Trust is an operational practice.

• Tenant-scoped records use business identifiers throughout application flows.
• Privileged database writes use server-only credentials that are never shipped to browsers.
• Secrets are stored in deployment environment configuration, not committed to source control.
• Customer verification uses one-time codes and recognized-device continuity.
• Production traffic is expected to use encrypted HTTPS connections.

RepeatOS collects information needed to provide identity, ordering, loyalty, and analytics. It does not require an app download, continuous location access, contact-book access, or unrelated personal data.

Merchants are responsible for protecting dashboard credentials, restricting access to authorized staff, maintaining accurate menu information, and promptly reporting suspected compromise. RepeatOS is responsible for platform infrastructure and application controls.

RepeatOS is an evolving MVP. Dashboard passwords use one-way bcrypt hashing, and database access policies will continue to be tightened as merchant self-service expands.

Please send a clear description, affected URL, reproduction steps, and potential impact to the security address. Do not access or alter data that does not belong to you, and do not publicly disclose an issue before we have had a reasonable opportunity to respond.