Security & compliance
For IT, CISO, and procurement teams evaluating DrinkLync. Specifics on data handling, authentication, infrastructure, compliance posture, and incident response. Need something not covered? security@drinklync.com.
Where is customer + venue data stored?
All data lives in AWS us-east-1, owned by DrinkLync's primary AWS organization. Operational state is held in S3 (drinklync-production-app-state, AES-256 at rest, versioning enabled) and a DynamoDB suite for high-throughput records. Backups go to a separate cross-region bucket on a daily schedule. No customer data leaves AWS to a third-party warehouse without an explicit data-processing agreement.
What customer data do you store, and for how long?
We store: customer phone or email (for receipt + order-status SMS/email), order history, payment-method handles (Stripe customer ID — no PAN), and optional thumbs/stars feedback. Phone numbers are stored masked client-side and via Apple/Google private-relay tokens when the customer chose that option. Default retention is 24 months active + 36 months archived; an operator can shorten that contractually. Per-customer export and deletion are available via /api/customer/data-export and /api/customer/data-delete.
Do you sell customer data, share it with advertisers, or train AI on it?
No. We do not sell customer or operator data. We do not share it with advertisers or marketing networks. We do not train third-party AI models on identifiable customer data. The Lync in-app assistant uses anonymized aggregates — never per-customer identifiers — when invoking Amazon Bedrock for operator-side insights.
Can each venue's data be isolated from others?
Yes by default. Every row in our data layer carries a venue_id. Operator + manager + bartender + gatekeeper accounts can only see their own venue's data (enforced by the assertVenueStaffAccess helper at every API boundary). Owners with multi-venue access see a federated portfolio view. No customer order from venue A is visible to venue B.
How do staff authenticate?
Amazon Cognito (us-east-1_wv0NugdWl) with group-scoped roles: CUSTOMER, BARTENDER, GATEKEEPER, MANAGER, OWNER, ADMIN. Manager+ logins require email/password + MFA (TOTP). Bartenders and gatekeepers sign in to the iPad kiosk with a 6-digit numeric PIN backed by per-user Cognito secret hashes. Demo creds for partners evaluating the platform live in AWS Secrets Manager (drinklync/demo/staff-creds) and are rotated regularly.
How do you protect against PIN brute-forcing?
Per-PIN attempts are counted via a DynamoDB fixed-window rate-limiter (lib/rate-limit.ts). After 5 failures within 60 seconds, the device is locked for 5 minutes. Server-side audit log records every failure with device id + IP. PINs are never logged in cleartext.
What about API tokens for integrations?
Operators with multi-system needs receive scoped JWT tokens with explicit allow-listed endpoints + an expiry under 24 hours. Refresh requires an MFA step. Rotation is one-click in the operator dashboard.
What infrastructure do you run on?
AWS us-east-1: Amplify Hosting (Next.js SSR Lambda), Cognito, DynamoDB, S3, Bedrock for AI, AppSync for realtime, CloudFront + WAF in front of every public endpoint. WAF rules include an anonymous-block on protected paths and a managed rate-limit. CloudFormation IaC defines all of it (infra/cloudformation/).
Is the application TLS-only?
Yes. CloudFront enforces TLS 1.2+ on the production custom domain (app.drinklync.com). ACM-issued certs, rotated automatically. No mixed-content or HTTP fallback. HSTS preload-eligible.
What is your uptime + monitoring posture?
Public health endpoint at /api/status. CloudWatch alarms on 5xx rate, p99 latency, GSI-fallback for cost regressions, and per-service error rate. Slack + PagerDuty wired through OpsAlarmTopic. Public status page at /status surfaces current operational state. Target uptime is 99.9% rolling 30 days.
Are you SOC 2 certified?
SOC 2 Type II is in progress for FY2026. The control framework is implemented (CloudTrail, IAM least-privilege, encryption-at-rest, audit logs on all admin actions, vendor risk reviews), with formal audit scheduled with an AICPA-registered firm. Letters of confidence available under NDA for enterprise prospects.
Are you PCI compliant?
We are PCI-DSS SAQ A. We do not store or transmit card numbers — Stripe handles the entire payment flow via Stripe Elements + Stripe Connect Express for operator payouts. The only payment artifact in our database is the Stripe customer + paymentMethod handle. AOC available on request.
How do you handle GDPR / CCPA requests?
Customer export: /api/customer/data-export returns a portable JSON of all data tied to that account. Customer deletion: /api/customer/data-delete erases per-customer rows (and tombstones aggregate metrics so we don't re-emit them). For operators we serve subject-rights requests at help@drinklync.com with a 30-day SLA — typical turnaround is 7 days.
Where can I get a Data Processing Agreement (DPA)?
Standard DPA available on request from jacob@drinklync.com. We sign DPAs with all enterprise + multi-venue + stadium prospects before go-live. Sub-processor list (AWS, Stripe, Bedrock, SES) included in the DPA appendix.
What is your incident response process?
On-call rotation paged on every Sev-1 (5xx > 2% for 5 min, AppSync mass-disconnect, or auth bypass alarm). Internal runbook drives incident commander → comms → root-cause within a 24-hour window. Sev-1 customer notifications go through the public /status page within 30 minutes; per-operator email follows when impact > 5 minutes.
How do you disclose security incidents?
Per our DPA: written notice within 72 hours of a confirmed breach affecting customer data. Public disclosure follows responsible-disclosure norms — coordinated with affected operators first. Bug-bounty inbox is security@drinklync.com (signed PGP key fingerprint shared on request).
I think I found a vulnerability. How do I report it?
Email security@drinklync.com with reproduction steps. We acknowledge within 24 hours, target a fix within 7 days for high-severity, and credit the reporter publicly (or anonymously, your call) once the fix ships.
Need a DPA, AOC, or SOC 2 letter of confidence?
Email jacob@drinklync.com and we'll send what you need under NDA. Typical turnaround is 24 hours during the work week.