Security
Your shop's data is the business. We treat it that way.
Customer lists, repair history, money, BenchKey holds the record of everything your shop does. Here is exactly how it is protected, in plain English, because "trust us" is not an answer a shop owner should accept.
One shop, one database
BenchKey gives every shop its own isolated database. Your tickets, customers, and money are structurally separated from everyone else’s, isolation is the architecture, not a query clause.
Card data never touches us
Payments run through Square and Affirm. Card numbers go from your customer to the processor, full stop, BenchKey stores the record of the payment, never the card. That keeps the highest-risk data in PCI-audited hands.
Sign-in handled by a dedicated auth provider
Authentication runs on Clerk, a provider whose entire business is login security: hardened session management, modern password handling, and multi-factor authentication support, instead of a homegrown login bolted to the side.
Roles that mean something
Admins see everything; techs see their work. Pricing, margins, reports, settings, and payroll live behind admin permissions enforced on the server, a curious counter login cannot wander into the books.
Signed links, not guessable URLs
Customer portal pages, estimate approvals, and tracking links all use long signed tokens. Expired, tampered, or cross-ticket links get rejected, and those rejections are part of our automated test suite.
Evidence-grade records
Activity on a ticket is recorded as it happens, and the case file export is hashed with SHA-256 at generation, so you can prove a document was not altered after the fact. Your records are built to stand up when it matters.
The everyday discipline
Security is a habit, not a page
BenchKey runs the real customers and real money of MDRepairs, the working data recovery company it was built inside, every single day. The protections below are not compliance theater; they are how we keep our own business safe, applied to yours.
Encrypted in transit
All traffic runs over HTTPS/TLS. The app, the portal, the widget, and the API speak nothing else.
Encrypted at rest
Data lives on encrypted cloud infrastructure in the United States, disks and backups included.
Daily backups, actually verified
Backups run automatically and are integrity-checked, a backup that does not restore is not a backup.
Rate limiting & abuse protection
Per-IP rate limits on sensitive endpoints, Cloudflare Turnstile bot-checks on public forms, honeypots on the widget, and an allowlist of domains permitted to embed it.
Webhook signature verification
Inbound events from phone and payment providers are HMAC-verified, forged events are dropped, not processed.
Hardened by routine audits
We run adversarial audits against our own product, tenant isolation probes, payment-flow audits, dependency scans, and ship the fixes before features. No outside firm has audited us yet; when one does, the report will be linked here.
Messaging compliance built in
STOP suppressions are automatic and permanent, marketing email carries one-click unsubscribe, and SMS consent is collected and recorded where rules require it.
Least-drama incident posture
Fail-closed defaults: when something is wrong, the system denies access rather than guessing. Boring is the goal.
Your customers feel it too
Security your customers can see
Trust is part of the product you sell. The portal your customers track repairs on uses private signed links, their approvals are recorded with signatures and timestamps, and the case file proves what happened on a repair, protections that quietly tell your customers they picked a professional shop.
- → Private, signed portal links per ticket
- → Approvals captured with name, signature, and timestamp
- → Payments through Square, the same processor they already trust
- → STOP always honored, instantly and permanently
Found something?
If you believe you have found a security issue in BenchKey, tell us directly and we will take it seriously, fast. Email support@benchkey.com with "security" in the subject line and enough detail to reproduce what you saw.
Please do not test against shops you do not own; a free trial gives you a tenant of your very own to poke at.
FAQ
Security questions
Is my shop data shared with other BenchKey customers?
No. Every shop runs in its own isolated database. There is no shared table where a query bug could leak one shop into another, isolation is structural, and every API request is gated by tenant before it touches data.
Does BenchKey store my customers’ card numbers?
No. Card payments are processed by Square (and financing by Affirm). Card numbers go directly to the processor and never touch or rest on BenchKey servers.
Is my data used to train AI models?
No. The AI assistant uses your data to answer you and configure your account, not to train models.
What happens if I leave BenchKey?
Your data is yours. Export your customers, tickets, and invoices yourself, and if you want the hosted copy gone after you cancel, email support and we delete it.
Are customer portal links guessable?
No. Portal and tracking links use long signed tokens. Tampered, expired, or cross-ticket links are rejected, we test those rejection paths the way other features test their happy paths.
How do staff permissions work?
Role-based access: admins see everything, techs see their work. Money, reports, settings, and other people’s pay sit behind admin permissions, enforced server-side, not just hidden in the interface.
Put your shop on BenchKey
Set up in an afternoon. Import your customers and tickets, build your check-in flow, and send your first live status link the same day.
Free 14-day trial · No credit card · Import from your old system
Founders pricing: the first 50 shops lock Pro at $59/mo for life · see pricing