Security

Your Data Is Safe With Us

Pet care facilities trust Barklytic with sensitive information โ€” pet health records, medication schedules, owner contact details, and business financials. We take that trust seriously and have built security into every layer of the platform from day one.

AES-256 Encryption at Rest
TLS 1.3 in Transit
Row-Level Security
SOC 2 Infrastructure
OWASP Compliant

Security by Layer

Authentication & Access Control

  • โœ“Role-based access control (RBAC) โ€” staff only see what they need
  • โœ“Session-based auth with secure, HTTP-only cookies
  • โœ“Multi-location isolation โ€” locations cannot access each other's data
  • โœ“Org-level scoping enforced on every API call
  • โœ“Inactive session timeout with automatic sign-out

Data Protection

  • โœ“All data encrypted at rest using AES-256
  • โœ“All data encrypted in transit via TLS 1.3
  • โœ“Row-level security (RLS) policies on all database tables
  • โœ“Sensitive pet health and medication data handled with elevated access controls
  • โœ“Payment data never stored โ€” processed via PCI-compliant providers

Infrastructure Security

  • โœ“Hosted on SOC 2 Type II compliant cloud infrastructure
  • โœ“Automated backups with point-in-time recovery
  • โœ“Geographic redundancy for high availability
  • โœ“Automated vulnerability scanning and dependency auditing
  • โœ“Infrastructure-as-code with version-controlled configuration

Monitoring & Incident Response

  • โœ“24/7 automated anomaly detection and alerting
  • โœ“Comprehensive audit logs for all data access and modifications
  • โœ“Defined incident response procedures with SLA targets
  • โœ“Security events logged and reviewed regularly
  • โœ“Rate limiting and abuse prevention on all public endpoints

Application Security

  • โœ“Input validation and sanitization throughout
  • โœ“Protection against OWASP Top 10 vulnerabilities
  • โœ“CSRF protection on all state-changing operations
  • โœ“Content Security Policy (CSP) headers enforced
  • โœ“Regular code reviews with security focus

Responsible AI

  • โœ“Scout AI operates only on your facility's own data
  • โœ“No cross-tenant data sharing for AI model inference
  • โœ“AI recommendations are advisory โ€” humans remain in control
  • โœ“AI usage is auditable and transparent within your account
  • โœ“No customer data used to train external models

Your Data, Your Rules

We believe facilities should have full control and visibility into how their data is handled.

You own your data

Your facility data belongs to you. We are custodians, not owners. You can export or delete your data at any time.

No data selling

We do not sell, rent, or share your data with third parties for advertising or commercial purposes.

Minimal data collection

We collect only what's necessary to operate the platform. No telemetry beyond what you explicitly enable.

Transparent sub-processors

We maintain a list of third-party services that process your data on our behalf and their security posture.

Responsible Disclosure

If you believe you've found a security vulnerability in Barklytic, we want to hear from you. Please report it to us directly โ€” we will acknowledge your report within 24 hours, investigate promptly, and keep you informed of our progress.

security@barklytic.io โ†’

Security questions or concerns?

We're happy to discuss our security posture in depth โ€” including providing documentation for compliance reviews or enterprise due diligence.

Contact Our Security Team