Security Policy
Last updated: 12 May 2026
1.Introduction
Invastokk is committed to maintaining the security, integrity, and confidentiality of customer data.
This Security Policy outlines the measures we take to protect the Invastokk platform and customer information.
2.Infrastructure Security
We implement technical and organisational measures designed to protect the Service, including:
- Secure cloud infrastructure
- Encrypted connections using SSL/TLS
- Network monitoring
- Firewall protections
- Access controls
- Infrastructure isolation
3.Authentication and Access Controls
Access to the Service is protected through:
- Secure authentication systems
- Password hashing
- Session security controls
- Role based access permissions
- Restricted administrative access
Customers are responsible for:
- Protecting login credentials
- Managing user permissions
- Preventing unauthorised access within their organisation
4.Data Security
We implement measures designed to protect customer data including:
- Encryption in transit
- Access logging
- Organisational data separation
- Backup systems
- Monitoring and auditing
No system can guarantee absolute security.
5.Backups and Recovery
We maintain backup procedures designed to support:
- Disaster recovery
- Platform resilience
- Operational continuity
Backup schedules and retention periods may vary based on infrastructure requirements.
6.Monitoring and Incident Response
We monitor the Service for:
- Suspicious activity
- Security threats
- Platform abuse
- Operational issues
If a confirmed security incident affecting personal data occurs, we will respond in accordance with applicable legal obligations.
7.Third Party Services
The Service may integrate with third party providers including:
- Shopify
- WooCommerce
- Lightspeed
- EPOS Now
- Hosting providers
- Analytics providers
While we take reasonable steps to select reputable providers, Invastokk is not responsible for the security practices of third party services.
8.Customer Responsibilities
Customers are responsible for:
- Maintaining secure devices
- Managing internal access permissions
- Using strong passwords
- Protecting API credentials
- Reviewing user access regularly
9.Changes to This Policy
We may update this Security Policy periodically.
Updated versions will be published with a revised “Last updated” date.
10.Contact
- Invastokk
- admin@invastokk.com
