Admin

Security

Track XpressChef’s responsibilities for PII, PCI-safe payment handling, staff roles, audit logs, and data protection.

Admin Home

Access roles

5

Audit events

148

Protected data

PII

Card handling

Stripe

Compliance Notes

PII protection

Protect names, emails, phone numbers, addresses, dietary notes, allergies, and support messages.

PCI DSS approach

Use Stripe for card handling and store only safe payment references in XpressChef.

Role-based access

Owner, admin, kitchen, delivery, and support roles see only what they need.

Audit logging

Track sensitive changes to staff roles, refunds, credits, customer records, and menu data.

API keys

Keep Stripe, Clerk, Convex, email, and SMS keys in secure environment variables.

Data requests

Prepare export and deletion workflows for customer data requests.

Policies

Publish privacy policy, terms, refund policy, and staff handling rules.