Disclaimer: This white paper provides an overview of Dinlr's security and privacy practices, which are subject to change without notice. Any descriptions of future plans may be modified or delayed at Dinlr's sole discretion. This document is for informational purposes only and does not constitute legal advice, nor should it be viewed as part of any contractual terms or agreements.
Dinlr is committed to transforming the restaurant industry through innovative solutions that enhance operational efficiency and customer experiences. We prioritize the highest standards of security and data protection to ensure our customers can trust us with their sensitive information. By leveraging advanced technology and stringent security measures, we empower restaurants to focus on what they do best—delivering exceptional service.
To achieve high availability and resiliency, our service is hosted on Amazon Web Services (AWS) infrastructure in the Singapore (SG) region. According to the AWS Shared Responsibility Model, AWS manages the security of the cloud computing infrastructure, while Dinlr is responsible for securing the software and data that reside within this environment.
Dinlr’s network architecture follows AWS best practices, including the separation of public and private subnets. We utilize multiple CDN providers, including Cloudflare and Amazon, to defend against DDoS and brute-force attacks. Rate limiting is configured at both the edge and application levels to further enhance security.
Load balancers are situated in the public subnet, while internal components, such as web application servers and databases, reside in the private subnet and are not assigned public IP addresses. Firewalls are deployed throughout the network to enforce IP whitelisting and restrict access to permitted ports. Security Group rules are configured to allow access only from designated ports.
Access to production assets is granted based on roles and adheres to the principles of need-to-know and least privilege. Administrative privileges are limited to our Infrastructure Team, a small group of skilled engineers. All access to Dinlr servers requires the use of our VPN for added security.
File storage is hosted on AWS Simple Storage Service (S3), which is used for storing attachments and database backups. Attachments include any files uploaded by customers to the Dinlr service. We provide an automated malware detection service for user-uploaded files to ensure that no infected files are introduced into the system. Additionally, we maintain a blacklist of prohibited file extensions, which includes potentially dangerous types such as executables and HTML files. By blocking these file types, we significantly reduce the risk of malware infections.
Dinlr performs daily backups of data, distributing encrypted backups across multiple AWS Availability Zones to ensure data integrity and availability.
We utilize a microservices architecture to minimize the impact on system health in the event of component failures. The Dinlr service is fully containerized, enabling a highly scalable infrastructure that meets increasing customer demands while ensuring a quality user experience. We continuously monitor performance metrics across all infrastructure components and hold quarterly reviews with infrastructure engineers and management to ensure our roadmap meets the needs of our growing customer base.
Dinlr authenticates user accounts using credentials (passwords) to ensure secure access.
We provide customizable permissions that allow you to control who can perform specific actions on your account, enabling you to restrict data viewing or editing as needed.
Dinlr supports integrations with various software solutions to facilitate customized workflows. These integrations are optional, and an authorization request will be prompted in the Backoffice when connecting with external software. By granting access, you allow these solutions to read, write, or delete data associated with your account, including but not limited to orders, items, reservations, and other relevant information.
Dinlr enables users to effortlessly export and import data in various formats, including CSV and PDF, ensuring smooth data management and integration with other systems as needed.
Dinlr adopts the OWASP Top 10 methodology to strengthen security throughout our secure software development lifecycle (S-SDLC).
Most POS software relies on outdated Windows systems or open-source Android systems, making them surprisingly vulnerable to cybercriminals. Even a seemingly innocuous piece of junk mail can quickly infect not just a single POS terminal, but the entire network.
While no operating system is completely hacker-proof, Apple’s iOS, iPadOS, tvOS, and macOS come impressively close, which is why we exclusively use these platforms. Here are four key security features that set them apart:
By using iOS, iPadOS, tvOS, and macOS, we ensure a robust and secure environment for our systems, protecting our business and our customers from potential threats.
Dinlr considers all data submitted by customers to our service as a "black box," meaning we process this data solely on the customer's behalf. Consequently, customer data is generally not accessed for service operations, and we handle all submitted information with the utmost sensitivity and confidentiality. Access to customer data at Dinlr is restricted in accordance with our Terms of Service or the relevant agreement with the customer, evaluated on a case-by-case basis.
Dinlr will retain your information for as long as necessary to fulfill the purposes outlined in our Privacy Policy. Data processed on behalf of our customers will be retained according to our Terms of Service, Data Processing Addendum, and other commercial agreements.
Dinlr customers maintain full control over their submitted data and can modify, export, or delete it at any time using the service's user interface. Upon termination or expiration of their subscription, customers can request data deletion as part of the account closure process. Customer data will be deleted within 90 days of the request, including a 30-day rollback period followed by an additional 60 days to complete the deletion.
Alternatively, customers may choose to retain their data on the platform, in which case we may continue to keep it but reserve the right to delete it at our discretion.
Dinlr collects and monitors network logs, including traffic logs. We utilize application-level logging for event tracing and auditing, as well as system-level logging to audit access and high-privilege operations. These logs are continuously monitored 24/7 to ensure security and compliance.
Dinlr’s Privacy Policy outlines our privacy and data processing practices concerning personal data that we process for our own purposes as a data controller. You can find the policy at our Privacy Policy.
Dinlr does not allow government authorities unwarranted access to any customer data in our possession. We have never received requests from authorities, whether in Singapore or elsewhere, to disclose customer data. In the unlikely event that such requests occur, they would be carefully reviewed by our Legal and Privacy teams to ensure they are valid and justified. Any disclosure would be limited to the data strictly necessary under the law.
We make commercially reasonable efforts to notify our customers before any such disclosure, unless prohibited or unable to do so due to potential risks. Additionally, we are committed to resisting, to the extent permitted by applicable laws, any requests for bulk surveillance of personal data.
This white paper has provided an overview of Dinlr's approach to security and privacy. Given the complexity of these topics, you may have additional questions.
If you require further clarification regarding Dinlr’s information security or privacy practices, you can contact us at [email protected].
If you want to report a security concern or vulnerability, please email us at [email protected].