Security

ACCESS BY
JOB.

Flagship POS uses distinct controls for the owner website, paired devices, and local cashier access — so one credential never does another layer’s work.

Owner account

Password-protected website access manages billing, business settings, and devices.

Signed device lease

Each paired register receives renewable, revocable access scoped to one business.

Local cashier PIN

Cashier access is managed on the register and is separate from the owner website password.

OPERATIONAL
SAFEGUARDS.

  • Device pairing codes are short-lived and single-use.
  • Device leases can be revoked from the owner account.
  • Business-scoped actions are checked against the signed-in owner.
  • Sensitive card and subscription changes remain in Stripe-hosted pages.
  • Administrative billing and device changes are audit logged.
Report

Security concern?

Do not include exploit details in a public post. Use the contact form, choose “Technical issue,” and clearly mark the message as a security report.

Contact security