Security shouldn’t be a marketing page.
Here’s how GridMagik actually handles your data, your payments, and your customers’ information. If your security team needs more detail, ask — we’d rather have the conversation than wave a logo at you.
The actual architecture.
No checklist of badges — the real choices that protect your venue and your customers.
Encryption in transit and at rest
TLS for every request. Encryption at rest on the database and on backups. Standard cloud-provider key management.
Payments via Stripe
Card data never touches GridMagik infrastructure. Stripe handles tokenization, vaulting, and PCI scope. Refunds and receipts stay unified in your GridMagik ledger.
Cloud-hosted, managed
Hosted on a major cloud provider. Daily database backups. Application code lives in version control with reviewed deploys.
Roles and permissions
Per-staff roles. Granular permissions for who can take payments, issue refunds, change schedules, or pull reports. Owner-only controls for billing and integrations.
Incident response
If something breaks, we tell you. Status updates, root cause once we have it, and a fix. We’re a small team — you’ll talk to a human, not a queue.
Data access logging
Sensitive admin actions are logged. If you need an export of activity for a compliance review, ask.
Plain-language controls.
Got a security questionnaire? Send it over — we’ll answer it directly rather than point you at a 40-page PDF.
Send us your questionnaire- Secret management
No secrets in code. Credentials stored in the cloud provider’s secrets manager. Access tied to environment, not to people.
- Authentication
Email + password with hashed credentials. SSO available on request for larger teams.
- Code & dependencies
All changes go through code review and automated dependency scanning before merging. Deploys flow from version control, not from laptops.
- Infrastructure
Hosted on a major cloud provider. Network isolation between environments. Default-deny security groups.
- Backups
Daily database backups with multi-day retention. Restore process is tested before you need it.
Found something? Tell us.
If you discover a vulnerability, please report it to support@hyprdev.co. We’ll respond, work the fix with you, and credit you if you’d like. Good-faith research is welcome.