Security Whitepaper

LineSmart PH security architecture, controls, privacy practices, and security roadmap.

Executive Summary

LineSmart PH is a cloud-based booking, queue management, reservation, and customer engagement platform. LineSmart is committed to protecting customer and merchant information through secure software development, access controls, encryption, audit logging, backup practices, and privacy-focused operations.

Company Information

  • Platform Name: LineSmart PH
  • Website: linesmart.booqph.com / booqph.com
  • Operator: Vinculum Technologies Corporation
  • Platform Type: Booking, queue management, reservation, and customer engagement platform

Security Principles

  • Confidentiality: data is accessible only to authorized users.
  • Integrity: data is protected from unauthorized modification.
  • Availability: services are designed for reliable access and recovery.
  • Privacy: personal information is collected and processed for legitimate business purposes.
  • Least Privilege: users receive only access required for their role.

Infrastructure Overview

Current platform components use Replit Cloud Infrastructure, PostgreSQL, React, TypeScript, Vite, Node.js, Express.js, and Drizzle ORM. Future architecture may include AWS EC2, AWS RDS PostgreSQL, AWS S3, AWS CloudFront, AWS WAF, AWS Backup, and AWS CloudWatch.

Data Security

LineSmart protects data in transit using HTTPS/TLS. Passwords are hashed and sensitive authentication-related values are handled securely. Access to data is governed by user roles and server-side authorization checks.

Authentication and Access Control

LineSmart separates permissions for customers, merchant owners, merchant staff, and platform administrators. Administrative access is restricted to authorized personnel only.

Audit Logging

LineSmart records important platform actions such as logins, booking changes, queue actions, subscription changes, and administrative actions to support investigations and compliance readiness.

Application Security

Security practices include source control, controlled deployment workflows, dependency review, input validation, authorization validation, and secure coding practices.

API Security

APIs are protected through authentication, server-side authorization, input validation, and abuse-prevention controls where applicable.

Privacy and Compliance

LineSmart is designed to support Philippine Data Privacy Act readiness and GDPR-aligned privacy practices. LineSmart does not currently claim SOC 2 Type II, ISO 27001, HIPAA, or CCPA certification.

Backup and Disaster Recovery

LineSmart maintains backup and recovery procedures to support business continuity. Target recovery objectives may evolve as the platform migrates to AWS and introduces advanced monitoring and backup controls.

Third-Party Services

LineSmart may use trusted service providers for hosting, database storage, email delivery, payment processing, analytics, map/calendar integrations, and support operations.

Payment Security

LineSmart does not intend to store customer credit card information directly. Payment processing is performed through authorized third-party payment providers such as QRPH or payment gateways where enabled.

Incident Response

LineSmart maintains procedures for security incident detection, investigation, containment, remediation, and notification when required by applicable law or contractual commitments.

Security Roadmap

  • Phase 1: Trust Center, Security Whitepaper, Privacy Policy, Data Retention Policy, Subprocessor List.
  • Phase 2: AWS migration, enhanced monitoring, advanced backup controls, public status page.
  • Phase 3: penetration testing, vendor risk management, ISO 27001 readiness.
  • Phase 4: SOC 2 Type II readiness and enterprise compliance program.

Contact

Security: hello@booqph.com
Privacy: hello@booqph.com
Support: support@booqph.com