Security by Design: PawnSight is built local-first, meaning your sensitive customer data never leaves your shop unless you explicitly enable encrypted backups. This architecture is inherently more secure than cloud-only competitors who store everything on their servers.
Local-First Architecture
Your Data, Your Control: Unlike cloud-only pawn shop software, PawnSight runs entirely on your shop's computers. Customer information, transaction records, and sensitive business data stay on your premises where you control access.
How It Works
- All data is stored in SQLite databases on your local machines
- Software operates fully offline - no internet required for daily operations
- You choose what data (if any) gets backed up to the cloud
- Even then, backups are encrypted before transmission with keys only you control
Security Advantages
- No risk of large-scale data breaches affecting thousands of shops
- Hackers can't access your data by compromising a cloud provider
- You maintain physical control of your most sensitive information
- Compliance is simpler when data doesn't cross jurisdictional boundaries
Encryption and Data Protection
AES-256-GCM Encryption
When you enable cloud backups, your data is protected with military-grade encryption:
- AES-256-GCM encryption applied before data leaves your computer
- Unique encryption keys generated locally and never transmitted
- We cannot decrypt your backups even if legally compelled
- Perfect forward secrecy - old data remains protected even if current keys are compromised
Data at Rest
Local data protection includes:
- SQLite database files with built-in integrity checking
- File system encryption recommendations for your operating system
- Secure deletion of temporary files and cache
- Regular automated backups to prevent data loss
Access Control and Authentication
PIN-Based Authentication
Multi-layered access control for your shop:
- Individual PIN codes for each employee
- Role-based permissions (manager, employee, read-only)
- Automatic session timeouts to prevent unauthorized access
- Audit logs showing who accessed what and when
Role-Based Access Control
Granular permissions system:
- Managers can access all functions including reports and settings
- Employees can process transactions but not change sensitive settings
- Read-only accounts for accountants or auditors
- Custom permission sets for special roles
No Plain-Text Credentials
PawnSight never stores passwords or sensitive authentication data in plain text:
- PIN codes are hashed using bcrypt with salt
- Session tokens are cryptographically secure and expire automatically
- API keys (when available) use standard JWT tokens
- Database connections use encrypted channels where supported
Data Export and Portability
Complete Data Control
Your data security includes the right to leave:
- Export all data in standard formats (CSV, JSON, PDF)
- Include all transaction history, customer records, and photos
- No vendor lock-in - take your data to any system
- Secure deletion from our systems when you cancel
Payment Security
Stripe PCI Compliance
Payment processing security through industry leaders:
- Stripe Connect handles all payment card data
- PCI DSS Level 1 certification from Stripe
- Tokenization prevents card data storage on your systems
- 3D Secure and fraud detection included
- Direct settlement to your business bank account
Payment Data Flow
PawnSight never sees or stores your customers' payment information:
- Card data goes directly to Stripe's secure servers
- We receive only transaction success/failure notifications
- Refunds and disputes are handled through Stripe's systems
- Your business receives funds directly from Stripe
Infrastructure Security
Website and API Security
Our web presence is protected by:
- Cloudflare DDoS protection and Web Application Firewall
- TLS 1.3 encryption for all web traffic
- Certificate transparency monitoring
- Regular security scans and vulnerability assessments
Cloud Infrastructure
For optional cloud backups and services:
- SOC 2 Type II certified data centers
- Multi-region redundancy for availability
- Encrypted storage and transmission at all times
- Regular security audits and penetration testing
Software Security
Secure Development Practices
- Regular security code reviews
- Dependency scanning for known vulnerabilities
- Static analysis security testing (SAST)
- Regular updates with security patches
Update Security
- Cryptographically signed software updates
- Automatic security patch installation
- Version rollback capabilities if issues arise
- Clear communication about security updates
Responsible Security Disclosure
If you discover a security vulnerability in PawnSight, we want to know about it so we can fix it quickly and responsibly.
How to Report
- Email: [email protected]
- Include detailed steps to reproduce the issue
- Provide your contact information for follow-up
- Give us reasonable time to address the issue before public disclosure
Our Commitment
- Acknowledge receipt within 24 hours
- Provide regular updates on our investigation
- Credit security researchers (if desired) when we fix issues
- Fix verified vulnerabilities as quickly as possible
Why Local-First is More Secure
Reduced Attack Surface
Cloud-only competitors create massive targets for hackers:
- One successful breach can expose thousands of businesses
- Centralized data storage creates high-value targets
- Your data is only as secure as their weakest security measure
PawnSight's Distributed Security Model
Our approach distributes risk and puts you in control:
- Each shop's data is isolated and under their physical control
- Breaching one installation doesn't affect others
- You can implement additional security measures at your premises
- No single point of failure for the entire user base
Security Best Practices
To maximize your security with PawnSight, we recommend:
Physical Security
- Secure your computers in locked areas when not in use
- Use screen locks and automatic logouts
- Control physical access to your shop's computers
- Regular backups to secure, offline storage
Network Security
- Use secure Wi-Fi with WPA3 encryption
- Keep your operating system and antivirus software updated
- Consider a dedicated computer for PawnSight if processing sensitive data
- Use a firewall to control network access
Staff Security
- Train employees on security best practices
- Use unique PIN codes for each staff member
- Remove access for former employees immediately
- Regular security awareness training
Security Questions?
If you have questions about PawnSight's security features or need help securing your installation:
General Questions: [email protected]
Security Issues: [email protected]
Company: PawnSight LLC (pending)
Location: California, USA
Last updated: February 2026