Tangerine Star
tangerinestar.comReturn to app

Security overview

How Tangerine Star protects your data — isolation, least privilege, change management, and limiting the blast radius.

This page goes a level deeper than the security summary for merchants evaluating Tangerine Star for their shop.

Isolation between shops

Your data is fenced off from every other merchant at the database level — access rules are enforced by the data store itself, not just by application code. One shop cannot read or modify another's catalog, costs, or vendor relationships.

Least privilege

  • Sensitive credentials (database service keys, storage keys, payment keys) live server-side only and are never exposed to your browser.
  • Each system component gets the narrowest access it needs to do its job.
  • File access (documents, images) is granted through short-lived, signed URLs rather than open buckets.

Change management

Changes don't go straight to the system running your shop. They move through:

  1. Development — built and tested
  2. Staging — verified against realistic data
  3. A human sign-off
  4. Production

We also never alter live merchant data — counts, prices, scan targets — without care and explicit approval, because it could be a real, in-service item on your shelf.

Limiting the blast radius

We design so that a failure or compromise in one area stays contained. Isolation between shops, least-privilege access, and server-side secrets all exist so that the worst case stays small — not spread across your business or anyone else's.

Your data is portable

You can export your catalog whenever you want. We don't sell your data, and your business isn't locked in.

If something goes wrong

If an incident affects your data, we'll tell you plainly: what happened, what we did about it, and what it means for you. No spin.

Have a specific security question? Contact us — we'd rather answer directly.