How It Works Why TabSettle Integrations Pricing FAQ Free Pilot Get Started
Trust & Security

Security

Protecting your data isn't a feature — it's the foundation everything else is built on. Here's how we keep payments safe for restaurants and diners.

We never see your card number

When a diner pays through TabSettle, their payment credentials go directly to Stripe — a PCI DSS Level 1 certified payment processor (the highest level of security in the payments industry). Card numbers, CVVs, and bank details are entered into Stripe's secure payment fields and never touch our servers. We receive only a confirmation token, the last four digits, and the card brand. Your card details never touch our servers.

Everything is encrypted

All data transmitted between your device and our servers is protected with TLS 1.2+ encryption. All data stored in our systems is encrypted at rest with AES-256 encryption. There are no exceptions.

Restaurant data is isolated

Each restaurant's data is separated at the database level using row-level security policies. Restaurant A cannot see Restaurant B's transactions, menus, or analytics — period. This isn't application logic that can be bypassed; it's enforced at the database layer.

Our infrastructure partners

TabSettle doesn't hold SOC 2 or ISO 27001 certification itself — instead, we build on trusted, audited infrastructure from partners who do:

Provider Role Certifications
Stripe Payment processing PCI DSS Level 1, SOC 2, ISO 27001
Supabase Database & authentication SOC 2 Type II
Railway Application hosting SOC 2 Type II
Twilio SMS receipts SOC 2, ISO 27001
Sentry Error monitoring SOC 2 Type II

What we collect (and what we don't)

We collect

Transaction records (items, amounts, tips), device/browser type for fraud prevention, and your email or phone number only if you ask for a receipt.

We don't collect

Full card numbers, CVVs, bank account details, precise GPS location, or any biometric data. We don't sell or share your personal information for advertising.

For full details, see our Privacy Policy.

Vulnerability management

We run automated dependency scanning on every code change, review security-sensitive code before deployment, and conduct independent penetration testing annually. Critical vulnerabilities are patched within 24 hours.

Responsible disclosure

If you've found a security vulnerability, we want to hear about it. Please email security@tabsettle.com with details. We ask that you give us reasonable time to address the issue before public disclosure and avoid accessing other users' data during your research.

Questions?

Reach out to security@tabsettle.com — we respond to every inquiry.

TabSettle, Inc. · Delaware C-Corp · Last updated February 2026

Start your free pilot

30 days, one location, up to 20 tables. We handle setup. No credit card required.

30
days free
$0
to start
20
tables

Tell us about your restaurant

We'll reach out within one business day to get your pilot scheduled.

We'll be in touch!

A TabSettle team member will reach out shortly to get your pilot started.