Your Data is Safe With Us
We protect your dispensary data with industry-leading security measures, encryption, and compliance certifications.
Security Features
Encryption
All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption. Passwords are hashed with bcrypt and salted. Database connections use SSL certificates.
Access Control
Role-based access control (RBAC) ensures employees only access data relevant to their role. POS PIN authentication, session timeouts, and audit logging provide additional layers of security.
Infrastructure Security
Our infrastructure is hosted on enterprise-grade cloud platforms with automated backups, redundant storage, DDoS protection, and 24/7 monitoring. All servers run in isolated environments with firewall rules.
Monitoring & Logging
Every API request, login attempt, and data access event is logged with timestamps and user context. Automated alerts detect suspicious activity including brute force attempts and unusual access patterns.
Compliance Certifications
SOC 2 Type II
Our platform meets SOC 2 requirements for security, availability, processing integrity, confidentiality, and privacy. Regular third-party audits verify our controls.
PCI DSS
Payment card data is handled in compliance with PCI DSS standards. We never store raw card numbers on our servers. All payment processing is handled through certified payment processors.
CCPA Compliance
We comply with the California Consumer Privacy Act. Users can request data access, deletion, and opt-out of data sharing. We do not sell personal information.
METRC Integration Security
METRC API credentials are encrypted at rest and never exposed in logs or error messages. All compliance reporting uses secure, authenticated API connections with the state system.
Data Protection Practices
- Automated daily backups with 90-day retention and point-in-time recovery.
- Multi-tenant data isolation at the database level using organization-scoped queries.
- Secure deletion procedures for customer data upon account closure.
- Regular penetration testing and vulnerability assessments by third-party security firms.
- Mandatory security training for all employees with access to production systems.
- Incident response plan with defined escalation procedures and communication protocols.
Incident Response
Response Plan
We maintain a documented incident response plan that includes detection, containment, eradication, recovery, and post-incident analysis. Our team is trained to respond to security events within minutes, with clear escalation procedures and communication protocols.
Vulnerability Reporting
If you discover a security vulnerability in our platform, please report it responsibly to security@weedhurry.com. We take all reports seriously, investigate promptly, and will credit researchers who help us improve our security posture.
Security you can trust
See how Weedhurry protects your dispensary data with a personalized platform walkthrough.
Book a meeting