Your Data, Protected
Bank-level security protects every transaction, client record, and business report in your salon.
PCI-Compliant Payments
Every card transaction processed through Tilavon meets PCI DSS Level 1 standards via our Helcim integration. Card data never touches your salon hardware.
- PCI DSS Level 1 certified payment processing
- Tokenized card storage — raw card numbers never stored
- End-to-end encrypted transactions from terminal to processor
PCI-Compliant Payments
AES-256 Encryption
All data is encrypted at rest with AES-256 and in transit with TLS 1.3. Your client records, financial data, and business reports are unreadable to anyone without authorization.
- AES-256 encryption for all data at rest
- TLS 1.3 encryption for all data in transit
- Encrypted database backups and file storage
AES-256 Encryption
Daily Backups & 99.9% Uptime
Your data is backed up daily to geographically redundant servers. Our infrastructure is designed for 99.9% uptime so your salon never skips a beat.
- Automated daily backups to redundant data centers
- 99.9% uptime SLA with real-time monitoring
- Point-in-time recovery for disaster scenarios
Daily Backups & 99.9% Uptime
Role-Based Access Controls
Define exactly what each staff member can see and do. Owners, managers, and technicians each get appropriate access levels with full audit logging.
- Granular role-based permissions per staff member
- Manager approval required for voids and refunds
- Complete audit log of every action and login
Role-Based Access Controls
Your Data Belongs to You
You own your data. Export your complete client database, transaction history, and reports at any time. No data hostage situations, no export fees.
- Full data export available anytime in CSV format
- No lock-in — take your data if you leave
- Free migration assistance to import your existing data
Your Data Belongs to You
SOC 2 Readiness
Tilavon is built on SOC 2-aligned infrastructure with security controls that meet enterprise audit requirements. We follow industry best practices for data handling.
- SOC 2-aligned security controls and processes
- Regular security assessments and penetration testing
- Incident response plan with documented procedures
SOC 2 Readiness
Security Questions
Yes. Tilavon processes all card payments through Helcim, which is PCI DSS Level 1 certified — the highest level of payment security. Card data is tokenized and never stored on your salon hardware or our servers. Every transaction is encrypted end-to-end.
Your data is stored in secure, SOC 2-compliant data centers in the United States. All data is encrypted at rest with AES-256 encryption and backed up daily to geographically redundant servers for disaster recovery.
Your data belongs to you. Before canceling, you can export your complete client database, transaction history, and reports in CSV format at no charge. After cancellation, your data is retained for 30 days in case you change your mind, then permanently deleted.
Yes. Tilavon includes granular role-based access controls. You can define exactly what each staff member can see and do — from viewing client records to processing refunds. Manager approval PINs are required for sensitive operations like voids and refunds.
While nail salons are not typically subject to HIPAA requirements, Tilavon follows data protection best practices that align with HIPAA principles. Client health information like allergies and sensitivities is encrypted and access-controlled. We recommend consulting a compliance professional for specific regulatory requirements.