Security

Last updated: 11 October 2025
Print / Download

Introduction

At TillPal, protecting your business and customer data is our highest priority. We understand that trust is essential when you rely on a platform to manage your daily operations, transactions, and analytics. This Security page explains the measures we take to safeguard your data and maintain the integrity of our systems.

Our approach to security combines industry best practices, strong encryption standards, and a local-first architecture that minimizes exposure by keeping your core business data stored securely on your device. All synchronization and communication with TillPal servers are protected by modern encryption and strict authentication controls.

Security is not a one-time setup, it's a continuous process. We perform ongoing monitoring, apply regular updates, and partner with trusted providers to ensure that every layer of TillPal's infrastructure meets modern security expectations.

This document outlines our technical and organizational safeguards and provides guidance on how you, as a user, can help keep your TillPal account and business data secure.

Infrastructure Security

TillPal’s infrastructure is built on secure, resilient, and enterprise-grade foundations. We rely on modern cloud architecture to ensure high availability, redundancy, and data protection across all environments.

  • Cloud Hosting: TillPal is hosted on trusted, industry-grade cloud providers with a proven record of reliability and compliance. These environments include built-in redundancy, physical access controls, and continuous security monitoring.
  • Network Protection: All network traffic is routed through secure firewalls and load balancers. Our architecture isolates services and databases to prevent unauthorized access between systems.
  • Data Backups: Automated daily backups protect against accidental data loss. Backup files are encrypted and stored in geographically separate regions for additional resilience.
  • High Availability: TillPal’s infrastructure is designed with fault tolerance and automatic recovery mechanisms to ensure continuous uptime, even during hardware or network disruptions.

Our commitment to infrastructure security ensures that your business data remains safe, available, and recoverable at all times, even under unexpected conditions.

Data Encryption

Encryption is at the core of TillPal’s data protection strategy. We use advanced encryption standards to safeguard your data both during transmission and while stored in our systems.

  • Encryption in Transit: All communication between your device and TillPal’s servers is secured using Transport Layer Security (TLS 1.2 or higher), preventing interception or tampering during transmission.
  • Encryption at Rest: Sensitive data stored on our servers, including backups, is encrypted using AES-256, a widely recognized encryption standard trusted by the security industry.
  • Credential Protection: User passwords and credentials are never stored in plaintext. All passwords are hashed and salted using strong, modern hashing algorithms before storage.
  • Key Management: Encryption keys are managed securely using controlled access policies and periodic key rotations to minimize exposure risk and ensure ongoing data confidentiality.

These encryption practices ensure that your sensitive business and customer data remains confidential and secure across all layers of the TillPal platform.

Authentication & Access Control

TillPal implements layered authentication and authorization mechanisms to ensure that only verified users and devices can access business data. Every action within the platform is controlled and logged for security accountability.

  • Secure Login: TillPal supports secure authentication methods such as hashed passwords, magic links, or OAuth-based sign-ins to verify user identity safely and reliably.
  • Role-Based Access: Access to TillPal data and features is governed by a role-based permission system, ensuring that users only see and perform actions authorized by their assigned roles within a business.
  • Device Authorization: TillPal restricts access to registered and verified devices. Each device must authenticate before syncing data, protecting your account from unauthorized entry.
  • Session Management: Sessions are automatically expired after periods of inactivity and protected through encrypted tokens to prevent unauthorized reuse or hijacking.

These measures work together to minimize unauthorized access risks and maintain the integrity of your TillPal account across all branches and user roles.

Local-First Model Security

TillPal’s local-first architecture is designed to keep your data close and secure on the device, while syncing changes through encrypted, authenticated channels when you’re online.

  • On-Device Storage: TillPal stores your core business data locally on the device using a secure SQLite database, reducing exposure to network risks and ensuring availability offline.
  • OS-Level Protection: Local data benefits from the device’s native security controls (disk encryption, secure enclaves, passcode/biometrics), which you should keep enabled for maximum protection.
  • Encrypted Sync: When online, data syncs through authenticated, encrypted channels (TLS 1.2+) with strict server-side access controls and per-tenant isolation.
  • Least Privilege: Only the minimum necessary data is synchronized to a device based on user roles and branch permissions, reducing unnecessary data exposure.
  • Integrity Offline: Write operations taken offline are queued and reconciled on reconnect with server-side validation to prevent tampering and maintain data consistency.
  • Lost or Stolen Devices: If a device is lost, revoke its access from the account or contact support. Device-level PIN/biometrics and OS encryption help protect locally stored data.
  • Backups: Online backups are encrypted at rest on our servers. Local device backups (if you enable them on your OS) may include TillPal data; secure them with strong credentials.

For best results, enable device encryption, use strong passcodes or biometrics, and promptly revoke access for any lost or decommissioned devices.

Monitoring & Incident Response

TillPal employs continuous monitoring and well-defined response protocols to detect and address potential threats swiftly. These practices ensure that your data and the platform remain secure and operational.

  • System Monitoring: TillPal continuously monitors infrastructure and application performance to detect irregularities, unauthorized access attempts, or potential vulnerabilities in real time.
  • Audit Logging: Comprehensive audit logs are maintained for administrative and data access events, allowing for traceability and accountability across systems.
  • Threat Detection: Automated security tools identify suspicious patterns such as repeated login failures or abnormal API activity, triggering immediate investigation or automated protective measures.
  • Incident Response: In the unlikely event of a security incident, TillPal’s response plan ensures rapid assessment, containment, and remediation to minimize impact.
  • User Notification: If an incident affects your data or account, you will be notified promptly with details of the event, the steps taken, and any recommended user actions.
  • Service Continuity: Failover mechanisms and backup recovery protocols ensure the continued availability of TillPal services during unexpected disruptions or maintenance events.

Our proactive monitoring and transparent communication process ensure that security incidents are handled efficiently while keeping users informed and protected at every stage.

Testing & Compliance

TillPal follows a proactive approach to identifying, mitigating, and preventing security vulnerabilities. Through continuous testing and compliance with industry best practices, we maintain a strong and reliable security posture.

  • Vulnerability Assessments: TillPal conducts regular internal security reviews and automated scans to identify and patch potential vulnerabilities before they can be exploited.
  • Penetration Testing: Periodic third-party penetration tests are performed on critical systems and APIs to validate the effectiveness of our security controls and identify areas for improvement.
  • Principle of Least Privilege: Access to systems, databases, and user data is restricted to authorized personnel only, based on role necessity. This minimizes exposure and reduces insider risk.
  • Data Minimization: TillPal collects and processes only the data necessary to deliver core features, maintaining compliance with privacy regulations such as the GDPR and data protection laws in Nigeria.
  • Policy Audits & Training: All TillPal employees and contractors undergo regular security awareness training, and internal policies are reviewed and audited periodically to ensure compliance and accountability.

These processes ensure that TillPal not only meets but continually improves upon modern security expectations and regulatory requirements.

Your Role in Security

Security is a shared responsibility. While TillPal implements strong technical and organizational safeguards, your habits and device practices also play a vital role in keeping your business data safe.

  • Use Strong Passwords: Choose complex, unique passwords that include letters, numbers, and symbols. Avoid reusing passwords across different platforms.
  • Enable Two-Factor Authentication: When available, enable two-factor or biometric authentication to add an extra layer of protection to your TillPal account.
  • Secure Your Devices: Keep your phone, tablet, or POS device locked when not in use. Always use device encryption, PINs, or biometric locks to protect locally stored data.
  • Keep Software Updated: Ensure your operating system and the TillPal app are kept up to date with the latest security patches and improvements.
  • Avoid Credential Sharing: Never share your login details or authentication links with others. Each user in your business should have their own TillPal account or assigned role.
  • Report Suspicious Activity: If you notice any unusual account behavior or suspect unauthorized access, contact security@tillpal.app immediately.

Following these best practices helps ensure that your TillPal account and business information remain secure and that unauthorized access is effectively prevented.

Security Contact

TillPal takes the security of our systems and your data seriously. We value the contributions of users, developers, and security researchers who help us maintain a secure and trustworthy platform.

  • Security Inquiries: If you have questions about TillPal’s security practices or policies, contact us at team@tillpal.app.
  • Incident Reporting: To report a potential vulnerability, security incident, or data breach, email us immediately at support@tillpal.app with as much detail as possible.
  • Responsible Disclosure: TillPal appreciates the efforts of ethical researchers who help improve our security. If you responsibly disclose a vulnerability, we will investigate promptly and keep you updated on our remediation steps.
  • General Contact: For non-security inquiries, please reach out to our team at team@tillpal.app or visit our Contact page for additional information.

We encourage anyone who identifies a potential issue to reach out promptly and responsibly. Our security team will review all reports and take appropriate action to maintain the integrity of TillPal’s systems.

Security | TillPal