Your data, your control.

Daily encrypted backups

Every night at 02:30 IST we automatically dump your database and tar your uploaded photos. Backups are kept for 30 days. If anything ever goes wrong, we can restore your tenant in under an hour.

Per-tenant data isolation

Every boutique is its own isolated tenant. Your customers, orders, photos and finances are never visible to any other boutique on the platform — enforced at the database query layer on every API call.

HTTPS everywhere · TLS 1.3

Every page and every API call goes over HTTPS with HSTS preload. No data ever travels to or from our servers in plain text — including from your tailor's phone on a 4G connection.

Bcrypt password hashing

Passwords are hashed with bcrypt (cost 10) before they're stored. Even our own database administrators cannot read your password — we'd have to reset it, not look it up.

Login + upload rate limiting

We limit login attempts (10 per user, 20 per IP per 10 minutes) and image uploads (60 per tenant per 10 minutes). Brute-force attacks against your account are blocked at the perimeter.

Strict file-type validation

Uploaded images are checked twice — by their declared MIME type AND by inspecting the actual file bytes (magic numbers). Disguised executables are rejected before they're ever written to disk.

Hosted in DigitalOcean Bangalore

Your data lives on Indian soil in DigitalOcean's BLR1 datacenter — no cross-border data transfer concerns. Server is hardened with HSTS, X-Frame-Options, CSP and regular OS patches.

Your data, exportable any time

Owners can export customers, orders, payments and reports as CSV from inside the app. If you ever leave us, you take everything with you — no hostage situation.

30-day money-back guarantee

If SmartBoutique doesn't fit your boutique in the first 30 days, we refund your subscription in full — no questions, no paperwork. We'd rather you leave happy than stay frustrated.