Trust & Security

Application data is hosted on managed Postgres infrastructure in Australia/Asia-Pacific regions. The web application is served from a global edge runtime. Backups are managed by our infrastructure provider.

All traffic between your browser and Barksuite is encrypted in transit with TLS. Database storage and backups are encrypted at rest by the hosting provider.

• Every salon's data is isolated by row-level security in the database.
• Client portal users can only see their own clients, pets and bookings.
• Booking, pet and client edits go through server-side validation; clients cannot mutate prices, statuses or salon assignment.
• Administrative database keys are stored as server-only secrets and never exposed to the browser.

Sign-in uses email/password or Google. Passwords are checked against the Have I Been Pwned database to block known-leaked credentials. Sessions are short-lived and refresh tokens rotate automatically.

Outbound SMS is sent via MessageMedia; inbound reply webhooks are scoped to a per-salon endpoint. Payment webhooks (Stripe) verify signatures before any write.

We process personal information (owner name, email, phone, pet details) only to operate the booking and reminder workflows you configure. You can request export or deletion of your salon's data at any time by contacting us.

If you believe you've found a vulnerability, please email security@barksuite.au with details and steps to reproduce. We aim to acknowledge reports within two business days.