Core Custodian was engineered security-first — not built fast and secured later. The assumption is always: this data is sensitive, protect it by design, then verify the protections actually hold. Security features weren't just built; they were adversarially tested to confirm they can't be bypassed.
The six things that matter to you
Whatever your store count, every account is protected by the same design.
Many operators use the platform, but the architecture makes it impossible for one operator's data to reach another's — a hard structural rule, with a deliberate safeguard that prevents onboarding in any way that could weaken it. Your books, leases, and equipment are yours alone.
Access is scoped by role — a store employee sees their store, a supervisor their assigned stores, you and your admins everything. And it fails safe: a misconfigured account gets nothing, never accidentally everything.
Disable an employee and their access is genuinely severed — credentials scrubbed, sessions ended, no lingering "ghost" access. Bring them back and they get fresh credentials, not old ones revived.
Deletion is a record-preserving, audited transition — you keep a full history and audit trail while archived items cleanly leave active views. Every significant action is logged: who, when, and from where.
Passwords, tokens, and reset links are prevented from ever ending up in system logs — one of the most common ways data leaks happen. The safeguards fail safe: when in doubt, hide it.
When multiple people act at once, the system is engineered so operations can't corrupt each other or leave your data in a broken state. That reliability is what makes your numbers trustworthy.
Accessing your account
Two-factor authentication is required, and inactive sessions time out and require re-authentication — with tighter limits on the higher-privilege roles that can see financials. The in-store scan station uses a store-scoped PIN that re-authenticates on idle, so an unattended device can't be misused. These controls are aligned to NIST authentication guidance.