DragBizz
Get Started
DragBizz

Product

Retail platform

POS, inventory, compliance and growth tools built for modern retailers.

SolutionsPricing

Company

Built for retailers

Our story, customer wins, and everything you need to learn, connect and get support.

Need help getting started?

Guides, FAQs and live support for your store setup.

Get Started — FreeLog In
Back to DragBizz
Trust & Safety

Security at DragBizz

How we protect your store's data — and your customers' data — from unauthorized access, loss, and misuse.

Last updated: March 2026

01.Core Security Measures

🔐

Encrypted in Transit & at Rest

All data transmitted to and from DragBizz is encrypted using TLS 1.3. All data stored on our servers is encrypted at rest using AES-256.

🔑

Authentication & Session Security

JWT-based session management with configurable timeout. Passwords are hashed using bcrypt with salt. We recommend enabling two-factor authentication (2FA).

🌐

Secure API Design

All DragBizz APIs use HTTPS-only endpoints. API keys are scoped with minimum-privilege defaults. Rate limiting and abuse detection protect against misuse.

🏗️

Infrastructure Security

DragBizz runs on cloud infrastructure in India. Production and development environments are fully isolated. Access to production systems is strictly role-gated.

🗄️

Data Isolation

Each retailer's data is logically isolated in our database layer. No retailer can access another retailer's inventory, customers, or financial records.

📋

Audit Logs

DragBizz maintains detailed audit logs of all sensitive actions within the platform — including logins, invoice modifications, and data exports.

02.Payment Security

DragBizz does not store, transmit, or process raw payment card data. All subscription payments and POS payment collections are handled by Razorpay, which is:

  • PCI-DSS Level 1 certified — the highest level of payment security compliance
  • RBI-licensed payment aggregator
  • Responsible for all card tokenisation and transaction security

03.Third-Party Integrations

DragBizz integrates with external services (WhatsApp, Amazon, Flipkart, Shiprocket, etc.). When you connect a third-party integration:

  • We store only the minimum access credentials required (e.g. API keys, OAuth tokens).
  • Credentials are encrypted and stored in our secrets management system.
  • You can disconnect and revoke any integration at any time from your dashboard.
  • We recommend rotating API keys periodically for maximum security.

04.Compliance Hub

DragBizz alignments with Indian regulations governing Digital Data and GST handling:

RegulationMethod
IT Act 2000Data processing complies with all provisions.
DPDPA (India)Aligns with Digital Personal Data Protection Act 2023.
GST ActGSTN-compliant IRN/E-way bill standardisation.
RBI GuidelinesComplies via Tier-1 payment partners like Razorpay.

05.Responsible Disclosure

We take vulnerability reports seriously. If you discover a security issue, please report it responsibily to our security team:

Security Reporting

security@dragbizz.io

Please include description, steps to reproduce, and impact. We acknowledge most reports within 48 hours.

Related Policies

Privacy PolicyTerms of ServiceCookie Policy

The Tech Query · Ahmedabad · India