Eatro

Log In
Book a Demo

Tech Security Policy

At Eatro Tech FZ-LLC, security isn’t a feature; it’s the foundation of our platform. We are committed to protecting our Merchants’ data, operational integrity, and their customers’ privacy using industry-leading practices and robust infrastructure.

Infrastructure and Cloud Security (Powered by AWS)

Eatro Tech FZ-LLC’s entire platform and data are hosted within Amazon Web Services (AWS), leveraging their globally recognized security and compliance framework.

  • World-Class Data Centers: Our infrastructure benefits from the security provided by AWS data centers, which are protected by extensive physical security controls, surveillance, and redundancy.
  • Regional Isolation: We host our services in secure AWS Regions, allowing for isolation and compliance with regional data residency requirements where applicable.
  • Compliance Inheritance: We inherit the core security controls, certifications, and standards of AWS (including SOC 2, ISO 27001, and more), meaning the underlying cloud infrastructure meets stringent global security benchmarks.
  • Scalable Defense: AWS security services (like Security Hub, GuardDuty, and Shield) provide real-time threat detection, continuous monitoring, and scalable protection against DDoS attacks.

Application and Network Security

We maintain security controls at every layer of the Eatro Tech FZ-LLC application and network architecture.

1. Data Encryption

All sensitive data, including customer records, payment tokens, and operational logs, is protected:

  • Encryption In Transit (TLS/SSL): All communication between our Merchants, their customers, Eatro Tech FZ-LLC’s servers, and integrated partners is secured using Transport Layer Security (TLS 1.2 or higher), ensuring data is encrypted during transmission.
  • Encryption At Rest (AES-256): All data stored in our databases and file storage (AWS S3, RDS) is encrypted using industry-standard AES-256 encryption keys.

2. Access Control

Access to the Eatro Tech FZ-LLC platform and internal systems is strictly managed:

  • Least Privilege: Access rights are granted only on a need-to-know basis (the principle of Least Privilege).
  • Strong Authentication: We enforce strong, complex passwords and encourage (or mandate for internal staff) Multi-Factor Authentication (MFA) for all administrative and operational access points.
  • Role-Based Access Control (RBAC): Merchant dashboard access is restricted based on defined user roles (e.g., Owner, Manager, Staff) to ensure employees only see the data and functions necessary for their job.

3. Network Security

  • Firewalls and VPCs: We use AWS Virtual Private Clouds (VPCs) and strict network security groups to logically isolate our systems from the public internet. Access is restricted only to necessary ports and protocols.
  • API Security: All integrated APIs (for POS, Delivery Partners) are secured using OAuth 2.0 or robust API keys and rate-limiting to prevent abuse

Operational Security and Development

Security is integrated into our daily operations and development lifecycle.

  • Vulnerability Management: We utilize automated tools and conduct regular vulnerability scanning and penetration testing of our applications and infrastructure to proactively identify and patch potential weaknesses.
  • Secure Development Lifecycle (SDL): Security reviews are a mandatory part of our software development process (DevSecOps) before any code is deployed to production.
  • Incident Response: We maintain a formal Security Incident Response Plan (SIRP). In the event of an incident, we have clear protocols for detection, containment, eradication, and recovery, with timely notification to affected parties as required by law (e.g., UAE PDPL).

Data Privacy and Compliance

We treat data privacy as a critical component of security, adhering to best practices and regional laws.

  • UAE PDPL Alignment: Our platform and policies are designed to align with the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL).
  • Data Controller / Processor: We clearly define our role as the Data Processor for End Customer data, meaning the Merchant retains ownership and control (Data Controller). Our systems and processes support the Merchant’s
  • Zero Commission, Full Data Ownership: We guarantee that End Customer data collected via your branded Eatro Tech FZ-LLC channels will never be sold or used by Eatro Tech FZ-LLC for our own marketing purposes.

Need to Know More?

For technical questions or to report a potential security vulnerability, please contact our security team:

Email: legal@eatrotech.com