspicious communications
- Report suspected security issues promptly
- Use secure networks when accessing our services
- Follow our recommended security practices
11. Security Vulnerability Reporting
We appreciate the assistance of security researchers and the broader community in maintaining high security standards:
- If you discover a potential security vulnerability, please report it to security@raspberrypints.com
- Provide sufficient information to reproduce and validate the issue
- Allow reasonable time for us to investigate and address the issue
- Do not disclose the vulnerability publicly before we have had a chance to address it
We commit to:
- Acknowledging receipt of your vulnerability report in a timely manner
- Providing updates on our progress in addressing reported vulnerabilities
- Giving credit to security researchers who responsibly disclose vulnerabilities, if desired
- Not pursuing legal action against researchers who follow responsible disclosure principles
12. Changes to This Security Policy
We may update this Security Policy from time to time. The date at the top of this policy indicates when it was last revised. We will notify you of any material changes through our website or by other means.
13. Contact Us
If you have any questions or concerns regarding this Security Policy or our security practices, please contact us at:
RaspberryPints
Email: security@raspberrypints.com
