BridalOp stores customer contact info, wedding details, order history, and payment records. We treat it like our own.
BridalOp never stores raw credit card numbers. All payment processing happens directly between your browser and Stripe or Square — both Level 1 PCI-DSS certified processors. We only ever see tokenized references and transaction metadata, which means your PCI scope stays small and your liability exposure stays minimal.
All traffic to BridalOp is encrypted in transit with TLS 1.2+. Customer data at rest is encrypted using industry-standard AES-256. Database backups are encrypted and stored in separate regions.
BridalOp ships role-based permissions out of the box. You decide which staff can access which parts of the system — sales, inventory, customer data, reports, settings. Every action is tracked in an audit log, and login sessions are invalidated when a user is deactivated.
We run automated daily backups of every boutique's data. Backups are retained for 30 days and stored in geographically separate infrastructure so a single-region failure can't take your data with it.
You own your customer data. You can export it, delete it, or take it with you if you leave. We honor GDPR and CCPA deletion and portability requests at any time, and we never sell or share customer data with third parties for advertising or marketing.
Found something? Email security@bridalop.com with a clear description of the issue. We respond to all security reports within one business day. Responsible disclosure is appreciated and rewarded.