Security

Security for real workforce operations.

StoreSync handles day-to-day workforce data such as rotas, time and attendance, time off, timesheets, payslips, employee records and support requests. The product is designed around authenticated access, organisation separation, scoped permissions and extra care for sensitive staff records.

Ask a security question Read the Security Policy

Access control

Access follows how the business is actually run.

StoreSync is built for real site-based teams. Access can be shaped around organisations, roles, modules, primary sites, assigned sites, store groups and departments so managers only get the access they need.

That matters because workforce tools often contain more sensitive data than they first appear to: staff details, time records, pay documents, contact information, permissions, support tickets and business admin.

Authenticated app access

Users sign in before accessing organisation workspaces and app records.

Organisation separation

Customer workspaces are separated so users should only see organisations they belong to.

Scoped permissions

Module permissions can be limited by role, site, group, department or organisation scope.

Sensitive-page checks

Higher-risk areas can use additional password re-confirmation where appropriate.

Data protection

Controls for practical workforce data.

StoreSync combines technical safeguards with clear customer responsibilities.

Staff and employment records Roles, departments, sites, emergency contacts and employee admin are protected by account and permission checks.

Rotas, attendance and timesheets Operational time records are kept inside the organisation workspace and should only be accessed for legitimate work purposes.

Payslips and billing Pay and subscription areas are treated as higher-risk areas, with access restricted to appropriate users.

Operational security

Security is not just one feature.

StoreSync’s security approach covers product design, access checks, supplier choices, backups, account hygiene and incident handling.

View policy details

Payments

Subscription payments are handled through payment providers such as Stripe. StoreSync does not need to store full card numbers for billing.

Suppliers

Hosting, email, analytics, payment and support suppliers are selected and managed to support the service appropriately.

Backups

Backup and recovery processes support resilience, while customers should still keep legally required business records where needed.

Disclosure

Suspected vulnerabilities should be reported privately to security@storesync.uk.

Need the formal policy?

The Security Policy explains customer responsibilities, responsible disclosure, incident handling and the limits of this security overview.

Open Security Policy Email security