Security

Built to keep your shop's data safe.

Encryption, audited access, SOC 2 Type II, and a responsible disclosure programme. Your business runs through us. We take that seriously.

Encryption

TLS 1.3 in transit. AES-256 at rest. Backups encrypted with separate keys. Per-tenant data isolation enforced at the database row level.

Access control

Role based access (owner, sales, designer, production, finance). SSO and SCIM on Enterprise. MFA for every staff account that touches production data.

Audit logs

Every record change writes to an append-only activity log. Logs are immutable for 7 years and exportable as CSV any time.

SOC 2 Type II

Audited yearly by a Big Four firm. Report available under NDA. Type II in progress; Type I complete.

Backups

Continuous WAL replication. Point-in-time recovery to any second within the last 35 days. Disaster recovery drills run quarterly.

Hosting

AWS, Sydney (ap-southeast-2) by default. US East and Frankfurt available on Enterprise. ISO 27001, SOC 1/2/3, PCI DSS certified data centres.

Responsible disclosure

Found something? Tell us.

If you've found a security vulnerability in the Printer's Friend platform, please email security@printersfriend.com. We respond within 24 hours and won't pursue legal action against good-faith researchers.

Don't test against customer workspaces. Use the sandbox at sandbox.printersfriend.com.
Don't pivot, exfiltrate or destroy data. Stop at proof of vulnerability.
Don't publicly disclose until we've shipped a fix or 90 days have passed.
Bounties paid in USD: critical $5,000, high $2,000, medium $500, low $100.

We use cookies to make Printer's Friend work. Essential cookies keep the site running. With your consent, we also use analytics and marketing cookies to understand which pages help print shops and which fall flat. See our cookies policy.