TastySo Security Policy

Last Updated: [November 12, 2025]

At TastySo, the security of your personal data is a top priority. This policy outlines the technical and organizational measures we implement to protect your information across our website, mobile applications (Customer, Rider, Restaurant), and all related services.

1. Our Commitment to Security

We are committed to protecting our users' data from unauthorized access, alteration, disclosure, or destruction. We employ industry-standard security practices and continuously work to enhance our security measures to meet evolving threats.

2. Data in Transit

All data transmitted between your device (web browser or mobile app) and our servers is encrypted using Transport Layer Security (TLS), also known as HTTPS. This ensures that all your interactions, including browsing, ordering, and personal information entry, are private and secure from eavesdropping.

3. Data at Rest & Password Security

Password Hashing:
We never store your password in plain text. Your password is run through a strong, one-way cryptographic hashing algorithm (such as bcrypt) before it is stored in our database. This means that even in the unlikely event of a database breach, your actual password cannot be retrieved.

Database Security:
Our primary databases, hosted on Hostinger, are protected by robust security measures, including network firewalls and secure access protocols, to prevent unauthorized access.

4. Payment Security

Your financial security is critical.

• No Storage of Sensitive Data: TastySo does not store, process, or have access to your full credit/debit card numbers or digital wallet PINs on our servers.
• Trusted Gateways: All online payments are securely processed by our trusted, PCI-compliant third-party payment gateways, including SSLCommerz and bKash. Your payment information is sent directly to them over an encrypted channel.

5. Secure Infrastructure

Our platform is built on secure, enterprise-grade infrastructure.

• Hosting: Our core services are hosted on Hostinger, which provides a secure and reliable environment.
• Cloud Services: We leverage Firebase (a Google platform) for critical services like push notifications and analytics.
• Best Practices: Both Hostinger and Google (Firebase) maintain high standards of physical and network security, including firewalls, intrusion detection systems, and regular security audits to protect their infrastructure.

6. Internal Access Control

Access to your personal data within TastySo is strictly limited.

• Role-Based Access Control (RBAC): We employ RBAC to ensure that only authorized personnel can access your information, and only for the specific purpose required to do their job.
• Example: A customer support agent may have permission to view your order details and delivery address to resolve an issue, but they do not have access to your password or financial details.

7. Vulnerability Disclosure Program

We value the security community and believe that working with skilled researchers helps us keep our platform safe. If you are a security researcher and believe you have found a security vulnerability in our platform, we encourage you to notify us.

• How to Report: Please send a detailed report to security@tastyso.com.
• Our Promise: We will investigate all legitimate reports and do our best to fix the issue promptly. We ask that you give us a reasonable amount of time to remediate the issue before any public disclosure.

8. Your Security Responsibility

While we implement comprehensive security measures, security is a shared responsibility. We urge you to take the following steps to protect your account:

• Use a Strong Password: Create a password that is long, complex, and unique to your TastySo account.
• Keep it Secret: Never share your password with anyone.
• Log Out: Always log out of your account when using a shared or public computer.
• Report Suspicious Activity: If you believe your account has been compromised, please contact us immediately at support@tastyso.com.

9. Data Breach Response

In the unlikely event of a data breach that compromises your personal information, we will take immediate steps to contain the breach, investigate the cause, and mitigate the impact. We will notify affected users and relevant authorities as required by applicable law.

10. Policy Updates

We may update this Security Policy from time to time to reflect new threats or changes in our practices. We will post any changes on this page.

11. Contact Us

If you have any questions about this Security Policy or our security practices, please contact us at support@tastyso.com. For specific security vulnerabilities, please use security@tastyso.com.